![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
266 questions
Hello
The message you’re seeing indicates that a restart was initiated by the svchost.exe process on behalf of the NT AUTHORITY\SYSTEM user. The comment “A remote client is trying to shutdown this machine through Remote Desktop Services” suggests that the restart may have been triggered remotely through Remote Desktop Services.
Here are a few things you can do to investigate this issue:
Check the Event Viewer: Look for any related events that occurred around the same time as the restart. This might give you more information about what was happening on the system when the restart was initiated.
Check for Updates: The restart could be related to a Windows Update. Check your Windows Update history to see if any updates were installed around the time of the restart.
[fade-ab9e-ae6-36d6] (microsoft.com)
Check Active Sessions: If the restart was initiated through Remote Desktop Services, check the active sessions on the server. You can do this by running the qwinsta command from the command prompt.
Check Running Services: The svchost.exe process is used by many different services. If the PID of the process is logged, you can look it up in Task Manager, right-click, go to services, and see which service was running under that process.
[Help needed:] svchost.exe has initiated the restart of computer | My Digital Life Forums
Best Regards,
Wesley Li