Microsoft created a dialog box for us to record a reason why a Windows Server was shutdown or rebooted. If you have no reason for collecting this information, here are two methods for removing this interruption to the shutdown procedure.
Topics for Windows Server 2012 Shutdown Event Tracker
- Group Policy to Disable Shutdown Event Tracker
- Registry Method to Disable Event Tracker in Windows Server 2012
- Troubleshooting Shutdown Event Tracker
If you have a test Windows Server 2012 machine, then you may wish to set the Shutdown Event Tracker policy to: ‘Disabled’. This is the same technique as previous versions of Windows Server.
For production networks, especially with several administrators, then it’s best to leave the Shutdown Event Tracker policy as ‘Not configured, or set the radio button to ‘Enabled’.
Who knows, if you have to troubleshoot why a server is unexpectedly rebooting, then you may become a convert to this dialog box.
The precise procedure to disable the Server 2012 Shutdown Event Tracker depends on these variables:
- Are you in a Domain? If so, configure via the GPMC.
- Be aware that Domain Controllers have their own Group Policy.
- Do you want to alter the Domain policy, or are all your servers in their own OU? In which case you could set the tracker policy at the OU level for your SQL or Exchange servers.
- Is it a standalone machine? Perhaps a test computer in a workgroup? If so, call for Gpedit.msc (and not the GPMC).
Group Policy path to Disable Shutdown Event Tracker:
Note 1: 'Display Shutdown Event Tracker' is in the root of the System folder. See screen shot to the right.
Note 2: Check the logic: if you want to get rid of the dialog box, then select ‘Disabled’ (for Display Shutdown Event Tracker). To restore the default then check the ‘Enabled’ box.
Disabled Tracker for Servers Only, or Workstations
In a domain you have a separate option dialog box within this Group Policy, this drop-down box gives you three choices, see screenshot to the right.
A popular selection is for ‘Servers only’ to receive the Shutdown Event Tracker dialog box. Although the alternatives would not be popular with the users, you could set the policy so that it affects just Workstations; perhaps the crucial use for this setting would be in troubleshooting.
Your precise settings depend on your Group Policy philosophy, do you set policies just at the Domain level? Alternatively, do you fine-tune for computers in the OU’s? I know of several Windows administrators who create OU’s just for their computer accounts.
SolarWinds’ Network Performance Monitor will help you discover what’s happening on your network. This utility will also guide you through troubleshooting; the dashboard will indicate whether the root cause is a broken link, faulty equipment or resource overload.
Perhaps the NPM’s best feature is the way it suggests solutions to network problems. Its second best feature is the ability to monitor the health of individual VMware virtual machines. If you are interested in troubleshooting, and creating network maps, then I recommend that you give this Network Performance Monitor a try.
If you are trying to understand what caused a server to shut down while you weren’t there, then call for the Event Viewer. Specifically, select the Windows Logs, System log. To narrow down the search I suggest you filter the Source for User32, or the Event ID for 1074. Example event:
The process C:\Windows\Explorer.EXE (WIN12) has initiated the power off of computer WIN12
On behalf of user WIN12\Psycho for the following reason: Other (Planned)
Reason Code: 0x85000000
Shutdown Type: power off
Note: The user who powered off the computer was WIN12\Psycho!
More Clues for Troubleshooting Shutdown
- There are other Shutdown types, Restart, or Shutdown.
- Other process could be responsible, for example, Windows\system32\wbem\wmiprvse.exe.
- The time (not shown here) provides crucial information, for example precisely 3:00am every day, could indicate that a scheduled task was the root cause of the restart.
It is possible to manipulate the Event Tracker box via the registry. Indeed, this is a fun method and useful in troubleshooting why the setting is not working. It helps me to compare the Group Policy Enabled / Disabled settings (above), with the registry changes (below) – just remember to refresh the registry by pressing F5.
Launch regedit.exe, best to ‘Run as administrator’. Expand the HKEY_Local_Machine section, and drill-down to:
0 = Disable (No Tracker)
1 = Enable
0 = Disable (When disabled with Group Policy, this setting disappeared)
1 = Enable
The settings take effect immediately, thus you don’t have to Sign out – Sign in.
LEM will alert you to problems such as when a key application on a particular server is unavailable. It can also detect when services have stopped, or if there is a network latency problem. Perhaps this log and event management tool’s most interesting ability is to take corrective action, for example by restarting services, or isolating the source of a maleware attack.
Yet perhaps the killer reason why people use LEM is for its compliance capability, with a little help from you, it will ensure that your organization complies with industry standards such as CISP or FERPA. LEM is a really smart application that can make correlations between data in different logs, then use its built-in logic to take corrective action, to restart services, or thwart potential security breaches – give LEM a whirl.
A Related Problem: Shutdown Access is Denied (5)
This is often a permissions problem, or to be precise a lack of the user right to ‘Force shutdown from a remote system’.
One solution is to launch Secpol.msc and adjust the settings as follows:
- Local Polices
- User Rights Assignments (Scroll down)
- Force shutdown from a remote system
- Add the user who needs to remotely restart the server.
One of my first tasks after installing a test copy of Windows Server 2012 is to turn off the annoying event shutdown tracker. The result of disabling this Group Policy is the shutdown procedure is the same as for Windows client machines; there are now no extra dialog boxes asking unnecessary questions every time I restart my test machine.
If you like this page then please share it with your friends