The process wininit.exe (127.0.0.1) has initiated the restart of computer

shenglang wei 5 Reputation points
2023-09-06T02:36:18.1333333+00:00

One of my servers automatically restarts every day since activation, and I found that the following event is logged。

The process wininit.exe (127.0.0.1) has initiated the restart of computer ZTZN on behalf of user NT AUTHORITY\SYSTEM for the following reason: Legacy API shutdown

Reason Code: 0x80070000

Shutdown Type: restart

Windows for business | Windows Server | User experience | Other
{count} vote

2 answers

Sort by: Most helpful
  1. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.


    Comments have been turned off. Learn more

  2. shenglang wei 5 Reputation points
    2023-09-15T07:15:34.3166667+00:00

    I have found the problem, wininit.exe is a very important file for Windows, it is a 100% safe file. I found out through the logs that my Windows Server 2016 malware infection was disguised as a genuine wininit .exe, causing the device to keep restarting.

    To determine if wininit.exe is genuine, you must check these features.

    • WinInit .exe Digital Signature – It must come with Microsoft's digital signature and certificate, which you can view from the properties of this exe file

    什么是Wininit.exe进程?为什么它正在运行以及如何修复重启?

    • Where wininit.exe runs – it must run from the location specified above, and you can check it from the task manager that shows the running processes
    • The file size of wininit.exe - it cannot be significantly higher than the specified size (i.e. 409 KB), you can check it from the properties of this exe file If your system is restarting or shutting down the wininit .exe, then you can fix it by following these methods

    To do this, you must increase the MaxTempTableSize value so that the system does not restart or shut down.

    MaxTempTableSize here is basically a value mentioned in Microsoft Active Directory, which mentions how large a temporary database table can be processed at one time.

    Therefore, now we must increase MaxTempTableSize on LDAP to 100000 so that the system can handle the database load. More details are available here: [View and set Lightweight Directory Access Protocol (LDAP) policies with Ntdsutil - Windows ServerMicrosoft](https://(https://learn.microsoft.com/en-US/troubleshoot/windows-server/identity/view-set-ldap-policy-using-ntdsutil)

    Here are the steps to change policy settings:

    1. Open an Ntdsutil.exe command prompt, type LDAP policy, and press the Enter button
    2. Now, enter the following command Set MaxTempTableSize to 100000
    3. Now click the Enter button

    Restart the system when finished.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.