2

Microsoft-Kernel-Power error ID=41 on Windows Server 2012 R2 Data Center.

My server went down twice yesterday due to this error happening, causing the server to restart on its own. This is an Azure VM.

I checked the Device Manager and found nothing to be out of place or needing an update. Also found print drivers for random printers that I did not install. Any insight to this would be greatly appreciated.

I don't currently have any more info than that.

chicks
  • 3,639
  • 10
  • 26
  • 36
JaxCoder
  • 31
  • 1
  • 8

3 Answers3

2

This indicates an ungraceful shutdown. i.e. the node was shot in the head using a software power switch. Something to contact MS about.

Log Name:  System
Source:       Microsoft-Windows-Kernel-Power
Event ID:    41
Level:         Critical
Description:
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
An event 41 can occur in the following scenarios.

Scenario 1: The computer restarts, and there is a Stop error BugcheckCode in the event data

When a Stop error occurs, the Stop error data is written in Event ID 41 as part of the additional event data. There may be the instances in which the Stop error code information cannot be written before the computer restarts or shuts down. Such instances are covered in scenario 3. 

Scenario 2: The computer is shut down By Azure (there was no outage listed in Azure Service Dashboard)
http://azure.microsoft.com/en-us/support/service-dashboard/

Scenario 3: The system randomly restarts and no Stop error BugcheckCode is listed, or the computer is completely unresponsive (hard hang)
Sum1sAdmin
  • 1,914
  • 1
  • 11
  • 20
  • ...or something running on the server caused it to crash and/or BSOD. Impossible to say exactly, without more information. – HopelessN00b Apr 18 '16 at 15:57
  • No BSOD screen. Our sites go down and I RDP into the VM. When I log on, the restart screen has completed screen is open asking for a reason for restarting. – JaxCoder Apr 18 '16 at 19:55
  • Some power issue with the hardware was the culprit. The hardware was replaced and no more error. – JaxCoder May 31 '16 at 12:33
0

You're saying that you saw print drivers for random printers - those drivers are usually installed by the server itself if you are connecting with RDP and have print redirection enabled (and Remote Desktop Easy Print fails to map the printer).

If you are the only one who use RDP to this server and you don't recognize any of the print drivers then I'm pretty sure that someone you don't know has logged on, probably through a brute-force attack using well known username/password combinations.

pauska
  • 19,532
  • 4
  • 55
  • 75
  • Our whole team has access. You are correct in the drivers, they were just my local ones to share my devices with server if needed. Thanks for your input, gives me insight on things to look for in the future. – JaxCoder Jun 01 '16 at 12:57
-1

I was informed that Azure had to replace some hardware and the error went away. One of the cons of the cloud...

JaxCoder
  • 31
  • 1
  • 8
  • How is this an answer? And how is this a con of the cloud, where your VM or app is migrated to properly functioning hardware if there's an issue (vs you having to physically replace a server)? Sounds like a pro, not a con. – David Makogon May 31 '16 at 15:06
  • I cannot monitor Microsoft's equipment. What planet do you live on David? When you use a Azure VM, the hardware is handed out like a raffle. It was my question, how can anyone but me say what the answer is? After submitting a ticket with Azure, they swapped out hardware and we did not get the error anymore. Now, what more can be said about that? – JaxCoder Jun 01 '16 at 12:55