![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 97%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,886 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 51%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZK%3C/text%3E%3C/svg%3E)
- User:
NT AUTHORITY\SYSTEM - Process:
C:\Windows\system32\winlogon.exe - Reason Code:
0x500ff - Shutdown Type:
power off
Here’s a breakdown of what might be happening:
Possible Causes
Windows Update:
- A common cause for an automatic shutdown triggered by
winlogon.exeis that Windows is initiating a system restart due to pending updates, which may have been installed or required a reboot. This could be due to either a Critical Update or Cumulative Update.
Scheduled Tasks:
- A scheduled task could be running at a set time that causes the system to shut down, especially tasks like maintenance or updates. The **SYSTEM** account is often used for scheduled tasks that require elevated privileges.
**Power Management Settings**:
- A misconfigured power setting or an application that incorrectly triggers shutdowns. Some power management configurations or third-party applications could cause this issue.
**Event Triggered by Another Service**:
- Another possibility is that a background service or script is issuing the shutdown command. For example, certain enterprise software, backup software, or even antivirus solutions can trigger system restarts or shutdowns.
**Corrupted System Files**:
- System files responsible for power management or shutdown could have become corrupted, leading to unexpected shutdown behavior.
Steps to Diagnose and Resolve the Issue
Check Windows Update History:
- Navigate to Settings > Update & Security > Windows Update and check the Update History for any recent updates that might have triggered the restart.
- If a critical update or cumulative update was installed recently, it could be related to the shutdown.
- Open **Task Scheduler** and look through the scheduled tasks, especially those triggered by the **SYSTEM** account. - Check if any tasks have been scheduled to perform shutdowns or restarts and investigate their triggers. **Check System Logs for Further Clues**: - Review the **System** logs in **Event Viewer** for other events around the time of the shutdown. Look for warnings or errors that might point to a specific service, task, or application causing the shutdown. - Look for other Event IDs, like `41` (Kernel-Power), which might indicate an unexpected shutdown. **Check Power Settings**: - Go to **Control Panel** > **Power Options** and review the power plan settings. Ensure that settings like **sleep**, **hibernation**, or **shutdown** are properly configured and not set to initiate power off automatically. - You may also check the **Advanced Power Settings** to see if there's an issue with any custom power management configurations. **Use Event ID 6006 (Shutdown Event)**: - Look for **Event ID 6006** (shutdown event) in the **Event Viewer** as it will give you more information on what caused the system to shut down, like if it was triggered by a specific application or process.
- System Integrity Check:
- Run System File Checker (SFC) to ensure no system files are corrupted:
- User:
NT AUTHORITY\SYSTEM - Process:
C:\Windows\system32\winlogon.exe - Reason Code:
0x500ff - Shutdown Type:
power off - Here’s a breakdown of what might be happening: Possible Causes
Steps to Diagnose and Resolve the Issue Check Windows Update History:**Windows Update**: - A common cause for an automatic shutdown triggered by `winlogon.exe` is that Windows is initiating a system restart due to pending updates, which may have been installed or required a reboot. This could be due to either a **Critical Update** or **Cumulative Update**. **Scheduled Tasks**: - A scheduled task could be running at a set time that causes the system to shut down, especially tasks like maintenance or updates. The **SYSTEM** account is often used for scheduled tasks that require elevated privileges. **Power Management Settings**: - A misconfigured power setting or an application that incorrectly triggers shutdowns. Some power management configurations or third-party applications could cause this issue. **Event Triggered by Another Service**: - Another possibility is that a background service or script is issuing the shutdown command. For example, certain enterprise software, backup software, or even antivirus solutions can trigger system restarts or shutdowns. **Corrupted System Files**: - System files responsible for power management or shutdown could have become corrupted, leading to unexpected shutdown behavior.- Navigate to **Settings** > **Update & Security** > **Windows Update** and check the **Update History** for any recent updates that might have triggered the restart. - If a critical update or cumulative update was installed recently, it could be related to the shutdown. **Review Scheduled Tasks**: - Open **Task Scheduler** and look through the scheduled tasks, especially those triggered by the **SYSTEM** account. - Check if any tasks have been scheduled to perform shutdowns or restarts and investigate their triggers. **Check System Logs for Further Clues**: - Review the **System** logs in **Event Viewer** for other events around the time of the shutdown. Look for warnings or errors that might point to a specific service, task, or application causing the shutdown. - Look for other Event IDs, like `41` (Kernel-Power), which might indicate an unexpected shutdown. **Check Power Settings**: - Go to **Control Panel** > **Power Options** and review the power plan settings. Ensure that settings like **sleep**, **hibernation**, or **shutdown** are properly configured and not set to initiate power off automatically. - You may also check the **Advanced Power Settings** to see if there's an issue with any custom power management configurations. **Use Event ID 6006 (Shutdown Event)**: - Look for **Event ID 6006** (shutdown event) in the **Event Viewer** as it will give you more information on what caused the system to shut down, like if it was triggered by a specific application or process.
- System Integrity Check:
- Run System File Checker (SFC) to ensure no system files are corrupted:
Check for Third-party Software:- If you recently installed any third-party software or have certain enterprise tools running, ensure that these applications are not misconfigured to trigger a shutdown. You could temporarily disable or uninstall them for testing purposes.
- If your server is part of a domain, check for any Group Policy settings that might be configured to cause a shutdown or restart under certain conditions. Look for policies related to Windows Update, shutdown behavior, or maintenance.
- Run System File Checker (SFC) to ensure no system files are corrupted:
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 55.00000000000001%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHL%3C/text%3E%3C/svg%3E)