WinServer2012重启trouble shooting

最新推荐文章于 2023-10-21 21:09:23 发布

MoYummy

最新推荐文章于 2023-10-21 21:09:23 发布

阅读量3.1k

点赞数

分类专栏：杂文章标签： windows

本文链接：https://blog.csdn.net/moyummy/article/details/52484643

版权

杂专栏收录该内容

16 篇文章 0 订阅

订阅专栏

调出Control Panel -> Administrative Tools -> Event Viewer -> Windows Logs -> System

找到一条Kernel-Power 的 Information

Log Name:      System
Source:        Microsoft-Windows-Kernel-Power
Date:          9/8/2016 6:33:33 PM
Event ID:      109
Task Category: (103)
Level:         Information
Keywords:      (4)
User:          N/A
Computer:      Moyummy-PC.moyummy.com
Description:
The kernel power manager has initiated a shutdown transition.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331C3B3A-2005-44C2-AC5E-77220C37D6B4}" />
    <EventID>109</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>103</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000004</Keywords>
    <TimeCreated SystemTime="2016-09-09T01:33:33.475225900Z" />
    <EventRecordID>7911</EventRecordID>
    <Correlation />
    <Execution ProcessID="440" ThreadID="444" />
    <Channel>System</Channel>
    <Computer>Moyummy-PC.moyummy.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="ShutdownActionType">5</Data>
    <Data Name="ShutdownEventCode">0</Data>
    <Data Name="ShutdownReason">0</Data>
  </EventData>
</Event>

然后看之前发生什么（一般是几分钟以内），比如又找到一条

Log Name:      System
Source:        User32
Date:          9/8/2016 6:32:50 PM
Event ID:      1074
Task Category: None
Level:         Information
Keywords:      Classic
User:          SYSTEM
Computer:      Moyummy-PC.moyummy.com
Description:
The process C:\Windows\system32\svchost.exe (Moyummy-PC) has initiated the restart of computer Moyummy-PC on behalf of user NT AUTHORITY\SYSTEM for the following reason: Operating System: Recovery (Planned)
 Reason Code: 0x80020002
 Shutdown Type: restart
 Comment: 
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="User32" Guid="{b0aa8734-56f7-41cc-b2f4-de228e98b946}" EventSourceName="User32" />
    <EventID Qualifiers="32768">1074</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2016-09-09T01:32:50.637157400Z" />
    <EventRecordID>7868</EventRecordID>
    <Correlation />
    <Execution ProcessID="384" ThreadID="1504" />
    <Channel>System</Channel>
    <Computer>Moyummy-PC.moyummy.com</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="param1">C:\Windows\system32\svchost.exe (Moyummy-PC)</Data>
    <Data Name="param2">Moyummy-PC</Data>
    <Data Name="param3">Operating System: Recovery (Planned)</Data>
    <Data Name="param4">0x80020002</Data>
    <Data Name="param5">restart</Data>
    <Data Name="param6">
    </Data>
    <Data Name="param7">NT AUTHORITY\SYSTEM</Data>
  </EventData>
</Event>

以及这条

Log Name:      System
Source:        Microsoft-Windows-WindowsUpdateClient
Date:          9/8/2016 6:24:52 PM
Event ID:      22
Task Category: Automatic Updates
Level:         Information
Keywords:      Reboot
User:          SYSTEM
Computer:      Moyummy-PC.moyummy.com
Description:
Restart Required: To complete the installation of the following updates, the computer will be restarted within 15 minutes: 
- Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2966825)
- Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64 based Systems (KB2769166)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WindowsUpdateClient" Guid="{945A8954-C147-4ACD-923F-40C45405A658}" />
    <EventID>22</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>2</Task>
    <Opcode>15</Opcode>
    <Keywords>0x8000000000000040</Keywords>
    <TimeCreated SystemTime="2016-09-09T01:24:52.462797700Z" />
    <EventRecordID>7864</EventRecordID>
    <Correlation ActivityID="{FAE8FD5A-0816-0001-8C18-EBFA1608D201}" />
    <Execution ProcessID="948" ThreadID="2908" />
    <Channel>System</Channel>
    <Computer>Moyummy-PC.moyummy.com</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="restarttime">15</Data>
    <Data Name="updatelist">
- Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2966825)
- Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64 based Systems (KB2769166)</Data>
  </EventData>
</Event>

现在知道，这次是系统更新自动触发的重启

MoYummy

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
WinServer2012重启trouble shooting

调出Event Viewer -> Windows Logs -> System找到一条Kernel-Power 的 InformationLog Name: SystemSource: Microsoft-Windows-Kernel-PowerDate: 9/8/2016 6:33:33 PMEvent ID: 109Task Cate
复制链接

扫一扫

专栏目录