Finding nothing the same across the multiple machines.
1 is bluescreening, 1 is not.
Chad Schneider
Systems Engineer
ThedaCare IT
920-735-7615
>>> On 7/8/2008 at 9:21 AM, <adwulf@gmail.com> wrote:
Systems Engineer
ThedaCare IT
920-735-7615
>>> On 7/8/2008 at 9:21 AM, <adwulf@gmail.com> wrote:
2008/7/8 Chad Schneider (IT) <Chad.M.Schneider@thedacare.org>:
> I have @ 4 out of 150+ users, using the full SSL VPN via the CAG, who for no
> rhyme nor reason, their PC reboots....
>
> CAG is standard 4.5.7
> Citrix client on the PC is 10.150
> PC's are both XP and Win2K.
> We have tried reimaging the PC's, we have taken one and replaced nearly
> every piece of hardware...
>
> Is anyone else noting issues such as this?
>
What did the eventlogs of the PCs say was the reason for the reboot?
If the PCs are XP or Vista, you should find some clues in the system
logs. Look for three events with the source 'eventlog' in a row.
Check the security log for a success audit event with ID 578, the last
one should be for the privilege "SeShutdownPriv". It will tell you
the username, domain and PID which restarted the computer.
The PID won't be too much use to you right now - but you can take a
note of the PIDs by running tasklist /SVC and dumping it in a
textfile.
Then you can connect to the VPN, wait for the reboot - and compare the
PID in the eventlog with the listing you took earlier.
You could also enable the shutdown event tracker in XP:
http://support.microsoft.com/kb/555541 - which will leave a USER32
event in the system log, telling you which process/user initiated a
shutdown of the computer; eg:
The process winlogon.exe has initiated the restart of MKPC0A83 for the
following reason: No title for this reason could be found
Minor Reason: 0xff
Shutdown Type: shutdown
Comment: The computer has become self aware! Must shut it down
before it... argh!
On the other hand - it may be that these computers are not restarting
gracefully. It may be that they are suffering a STOP error, and have
been configured to automatically restart - or perhaps something is
crashing a critical system process like winlogon. Take a look for
crashdumps on the computers, either STOP error dumps or Dr Watson (or
whatever your default debugger is) dumpfiles.
I think - if something critical like winlogon is killed, the system
instantly restarts - no warning at all - and you'll only see two
eventlog entries instead of three.
--
AdamT
"At times one remains faithful to a cause only because its opponents
do not cease to be insipid." - Nietzsche
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://www.freelists.org/list/thin
NEW! Follow Thin List on Twitter!
http://twitter.com/thinlist
Thin List discussion is now available in blog format at:
http://thinmaillist.blogspot.com
HOT! Thinlist MOBILE Feed!
http://thinlist.net/mobile
Thinlist quick pick
http://thinlist.net
************************************************
> I have @ 4 out of 150+ users, using the full SSL VPN via the CAG, who for no
> rhyme nor reason, their PC reboots....
>
> CAG is standard 4.5.7
> Citrix client on the PC is 10.150
> PC's are both XP and Win2K.
> We have tried reimaging the PC's, we have taken one and replaced nearly
> every piece of hardware...
>
> Is anyone else noting issues such as this?
>
What did the eventlogs of the PCs say was the reason for the reboot?
If the PCs are XP or Vista, you should find some clues in the system
logs. Look for three events with the source 'eventlog' in a row.
Check the security log for a success audit event with ID 578, the last
one should be for the privilege "SeShutdownPriv". It will tell you
the username, domain and PID which restarted the computer.
The PID won't be too much use to you right now - but you can take a
note of the PIDs by running tasklist /SVC and dumping it in a
textfile.
Then you can connect to the VPN, wait for the reboot - and compare the
PID in the eventlog with the listing you took earlier.
You could also enable the shutdown event tracker in XP:
http://support.microsoft.com/kb/555541 - which will leave a USER32
event in the system log, telling you which process/user initiated a
shutdown of the computer; eg:
The process winlogon.exe has initiated the restart of MKPC0A83 for the
following reason: No title for this reason could be found
Minor Reason: 0xff
Shutdown Type: shutdown
Comment: The computer has become self aware! Must shut it down
before it... argh!
On the other hand - it may be that these computers are not restarting
gracefully. It may be that they are suffering a STOP error, and have
been configured to automatically restart - or perhaps something is
crashing a critical system process like winlogon. Take a look for
crashdumps on the computers, either STOP error dumps or Dr Watson (or
whatever your default debugger is) dumpfiles.
I think - if something critical like winlogon is killed, the system
instantly restarts - no warning at all - and you'll only see two
eventlog entries instead of three.
--
AdamT
"At times one remains faithful to a cause only because its opponents
do not cease to be insipid." - Nietzsche
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://www.freelists.org/list/thin
NEW! Follow Thin List on Twitter!
http://twitter.com/thinlist
Thin List discussion is now available in blog format at:
http://thinmaillist.blogspot.com
HOT! Thinlist MOBILE Feed!
http://thinlist.net/mobile
Thinlist quick pick
http://thinlist.net
************************************************
No comments:
Post a Comment