A couple of days ago one of our web-servers went down in the small hours. It wasn't responding to any remote requests (to be honest I don't know if it would have responded if a USB keyboard and monitor were plugged into it) and an engineer at the data-center rebooted the server for us.
Everything came back up ok, and I then checked the event logs to see if there were any clues as to what went wrong. All I can really see is the event "the previous shutdown at 1AM was unexpected" (which is the time the server went down, not the time the engineer hit the power button).
The server has IIS - but obviously the website logs just shows the file requests leading up to the crash (or freeze) and there's no increase in the volume of traffic prior to the crash. SQL Server is also installed, but the logs just report that a dozen or so transactions were rolled forward when the server came back up.
Is there anything else I can look at to find a possible cause for the crash?
If you have the option enabled to create a crash dump file then this is another possibility, although it takes advanced analysis skills and/or a support case with Microsoft to get useful information out of it. Usually the dump file will be saved to %SystemRoot%\MEMORY.DMP.
If it was a "Blue Screen of Death" that caused the failure, and the server is configured to save a crash dump (which is the default), you can debug the output. The best how-to resource I've found for that is "How to solve Windows system crashes in minutes".
Otherwise, if there are system monitoring tools provided by the manufacturer such as HP OpenView or Dell OpenManage, then you should look in there for evidence of hardware failures.
Lastly, if the server is on a UPS you'll want to look there for power-related failures.
Sounds like the box was hung. Since the onsite support just bounced the box it's possible but unlikely that you will get anything from the logs.
You need to enable CrashOnCtrlScroll support (http://support.microsoft.com/kb/244139), reboot the box, and then next time it hangs have someone hold down the RIGHT Ctrl key and press Scroll Lock twice. This will bugcheck (blue screen) the box, writing the current state out and then reboot it.
You'll also want to make sure the system si configured for Kernel or Complete memory dump.
Thanks, Brian Desmond Active Directory MVP