question

HowardTPK-5967 avatar image
0 Votes"
HowardTPK-5967 asked Miles-MSFT answered

Strange behavior from Server 2019

Hello,

So we have a somewhat new (1 yo) server running windows server 2019. The server (hardware) is a Hyper-V host, and there are a few VMs doing various things within the host.

I noticed that some of the processes it normally runs at night were missed so I went and checked on the server.. What I found was a bit disconcerting...

What happened was the server rebooted from a bugcheck. Not just once, but 22 times between the dates of 6/15/2021 6:21pm, and 6/16/2021 3:40am.. It rebooted approximately once every half hour until the early morning on 6/16 and then it mysteriously stopped doing that and continued running until I checked on it later in the afternoon of 6/16..

What I find strange is that it started to do this without any changes on my part whatsoever (I never touch the thing).. What I find even more strange is that it STOPPED doing this, on its own, on the morning of 6/16..

The fact that it stopped on its own has me a bit worried, and in a way I sort of wish this didn't just stop on its own... It makes me wonder if there was some intent behind what was going on (perhaps some sort of hacking attempt), because typically computers don't just fix themselves. Perhaps whatever was going on just stopped because someone was behind all of this and stopped (or succeeded?!). I know that is still not very probable, but it has me worried a bit... This is an internal server on our internal network, and while it can communicate with the outside, there are no port forwards from the outside into that server (not even to the VMs on that server)..

Anyhow, I was able to collect some data, and I was wondering if someone at MSFT can help me out with this (perhaps this is the wrong forum to post this in, I do not usually use these forums)...

Here is what I have:

1) A MEMORY.DMP file from the last time the server rebooted from the bugcheck (I guess it kept overwriting the same file over and over again). I compressed this to a ~2GB zip file.

2) A dump of the system windows log, filtered for the bug check events (although I can go back and include a lot more from windows log if requested).

With these things, is there a way to determine what was happening to this server on that date??

Here is what I did in the aftermath:

1) I stopped the VMs and rebooted the machine manually.

2) I checked the HP integrated lights out (ILO) for any reports of system hardware, drive, or RAM failures, and found none (this is a HP DL380 Gen9 server). The ILO only reported on the server reboots.

3) I ran all windows updates on the machine, so the server is up to date, and rebooted and restarted the VMs..

Anyhow, can someone help me with this and try to determine what happened on that night??

Thanks so much ..

.... Howard

windows-server
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

I'd start by checking the host hardware supports the operating system installed. Also check the manufacturer's site for the latest ROM bios, firmware, chipset and driver support packs.

--please don't forget to upvote and Accept as answer if the reply is helpful--





5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Miles-MSFT avatar image
0 Votes"
Miles-MSFT answered

Hi

Debugging windows log is beyong scope of forum support.
So if further assiatance were needed you could open a request ticket with Microsoft Support.
https://support.serviceshub.microsoft.com/supportforbusiness
Thank you for your understanding and corpoeration.

Best Regards

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.