20,212 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Some updates deemed critical may not always honor those settings.
--please don't forget to close up the thread here by marking answer if the reply is helpful--
Server rebooted unknowingly
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 7.000000000000001%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAP%3C/text%3E%3C/svg%3E)
Apurva Pathak
735
Reputation points
Hi folks,
One of my Windows Server 2019 got automatically rebooted with below pasted message in Event ID 1074. On same date a KB was installed on my server, so it seems that this reboot is triggered by that update installation.
However, we have configured GPOs to stop servers from being rebooted automatically (pasting a snip below).
Could you please help me understand, how this reboot could have been triggered, and where can I get relevant information on this.
Event details:
The process C:\Windows\servicing\TrustedInstaller.exe has initiated the restart of computer on behalf of user NT AUTHORITY\SYSTEM for the following reason: Operating System: Upgrade (Planned)
Reason Code: 0x80020003
Shutdown Type: restart
Comment:
GPO applied:
Any help would be appreciated, thanks in advance!
Windows for business | Windows Server | User experience | Other
2 answers
Sort by: Most helpful
-
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 68%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELT%3C/text%3E%3C/svg%3E)
Limitless Technology 44,751 Reputation points2023-09-21T13:50:43.0633333+00:00 Hello Apurva Pathak,
You are right, the code "0x80020003" refers to a reboot triggered by an installation, most likely a KB update. Bear in mind that the GPO setting you mentioned applies only when a User Account is logged in the system. System or Service accounts will not apply and updates will carry on.
You can verify this by checking the update history of the server or running Get-HotFix cmdlet to view the installed updates and which one could have caused the reboot.
Additionally, I would recommend:
- Check Event Logs (Application and System) related to time of the reboot, as this can provide you more information about conditions met in the system.
- Check if the GPO is applied correctly in the system. You can use GPRESULT /H to generate a HTML output of the policies and their status.
- Verify if the update was pushed though a Deployment tool, such as SCCM, in which the administrator can request a forceful reboot.
--If the reply is helpful, please Upvote and Accept as answer--