Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
The reason supplied by user <user name> for the last unexpected shutdown of this computer is: <error description>
Reason Code: <error code>
Bug ID: <bug id>
Bugcheck String: <string>
|English: This information is only available to subscribers. An example of English, please!|
Bugcheck 0x00000027 - As per ME952185, on a Windows 2003 Server, this problem can occur because of a synchronization issue in the Redirected Driver Buffering SubSystem (Rdbss.sys) driver. When this issue occurs, the Rdbss.sys driver tries to free a structure that was already freed. A hotfix is available. See the article for more details.
Error: System Failure, reason code: 0x805000f, comment: 0x00000024 - This problem occurs because the NTFS driver incorrectly locks the resource when the NTFS driver tries to access the resource. See ME937455 for a hotfix applicable to Microsoft Windows Server 2003.
As per Microsoft: "This event refers to the failure indicated by the previous EventLog 6008 event. The User32 1076 event is written when the first user with shutdown privileges logs on to the computer after an unexpected restart or shutdown and supplies a reason for the occurrence. An unexpected restart or shutdown is one that the system cannot anticipate, such as when the user pushes the computer's reset button or unplugs the power cord". See MSW2KDB for more details.
Error: System Failure, reason code: 0x805000f, comment: 0x0000000a - Insight Manager is not posting any errors related to hardware failures, assuming here this is software/driver related.
Error: System Failure, reason code: 0x805000f, comment: 0x0000007f - Some newsgroup posts suggest that Error code 0x805000f might be generated by when some applications/drivers installed on that system are not fully compatible with the operating system. For example, installing certain applications on Small Business Server may cause this even though on a Windows 2000 server they are running fine.
Other newsgroup posts point to hardware problems. Make sure that the latest firmware/drivers/service packs are installed for both Windows and the applications running on that computer. See also the link for Error code 0x0000007f.
Error: Stop error, reason code: 0x000000c5, comment: 0x0000007f - no info
Error: Other (Unplanned), reason code: 0xa000000 - This event refers to the failure indicated by the previous EventLog 6008 event. The User32 1076 event is written when the first user with shutdown privileges logs on to the computer after an unexpected restart or shutdown and supplies a reason for the occurrence. An unexpected restart or shutdown is one that the system cannot anticipate, such as when the user pushes the computer''s reset button or unplugs the power cord.
A member of the Administrators security group can also log the reason for a remote computer's unexpected restart or shutdown using the Shutdown.exe tool. If many remote computers are unexpectedly shut down, as in the case of a power outage, Shutdown.exe provides a way for the administrator to remotely log the same shutdown reason on all the affected computers.
The User32 1076 event is written to the system log only when the Shutdown Event Tracker group policy setting is enabled or not configured on a computer running a Windows Server 2003 operating system. For more information about Shutdown Event Tracker group policy settings, see Help and Support.
No user action is required.
|Private comment: Subscribers only. See example of private comment|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (2) - More links...|
|Custom search for *****: Google - Bing - Microsoft - Yahoo|
Send comments or solutions
- Notify me when updated