Wednesday, December 11, 2013

Force a Windows Reboot When the OS Says No

I know how to reboot the box from the cli, you say.  I can use shutdown.exe , psshutdown.exe , or the PowerShell cmdlet Restart-Computer with the -Force parameter.

Those methods normally suffice, but there are events when a server won’t cooperate.  Maybe it was a hotfix install, or a pending service shutdown.  Or just a lack of patience.  Forcing a reboot of a machine is akin to yanking the power cord out of the wall and plugging it back it in afterward, pushing the physical reset button on a desktop computer, or holding down the power button for five seconds to power down, then pushing it again to power up.

The aforementioned methods of shutting down a system are very dangerous.  The methods proposed hereafter are also quite unsafe.

The file system might be damaged and unbootable, your company’s data might be lost, unicorns and leprechauns might cry, or some other type of unplanned horribleness could ensue from a less-than-graceful restart.

With all that being said here’s how you bend a machine to your restart will:

Scenario A:  The machine already has a pending reboot or shutdown, but can’t be restarted.

Solution: Kill the winlogon process.  The logon session will end and the machine will restart.

Here’s an example of what that might look like:

image[5]

shutdown.exe /a typically aborts a pending shutdown.  I typed it here knowing it would display the error 1115 message for the screenshot.  I had already tried running shutdown.exe /r without success.

Winlogon can be killed with your tool of choice ( pskill, for example ).  Two PowerShell examples follow:

Get-Process winlogon | Stop-Process -Force

Get-Process | where Name -match winlogon | Stop-Process –Force

Note:  In the absence of a pending reboot, killing the winlogon process can just kill a session/log off users.

 

Scenario B:  The machine does not have a pending reboot or shutdown, but for some reason you want to force a hard reboot immediately in a very ugly way, potentially causing a bluescreen in the process.  I successfully tested the following method against Windows Server 2012, forcing a bluescreen reboot.

Solution: Kill the csrss process.  The machine will then restart.

Get-Process csrss | Stop-Process -Force

image

Note:On Windows 8.1 image killing csrss failed.

When you can, reboot responsibly.  It’s not the law.  It’s just a good idea.


Credit for the winlogon idea in Scenario A goes to oasysadmin.  Killing csrss is an idea I got from Chris B(aka Otis).