The windows management instrumentation service has detected an inconsistent system shutdown

• Remove From My Forums

• Question

• I have a windows 2008 R2 server, which was configured and installed by a 3rd party vendor.  EVerytime the server is rebooted, we are prompted to supply the reason for the unexpected shutdown.  It’s a dell server and Dell openmanage indicates a
  normal shutdown/restart. In combing through the event logs i find this error message «The Windows Management Instrumentation Service has detected an inconsistent system shutdown.

  I’ve googled this and not found a lot of info.  I am at a loss as where to begin my troubleshooting.  Any direction is appreciated.

  • Moved by

    Monday, June 28, 2010 5:34 AM
    (From:Windows Server 2008 R2 General)

I have a windows 2008 R2 server, which was configured and installed by a 3rd party vendor. EVerytime the server is rebooted, we are prompted to supply the reason for the unexpected shutdown. It’s a dell server and Dell openmanage indicates a
normal shutdown/restart. In combing through the event logs i find this error message «The Windows Management Instrumentation Service has detected an inconsistent system shutdown.
I’ve googled this and not found a lot of info. I am at a loss as where to begin my troubleshooting. Any direction is appreciated.

June 25th, 2010 7:09pm

Hello,
i have seen this sometimes if a machine is shutdown/rebooted via RDC instead on the server console direct. Do you have it both ways?Best regards Meinolf Weber Disclaimer: This posting is provided «AS IS» with no warranties or guarantees , and confers no rights.

June 26th, 2010 2:08pm

Hi Betty,

How did you reboot the server, remotely or locally on the server?

Please ensure the
Remote Registry service has been started if you shut down the computer remotely. A registry key value tells Shutdown Event Tracker when to prompt a user for information about an unexpected restart or shutdown. Without remote registry access,
Shutdown Event Tracker cannot remotely reset this registry key value after you have provided a reason.

When Shutdown Event Tracker is enabled, users cannot shut down or restart the computer without providing a reason. If the computer is shut
down or restarted unexpectedly, either as a result of power interruption or hardware failure, the first member of the local Users group to log in after the restart is prompted to enter a reason in Shutdown Event Tracker.

Alternatively, you can disable Shutdown Event Tracker through local Group Policy settings to avoid the shutdown reason window. To do this,
please follow these steps.

Click
Start, click in the Search box, and type
gpedit.msc.The Group Policy Object Editor dialog box appears.
In the
Local Computer Policy navigation pane, expand Computer Configuration, expand
Administrative Templates, and click System.
In the console pane, scroll down to the list of objects, right-click
Display Shutdown Event Tracker, and click Properties.
On the
Settings tab, click Disabled.

For more information about Shutdown Event Tracker, please refer to the link below.
http://technet.microsoft.com/en-us/library/cc770960.aspx

Regards,
Karen Ji

Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”
This posting is provided «AS IS» with no warranties, and confers no rights.

On July 1st we will be making this forum read only. After receiving a lot of feedback from the community, it was decided that this forum is a duplication
and therefore redundant of the General Forum. So, until July 1st, we will start asking customers to redirect their questions to the
General Forum. On June 11th, CSS engineers will move any new threads to the
General Forum.

Please post a reply to
the announcement thread if you have any feedback on this decision or the process. You can
also email WSSDComm@microsoft.com.

June 28th, 2010 8:34am

I receive this error when I am right at the console or when I rdp boot. The remote registry service is enabled and started. Often I am rebooting because of windows security patches, so when prompted to restart — i do. I am not
asked to supply the reason. (This is similar to my other 2008 servers but only this one gives me grief).
I will check your link about shutdown tracker and see if I can find out more info. thank you for the questions and responses.

June 29th, 2010 10:09pm

Anyone get this resolved. I am having the same issue with 2008 R2. Mine is a virtual running on esx 4 update 1.

June 30th, 2010 5:46pm

Same here. I’m running 2008 R2 virtualized on 2008 R2 Hyper-V.

August 4th, 2010 11:59pm

I still have this problem as well. I’ve opened a case with Microsoft but so far, we’ve had no luck in resolving it. They are pointing me back to Dell hardware support.

August 13th, 2010 5:00pm

I have the same issue on a 2008 R2 box without Dell hardware. Any news on this?

October 14th, 2010 10:58pm

I am also recieving this error on all of my 2008 R2 Data Center boxes running on Dell PowerEdge R710’s.Hi

November 4th, 2010 6:03pm

I’m in the same boat. For me it is occurring on my vCenter 4.1 server which is a virtual server (W2K8 R2). I performed a domain migration, pretty straight forward right? Well, the domain migration went just fine, however, every time I reboot
the server either via the console using VI client OR RDP, I get the shutdown tracker upon reboot looking for an answer as to why the server was shutdown «unexpectedly». The other thing I notice that is strange is that after all of the services
have loaded, the server does some kind of time synchronization that changes the local time of the server to be incorrect (about 30 mins slow). The mysterious part is that when the server boots and I first login to Windows the time is correctly synchronized
with the AD domain controllers. I don’t know what to make of this. It’s almost like there is some service that is restoring the system to a previous state when maybe the server wasn’t shutdown properly.

Any ideas on this would be greatly appreciated.
Thanks,
—Kevin

November 23rd, 2010 9:54pm

I’m having the same problem with the tracker once I login to any of my 2008 R2 servers, and it happens across physical and virtual systems, even when I manually shutdown and supply a reason.

@Kevin
So far as your time sync issue, double check that VMware Tools isn’t set to synchronize the servers time with the vSphere Host.

Regards,
MatthewRegards, Matthew

February 17th, 2011 8:55pm

I have the same issue on a 2008 R2 box with Intel Server hardware. Any news on this?

Thanks

February 18th, 2011 1:16am

For me, the problem was Blackberry Enterprise Server Express running on the system. I’ve installed BES on a few Windows 2008 R2 systems and they all have this shutdown issue. I opened an MS support case and was told that BES does not properly
clean up files on shutdown.

February 18th, 2011 9:25am

I’ve been building a Blackberry Enterprise Server Express system inside VMWare Workstation and after I installed BES it started doing this. BES sucks. This just confirms it. Please let me know if anybody figures out how to fix it.

February 21st, 2011 5:20pm

I opened a support case with Blackberry on this a couple of months ago, but I don’t think they’re too concerned about fixing it (or even acknowledging it). I don’t think the support person had to worry about the annoyance of shutting down a server
then checking it every time you reboot it to make sure there is not a genuine problem with the system.
Here is the fundamental reason for the problem as described to me by Microsoft:
Windows Server 2008 onward we maintain a heartbeat file to determine whether we have a clean shutdown or not. Files are LastAlive0 or LastAlive1 in C:windowsServiceProfilesLocalServiceAppDataLocal. If the LASTALIVESTAMP is present and if we can successfully
read heartbeat data, it indicates that the previous shutdown was abnormal, i.e. we didn’t execute our normal shutdown cleanup code.

For some reason lastalive0.dat and lastalive1.dat at C:windowsServiceProfilesLocalServiceAppDataLocal were not getting deleted while doing a clean shut down/Reboot.

Many cases show that Blackberry Service can cause the problem. Because Blackberry Services putting a handle lastalive file and not releasing it during shutdown process.

According to the System Information, I found that Blackberry Service is running.
Please check the following path and see if there are files called LastAlive0 or LastAlive1: C:windowsServiceProfilesLocalServiceAppDataLocal folder. If so, please stop or disable the Blackberry Services before next time you start the server, or you can
contact the company of Blackberry and see if there is an update of the service to fix this problem.

February 21st, 2011 5:30pm

I am having the same issue as the OP. At first I thought it was the pcAnywhere connection. I recommend uninstalling or stop using any type of remote connection. I believe this is the cause of the problems. We are running Windows
Server 2008 Standard 32 bit. We had it in a virtualized environment (virtualbox), but removed it since we thought VirtualBox was the culprit. We have moved onto a physical environment and continue to receive these issues. The new server is
on new hardware as well. When I restarted the server due to a Windows update, I did it via pcAnywhere, which then prompted the random restarts of the server. Try restarting the servers physically instead of remotely. Microsoft help us out.
Solve this issue, we need remote access to our servers.

March 1st, 2011 10:23am

I have noticed this after installing the VMware Tools for ESX 4.1 on my VM’d 2K8 R2 Server.

March 10th, 2011 2:32pm

I am also having this issue. At first I was concerned as this is running on an email server and the last thing you want is a dirty shutdown potentially causing further problems down the line.
I also think suggesting the Shutdown Event Tracker (SET) should be disabled is NOT a workaround to the issue. The OP clearly posted what the issue was and suggesting it should be disabled is poor advice.
The only time this should ever be suggested is when the initial SET is appearing before a reboot. This problem is whereby you fill in the first SET and then you are presented with another after reboot. There is obviously a reason for it and until
it is resolved, how do you know something more serious isn’t going to occur as a result of ignoring it?
However, since looking into this issue, in my case I am using RDP and BESE on the email server and I thought I would add my findings.
In an attempt to work out what is causing it, I manually stopped all the BlackBerry services from top to bottom in the list and then rebooted. I completed the first SET and after it did reboot and I logged on, I got no SET.
So in my case, and possibly those who are also running BESE, this sounds like an issue I’ve found elsewhere whereby the BB software is not cleanly stopping itself and leaving Windows to deduce an improper shutdown occurred. However, it sounds like RIM have
no fix and might not have even acknowledged this as an issue as yet.

March 20th, 2011 7:52am

I am having the same issue on one of our servers — which is usually just restarted due to windows update. All other servers — same procedure — do not exhibit this behaviour…

April 3rd, 2011 11:07pm

Same issue as outlined by all others above. Server generates a 6008 whether rebooted via RDP or console session, with blackberry services stopped, server reboots cleanly.
Observed on SBS 2011 Std: All MS patches applied
Exchange server 2010 v. 14.01.0218.013
Blackberry Enterprise Server Express 5.0.2.29
Any solutions found that do not require
disabling a feature intended to notify admins when there really is a problem?

May 16th, 2011 9:59pm

• Advertising
• Cookies Policies
• Privacy
• Term & Conditions
• Topics