Scenario: A Exchange 2013 Server rebooted on its own. After reading the memory dump file, you see the information below. We need to determine what caused this and how to prevent a reboot.
ModuleName: wininit.exe
Process_Name: MSexchangeHMWo
Default_Bucket_ID: WIN8_Driver_Fault_Server
Solution: We know that Exchange’s Health Manager rebooted the server for us automatically, but why? First we need to figure out which responder did this. On the server that rebooted, run the following Powershell:
$1 = (Get-WinEvent -LogName Microsoft-Exchange-ManagedAvailability/* | % {[XML]$_.toXml()}).event.userData.eventXml| ?{$_.ActionID -like “*ForceReboot*”}
$1 | Select ActionID,RequesterName
Now that we have the requestername, you can choose to troubleshoot the requester and put in a global monitor override so it does not restart the server anymore. In our scenario, ServiceHealthActiveManagerForceReboot was the responder that rebooted our servers so we applied one of the following Global Monitoring Overrides to prevent the reboot.
Add-GlobalMonitoringOverride -Identity ExchangeServiceHealthActiveManagerForceReboot -ItemType Responder -PropertyName Enabled -PropertyValue 0 -ApplyVersion 15.00.1210.003
OR
Add-GlobalMonitoringOverride -Identity ExchangeServiceHealthActiveManagerForceReboot -ItemType Responder -PropertyName Enabled -PropertyValue 0 -duration 60.00:00:00
Ex-Shell 