Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 41 Source: Kernel-Power

The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding crashed or lost power unexpectedly.
From a support forum: "In my case, this problem started after adding additional memory to my computer. Even though I ran all the memory tests against the RAM (such as memtest86+ and Windows Memory Diagnostic) with no issues, the problem would still persist. In the end, I had to adjust the RAM timing in order to stabilize the system, even though the additional memory was matching of the types supported by the manufacturer."
ME2028504 provides information about this event being recorded in 3 different situations:
1. The computer restarts, and there is a Stop error BugcheckCode in the event data - The suggested troubleshooting approach is to find the Stop error code and lookup the information for that type of error. See EV100536 (How to Debug Kernel Mode Blue Screen Crashes (for beginners)).
2. The computer is shut down by pressing and holding the power button - The suggestion is to read ME974476.
3. The system randomly restarts and no Stop error BugcheckCode is listed, or the computer is completely unresponsive (hard hang) - The problem may occur due to various hardware-related problems. You may get more information by disabling the automatic restart (see the article for how to do that).
This error has become rather widespread among the users of Windows 7 64-bit. It often occurs in connection to the usage of Intel's C-State-Technology. There are a couple of other reasons though, such as bad drivers and/or faulty hardware. I also experienced this type of error due to manual overclocking of the system. If this error occurs on a regular basis you should try setting any overclock-related settings back to normal aswell as disabling the C-State-Technology. If that doesnt help you should run hardware tests in order to make sure it's not because of faulty hardware, especially RAM. If the hardware seems to be in a healthy state start removing unneccesary devices, especially wireless network adapters, to see if the problem persists and possibly isolate the responsible device. Unfortunately many wireless devices come with pretty bad drivers for Windows 7 x64, if you can even get them to work at all. In general I dare say from my experience with various machines that in the vast majority of all the cases in which this error occurs, overclocking/c-state and/or bad devices drivers are the reason, only in few cases it's actually because of defective hardware or an unsufficient power supply unit.
This event is simply recording the fact that the system was shut down ungracefully. It does not provide information on the source of the problem, but just the fact there is a problem. When this is happening there is a risk of data loss (the information still in the memory cache, that was not flushed to the hard disk). In most cases this indicates a serious problem with the operating system such as corrupted operating system files, faulty memory modules, faulty hardware drivers.

At the very least, the following steps should be performed:
1. Shut down the system, unplug it from power and wait at least 10 seconds.
2. Turn on the system, run a checkdsk against all the drives in order to identify and correct hard disk errors (this may or may not fix the problem, it depends on the nature of the corrupted files - if ay)
3. Run an antivirus and scan the whole system (it may take a while but it's a good thing to do anyway).
4. Run the Windows Update to install all the latests service pack and hotfixes applicable to that system.
5. If new hardware has been installed, disconnect it and try to obtain the latest drivers for it
6. Backup all the important data - you may not get many more chances to do that

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.