'pskill \\hostname winlogon' might budge a server "stuck rebooting", but why?
Posted
by
Snoi
on Server Fault
See other posts from Server Fault
or by Snoi
Published on 2011-02-04T05:29:19Z
Indexed on
2011/02/04
7:27 UTC
Read the original article
Hit count: 610
Question: Executing remote (Sysinternals) command... pskill \\machine winlogon ...can budge a server that is stuck rebooting, but how/why does this work? How do you know which service to kill?
To recreate (e.g.): You run Windows Update, allow a reboot, and ...NOTHING! RDP gets cut off but the server does not reboot. Just about every other service seems to stay up.
Further Background: I've faced this problem on VMs hosted around the planet for some years, and used various sc.exe and shutdown commands to learn the state of and attempt remote reboot of servers in such a state, with limited success. Most datacentres don't offer any way to see the true console or power off/on such machines. They charge $$ for you to call them to do such simple things after hours, when you nearly always have to run your maint tasks.
e.g.
NET USE \\machine\IPC$ /USER:login password
sc \\machine query RpcSs
sc \\machine query TermService
sc \\machine query wuauserv
tasklist /s machine
This occasionally works for me...
shutdown /m \\machine /r /f /t: 0
...but more often than not it fails with: A system shutdown is in progress (1115).
I found this question, and the answer by @Tweek, and it worked really well, but was I just lucky?
Can not RDP to Win 2003 box or initiate remote restart
@Tweek said to run: pskill \\hostname winlogon
...and that got me past this situation in a new way (Server 2008 R2 in my most recent case) - really useful! I just need to understand if I got lucky or there is more science here. What I'd like to know is why the winlogon process?
@Livne said to use "tasklist /s HostName" to see what is the culprit, but how do you tell from the listed output? It's just a list of running tasks etc. From that I would not know what to look for, nor could I see anything about the winlogon process that suggested to my eyes that was the one to kill.
© Server Fault or respective owner