How to troubleshoot an Event ID 6008 "The previous system shutdown at Time on Date was unexpected."
Applies to:
Windows Server 2012 R2
Windows 8.1
Windows Server 2012
Windows 8
Windows Server 2008 R2
Windows 7
Windows Server 2008
Windows Vista
Symptom:
========
Event ID: 6008
Source: Event Log
Type: Error
Description:
The previous system shutdown at Time on Date was unexpected.
Causes:
=====
Hardware going bad
Hardware firmware or driver is misbehaving
Mini filter drivers (i.e. antivirus and other security software) is/are misbehaving
etc…
Reactive action plan (To try capturing the problem):
====================================================
Step 1) Setup the machine for a manual memory dump
Coming soon: How to generate a kernel or a complete memory dump file in Windows Server 2012 and Windows Server 2012 R2
Note: I would like to suggest to set this up in your base image.
Step 2) Setting a remote perfmon in a Windows client or Windows Server.
Step 3) Setup for a remote kernel debug
Here are the different methods to setup the remote kernel debugger:
Setting Up Kernel-Mode Debugging over a Serial Cable Manually
Setting Up Kernel-Mode Debugging of a Virtual Machine Manually
Setting Up Kernel-Mode Debugging over a 1394 Cable Manually
Setting Up Kernel-Mode Debugging over a USB 2.0 Cable Manually
Setting Up Kernel-Mode Debugging over a USB 3.0 Cable Manually
Setting Up Kernel-Mode Debugging over a Network Cable Manually
Yong