Event ID - 1076

Event Id1076
SourceUser32
DescriptionThe reason supplied by user %6 for the last unexpected shutdown of this computer is: %1 Reason Code: %2 Bug ID: %3 Bugcheck String: %4 Comment: %5
Event InformationExplanation :
This event refers to the failure indicated by the previous EventLog 6008 event. The User32 1076 event is written when the first user with shutdown privileges logs on to the computer after an unexpected restart or shutdown and supplies a reason for the occurrence. An unexpected restart or shutdown is one that the system cannot anticipate, such as when the user pushes the computers reset button or unplugs the power cord.

A member of the Administrators security group can also log the reason for a remote computers unexpected restart or shutdown using the Shutdown.exe tool. If many remote computers are unexpectedly shut down, as in the case of a power outage, Shutdown.exe provides a way for the administrator to remotely log the same shutdown reason on all the affected computers.

The User32 1076 event is written to the system log only when the Shutdown Event Tracker group policy setting is enabled or not configured on a computer running a Windows Server 2003 operating system. For more information about Shutdown Event Tracker group policy settings, see Help and Support.

User Action :
No user action is required.This information from some newsgroups may help you:
------------------------------------------------------------------------------
1. Power was interrupted - install a UPS or replace failing UPS battery.
2. If happening during the night the problem could be the backup software.
3. A STOP error (Blue screen) occurred and the server is configured during a STOP error to reboot automatically.
The document I mentioned regarding the BSOD on our servers (SESSION_HAS_VALID_POOL_ON_EXI­T) refers to win32.k.sys, atmfd.dll and rdpdd.dll as possible sources for the error. atmfd.dll and rdpdd.dll both have timestamps from 2003 on our servers but our version of win32k.sys on both servers is from 29/12/2004 (version 5.2.3790.244) and was installed by the security update from KB891711.The w
Reference LinksWindows Operating System

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.