none
Windows Server 2008 每天下午7点整自动关机 RRS feed

  • 问题

  • 系统:Windows Server  Standard Service Pack2

    硬件:IBM X3650 M4

    故障:每天下午7点自动关机

    之前由于机房原因无法提供空调,所以设置过每天晚上9点自动关机的一个“计划任务”。现机房已经可以全天提供空调,所以无需要每天自动关机任务了,所以我就打开“计划任务”在里边把之前做过的任务删除了,但从那以后发现每天早上过来本台服务器还是关机状态。经查看日志发现每天的关机时间为下午7点(不是我设置的9点)。

    注:期间未安装过任务软件与驱动等。

    以下是关机关后各种日志:

    Application:

    Information 9/12/2014 8:11:12 AM Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds.  The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog.
    Information 9/12/2014 8:11:12 AM Microsoft-Windows-Security-Licensing-SLC 900 None "The Software Licensing service is starting.
    "
    Information 9/12/2014 8:11:12 AM Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. 

    "
    Information 9/11/2014 7:00:05 PM Microsoft-Windows-CertificateServicesClient 2 None Certificate Services Client has been stopped.
    Information 9/11/2014 7:00:05 PM Microsoft-Windows-Security-Licensing-SLC 901 None "The Software Licensing service is stopping.
    "
    Information 9/11/2014 7:00:05 PM MSSQL$MICROSOFT##SSEE 17147 (2) SQL Server is terminating because of a system shutdown. This is an informational message only. No user action is required.
    Information 9/11/2014 7:00:05 PM MSSQL$KAV_CS_ADMIN_KIT 17147 (2) SQL Server is terminating because of a system shutdown. This is an informational message only. No user action is required.
    Information 9/11/2014 7:00:01 PM Microsoft-Windows-CertificateServicesClient 2 None Certificate Services Client has been stopped.
    Warning 9/11/2014 7:00:02 PM Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. 

     DETAIL -
     1 user registry handles leaked from \Registry\User\S-1-5-21-3089481489-35528188-2763025094-500:
    Process 1112 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3089481489-35528188-2763025094-500\Printers\DevModePerUser
    "
    Information 9/11/2014 7:00:02 PM Desktop Window Manager 9009 None The Desktop Window Manager has exited with code (0x40010004)

    System

    Information 9/12/2014 8:10:23 AM Tcpip 4201 None The system detected that network adapter Loopback Pseudo-Interface 1 was connected to the network, and has initiated normal operation.
    Warning 9/12/2014 8:10:23 AM storflt 5 None The Virtual Storage Filter Driver is disabled through the registry. It is inactive for all disk drives.
    Information 9/12/2014 8:11:11 AM EventLog 6013 None The system uptime is 51 seconds.
    Information 9/12/2014 8:11:11 AM EventLog 6005 None The Event log service was started.
    Information 9/12/2014 8:11:11 AM EventLog 6009 None Microsoft (R) Windows (R) 6.00. 6002 Service Pack 2 Multiprocessor Free.
    Information 9/12/2014 8:10:23 AM Tcpip 4201 None The system detected that network adapter Loopback Pseudo-Interface 1 was connected to the network, and has initiated normal operation.
    Information 9/11/2014 7:00:06 PM EventLog 6006 None The Event log service was stopped.
    Information 9/11/2014 7:00:05 PM Service Control Manager 7036 None The Kaspersky Endpoint Security Service service entered the stopped state.
    Information 9/11/2014 7:00:05 PM Service Control Manager 7036 None The Group Policy Client service entered the stopped state.
    Information 9/11/2014 7:00:05 PM Service Control Manager 7036 None The Windows Update service entered the stopped state.
    Information 9/11/2014 7:00:01 PM Service Control Manager 7036 None The SKPoweroffService service entered the stopped state.
    Information 9/11/2014 7:00:01 PM USER32 1074 None "The process wininit.exe (127.0.0.1) has initiated the power off of computer FSVR2 on behalf of user NT AUTHORITY\SYSTEM for the following reason: Legacy API shutdown
     Reason Code: 0x80070000
     Shutdown Type: power off
     Comment: "
    Information 9/11/2014 7:00:00 PM Service Control Manager 7036 None The SKPoweroffService service entered the running state.
    Information 9/11/2014 6:24:00 PM Service Control Manager 7036 None The Adobe Flash Player Update Service service entered the stopped state.
    Information 9/11/2014 6:24:00 PM Service Control Manager 7036 None The Adobe Flash Player Update Service service entered the running state.

    DFS

    Additional Information:
    Volume: 9A33AD17-880D-4D63-8F9A-8D5E36433944"
    Information 9/12/2014 8:12:10 AM DFSR 1206 None The DFS Replication service successfully contacted domain controller DC.cits.xxx.XX to access configuration information.
    Information 9/12/2014 8:11:59 AM DFSR 6102 None The DFS Replication service has successfully registered the WMI provider.
    Information 9/12/2014 8:11:49 AM DFSR 1314 None "The DFS Replication service successfully configured the debug log files.
     
    Additional Information:
    Debug Log File Path: C:\Windows\debug"
    Information 9/12/2014 8:11:43 AM DFSR 1004 None The DFS Replication service has started.
    Information 9/12/2014 8:11:43 AM DFSR 1002 None The DFS Replication service is starting.
    Information 9/11/2014 7:00:05 PM DFSR 1006 None The DFS Replication service is stopping.
    Error 9/11/2014 2:19:13 PM DFSR 4004 None "The DFS Replication service stopped replication on the replicated folder at local path D:\IJP-DEPO.


    Additional Information:
    Error: 2 (The system cannot find the file specified.)
    Additional context of the error:  
    Replicated Folder Name: IJP_Share
    Replicated Folder ID: CBA3C394-8DA6-41E4-82DA-18F3642CF1E8
    Replication Group Name: cits.canon.com.cn\ijpshare\ijp_share
    Replication Group ID: 0FF8D291-A5FA-4BB2-9098-EB5C64418D30
    Member ID: 9AAB3FDF-5264-491B-A4AB-47ADA47346B8"
    Error 9/11/2014 10:19:12 AM DFSR 4004 None "The DFS Replication service stopped replication on the replicated folder at local path D:\IJP-DEPO.

    Taskscheduler

    Information 9/12/2014 8:11:13 AM Microsoft-Windows-TaskScheduler 118 Task triggered by computer startup "Task Scheduler launched ""{1FBC8188-56D7-4005-9561-DD9816F9F292}""  instance of task ""\Microsoft\Windows\MUI\LPRemove""  due to system startup."
    Information 9/12/2014 8:11:13 AM Microsoft-Windows-TaskScheduler 118 Task triggered by computer startup "Task Scheduler launched ""{E754C063-2417-4F55-BC9E-1AF8475F777C}""  instance of task ""\Microsoft\Windows\CertificateServicesClient\SystemTask""  due to system startup."
    Information 9/12/2014 8:11:13 AM Microsoft-Windows-TaskScheduler 118 Task triggered by computer startup "Task Scheduler launched ""{A134FD60-B3C7-463B-B48D-F71E26A970A3}""  instance of task ""\Microsoft\Windows\RAC\RACAgent""  due to system startup."
    Information 9/12/2014 8:11:13 AM Microsoft-Windows-TaskScheduler 400 Service started Task Scheduler service has started.
    Information 9/12/2014 8:11:13 AM Microsoft-Windows-TaskScheduler 700 Compatibility module started Task Scheduler service started Task Compatibility module.
    Information 9/11/2014 7:00:05 PM Microsoft-Windows-TaskScheduler 318 Task engine properly shut down "Task Scheduler shutdown Task Engine ""S-1-5-18:NT AUTHORITY\System:Service:""  process."
    Information 9/11/2014 7:00:05 PM Microsoft-Windows-TaskScheduler 301 Task engine properly shut down "Task Scheduler is shutting down Task Engine ""S-1-5-18:NT AUTHORITY\System:Service:"""
    Information 9/11/2014 7:00:05 PM Microsoft-Windows-TaskScheduler 111 Task terminated "Task Scheduler terminated ""{B12B6DA7-90BC-4370-9742-5A0A6F605307}""  instance of the ""\Microsoft\Windows\CertificateServicesClient\SystemTask""  task."
    Information 9/11/2014 7:00:05 PM Microsoft-Windows-TaskScheduler 330 Task stopping due to user request "Task Scheduler stopped instance ""{B12B6DA7-90BC-4370-9742-5A0A6F605307}""  of task ""\Microsoft\Windows\CertificateServicesClient\SystemTask""  as request by user ""CITS\FSVR2$"" ."
    Information 9/11/2014 7:00:05 PM Microsoft-Windows-TaskScheduler 402 Service is shutting down Task Scheduler service is shutting down.
    Information 9/11/2014 7:00:01 PM Microsoft-Windows-TaskScheduler 318 Task engine properly shut down "Task Scheduler shutdown Task Engine ""S-1-5-21-3089481489-35528188-2763025094-500:CITS\administrator:Interactive:[2]""  process."
    Warning 9/11/2014 7:00:01 PM Microsoft-Windows-TaskScheduler 126 Task restarted on failure "Task Scheduler failed to execute task ""\Microsoft\Windows\CertificateServicesClient\UserTask"" . Attempting to restart. Additional Data: Error Value: 2147943467."
    Information 9/11/2014 7:00:01 PM Microsoft-Windows-TaskScheduler 318 Task engine properly shut down "Task Scheduler shutdown Task Engine ""S-1-5-21-3089481489-35528188-2763025094-500:CITS\administrator:Interactive:[2]""  process."
    Information 9/11/2014 7:00:01 PM Microsoft-Windows-TaskScheduler 301 Task engine properly shut down "Task Scheduler is shutting down Task Engine ""S-1-5-21-3089481489-35528188-2763025094-500:CITS\administrator:Interactive:[2]"""
    Information 9/11/2014 7:00:01 PM Microsoft-Windows-TaskScheduler 111 Task terminated "Task Scheduler terminated ""{3579D5E7-3276-4304-93EF-F8B0E916A326}""  instance of the ""\Microsoft\Windows\Multimedia\SystemSoundsService""  task."
    Information 9/11/2014 7:00:01 PM Microsoft-Windows-TaskScheduler 111 Task terminated "Task Scheduler terminated ""{E5554C83-1DF9-4B5B-81EF-AE2FC41583BE}""  instance of the ""\Microsoft\Windows\TextServicesFramework\MsCtfMonitor""  task."
    Information 9/11/2014 7:00:01 PM Microsoft-Windows-TaskScheduler 111 Task terminated "Task Scheduler terminated ""{483D3E57-CAFE-49C8-B848-6E7520508941}""  instance of the ""\Microsoft\Windows\CertificateServicesClient\UserTask""  task."
    Information 9/11/2014 7:00:01 PM Microsoft-Windows-TaskScheduler 330 Task stopping due to user request "Task Scheduler stopped instance ""{483D3E57-CAFE-49C8-B848-6E7520508941}""  of task ""\Microsoft\Windows\CertificateServicesClient\UserTask""  as request by user ""CITS\administrator"" ."
    Information 9/11/2014 7:00:01 PM Microsoft-Windows-TaskScheduler 330 Task stopping due to user request "Task Scheduler stopped instance ""{3579D5E7-3276-4304-93EF-F8B0E916A326}""  of task ""\Microsoft\Windows\Multimedia\SystemSoundsService""  as request by user ""CITS\administrator"" ."
    Information 9/11/2014 Microsoft-Windows-TaskScheduler 330 Task stopping due to user request "Task Scheduler stopped instance ""{E5554C83-1DF9-4B5B-81EF-AE2FC41583BE}""  of task ""\Microsoft\Windows\TextServicesFramework\MsCtfMonitor""  as request by user ""CITS\administrator"" ."
    Information 9/11/2014 6:34:42 PM Microsoft-Windows-TaskScheduler 318 Task engine properly shut down "Task Scheduler shutdown Task Engine ""S-1-5-19:NT AUTHORITY\LocalService:Service:""  process."
    Information 9/11/2014 6:34:42 PM Microsoft-Windows-TaskScheduler 318 Task engine properly shut down "Task Scheduler shutdown Task Engine ""S-1-5-19:NT AUTHORITY\LocalService:Service:""  process."
    Information 9/11/2014 6:34:42 PM Microsoft-Windows-TaskScheduler 301 Task engine properly shut down "Task Scheduler is shutting down Task Engine ""S-1-5-19:NT AUTHORITY\LocalService:Service:"""

    计划任务中,只看到Windows客户体验计划一项有个时间是19:00,其它都无这个时间的任务。

    “计划任务”中无自定义任务

     

    以上是与关机时间相关的一些日志,请高手帮我查看一下倒底是什么原因造成的。

    2014年9月15日 7:28

答案

  • 真还跟卡巴有关系,

    终于找到点眉目了,把卡巴斯基所有服务停止了,在连网的情况下发现不会关机,看来是跟卡巴斯基有关系。
    这台服务器上有跑卡巴斯基的服务端与客户端

    前天刚刚测试了把卡巴所有的服务停掉后就没事了,昨天又把卡巴的服务端删除了,因为我另一台服务器有卡巴的服务管理中心,这台就不需要这个服务了,但是今天过来后发现又关机了,现在看来是跟卡巴的客户端有关系,今天再测试一下把客户端的服务先停止了,看是否会关机。

    测试出来我会告诉大家,让以后的兄弟遇到了也可以看一下。

    2014年9月30日 7:17

全部回复

  • 以下是计划任务:

    ==================================
    Scheduled Tasks
    [Enabled] Adobe Flash Player Updater
            C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    [Disabled] \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
            N/A
    [Enabled] \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
            N/A
    [Enabled] \Microsoft\Windows\Bluetooth\UninstallDeviceTask
            BthUdTask.exe $(Arg0)
    [Disabled] \Microsoft\Windows\CertificateServicesClient\SystemTask
            N/A
    [Enabled] \Microsoft\Windows\CertificateServicesClient\UserTask
            N/A
    [Enabled] \Microsoft\Windows\CertificateServicesClient\UserTask-Roam
            N/A
    [Disabled] \Microsoft\Windows\Customer Experience Improvement Program\Consolidator
            %SystemRoot%\System32\wsqmcons.exe
    [Enabled] \Microsoft\Windows\Customer Experience Improvement Program\Server\ServerCeipAssistant
            %windir%\system32\ceipdata.exe
    [Enabled] \Microsoft\Windows\Customer Experience Improvement Program\Server\ServerRoleCollector
            %windir%\system32\ceiprole.exe
    [Enabled] \Microsoft\Windows\Defrag\ScheduledDefrag
            %windir%\system32\defrag.exe -c -i -g
    [Enabled] \Microsoft\Windows\MUI\LPRemove
            %windir%\system32\lpremove.exe
    [Enabled] \Microsoft\Windows\Multimedia\SystemSoundsService
            N/A
    [Enabled] \Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
            N/A
    [Enabled] \Microsoft\Windows\Server Manager\ServerManager
            %windir%\system32\ServerManagerLauncher.exe
    [Enabled] \Microsoft\Windows\Tcpip\IpAddressConflict1
            rundll32 ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
    [Enabled] \Microsoft\Windows\Tcpip\IpAddressConflict2
            rundll32 ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
    [Enabled] \Microsoft\Windows\UPnP\UPnPHostConfig
            sc.exe config upnphost start= auto
    [Enabled] \Microsoft\Windows\Windows Error Reporting\QueueReporting
            %windir%\system32\wermgr.exe -queuereporting
    [Enabled] \Microsoft\Windows\Wired\GatherWiredInfo
            %windir%\system32\gatherWiredInfo.vbs

    2014年9月16日 11:18
  • 您 好,

    “只看到Windows客户体验计划一项有个时间是19:00,其它都无这个时间的任务”

    请打开这个 计划 查看它的 ”触发条件“ 及 “动作” 或者 禁用它 看会不会再重启。

    另外您可以运行一下 schtasks 命令看一下 是否还有 其它 每天 19:00 运行的计划任务。

    谢谢


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

    2014年9月17日 5:53
    版主
  • 建議再檢查一下其他整點運行的計劃任務, 看是否因為時區設置導致與觀察存在差異.

    Folding@Home

    2014年9月17日 10:45
  • Folder: \
    TaskName                                 Next Run Time          Status
    ======================================== ======================
    INFO: There are no scheduled tasks presently available at your access level.

    Folder: \Microsoft
    TaskName                                 Next Run Time          Status
    ======================================== ======================
    INFO: There are no scheduled tasks presently available at your access level.

    Folder: \Microsoft\Windows
    TaskName                                 Next Run Time          Status
    ======================================== ======================
    INFO: There are no scheduled tasks presently available at your access level.

    Folder: \Microsoft\Windows\Active Directory Rights Management Services Client
    TaskName                                 Next Run Time          Status
    ======================================== ======================
    AD RMS Rights Policy Template Management Disabled
    AD RMS Rights Policy Template Management N/A                    Ready

    Folder: \Microsoft\Windows\CertificateServicesClient
    TaskName                                 Next Run Time          Status
    ======================================== ====================== UserTask                                 N/A                    Running
    UserTask-Roam                            N/A                    Ready

    Folder: \Microsoft\Windows\Customer Experience Improvement Program
    TaskName                                 Next Run Time          Status
    ======================================== ====================== Consolidator                             Disabled               Could not start

    Folder: \Microsoft\Windows\Defrag
    TaskName                                 Next Run Time          Status
    ======================================== ======================
    ScheduledDefrag                          N/A                    Ready

    Folder: \Microsoft\Windows\MUI
    TaskName                                 Next Run Time          Status
    ======================================== ======================
    LPRemove                                 N/A                    Ready

    Folder: \Microsoft\Windows\Multimedia
    TaskName                                 Next Run Time          Status
    ======================================== ======================
    SystemSoundsService                      N/A                    Running

    Folder: \Microsoft\Windows\NetworkAccessProtection
    TaskName                                 Next Run Time          Status
    ======================================== ======================
    NAPStatus UI                             N/A                    Ready

    Folder: \Microsoft\Windows\PLA
    TaskName                                 Next Run Time          Status
    ======================================== ======================
    INFO: There are no scheduled tasks presently available at your access level.

    Folder: \Microsoft\Windows\Server Manager
    TaskName                                 Next Run Time          Status
    ======================================== ======================
    ServerManager                            N/A                    Ready

    Folder: \Microsoft\Windows\Tcpip
    TaskName                                 Next Run Time          Status
    ======================================== ======================
    IpAddressConflict1                       N/A                    Ready
    IpAddressConflict2                       N/A                    Ready

    Folder: \Microsoft\Windows\TextServicesFramework
    TaskName                                 Next Run Time          Status
    ======================================== ======================
    MsCtfMonitor                             N/A                    Running

    Folder: \Microsoft\Windows\WDI
    TaskName                                 Next Run Time          Status
    ======================================== ======================
    ResolutionHost                           N/A                    Ready

    Folder: \Microsoft\Windows\Windows Error Reporting
    TaskName                                 Next Run Time          Status
    ======================================== ======================
    QueueReporting                           N/A                    Unknown

    Folder: \Microsoft\Windows\Wired
    TaskName                                 Next Run Time          Status
    ======================================== ======================
    GatherWiredInfo                          N/A                    Ready

    2014年9月18日 7:37
  • 我查看了每一个计划任务的运行时间,都没有7点运行的。就是有一个是接近7点的,好像是一个微软的收集服务的计划还是啥,我昨天有禁用过,但是不管用,还是关机。

    2014年9月18日 7:45
  • 您 好,

    建议您再检查一下有没有设置 开机脚本 。

    有DC 的环境中请检查一下 策略中 的计划任务 和 开机脚本 。

    谢谢


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

    2014年9月22日 1:28
    版主
  • 之前的IT做的DC,所以我也不清楚,我得一个一个去查一下。

    我在MSCONFIG中把所有的服务都禁止掉后就不会自动关机了,但是服务总不能不启动,所以又得重新启动了开机。

    2014年9月22日 6:23
  • 建議檢查那些被禁止的服務, 看其映像文件路徑是否被修改過. 如果沒有, 則建議再檢查那些服務的映像文件是否存在 image hijack

    Folding@Home

    2014年9月23日 10:39
  • 目前我做的是把卡巴斯基的所有服务停止了,把补丁打到最新了,重启过服务器,下班后继续观察,结果还是到7点就关机,接下来我想测试的是把WSUS服务也停止了,再测试会不会关机。
    2014年9月28日 0:34
  • 真还跟卡巴有关系,

    终于找到点眉目了,把卡巴斯基所有服务停止了,在连网的情况下发现不会关机,看来是跟卡巴斯基有关系。
    这台服务器上有跑卡巴斯基的服务端与客户端

    前天刚刚测试了把卡巴所有的服务停掉后就没事了,昨天又把卡巴的服务端删除了,因为我另一台服务器有卡巴的服务管理中心,这台就不需要这个服务了,但是今天过来后发现又关机了,现在看来是跟卡巴的客户端有关系,今天再测试一下把客户端的服务先停止了,看是否会关机。

    测试出来我会告诉大家,让以后的兄弟遇到了也可以看一下。

    2014年9月30日 7:17
  • Thanks!
    2015年5月11日 19:23
    管理员