I had an RD session host blue screen and reboot itself yesterday. It’s running Windows Server 2016, and does not have a history of this behavior. It is a virtual machine running on a Hyper-V host. It is part of a RD farm, and none of the other farm members exhibited this behavior. This was not immediately after a Windows Update cycle. This VM is running Huntress Labs and I can tell from event viewer that Huntress updated itself about 3-4 minutes before the crash, but all of our endpoints are running Huntress and there were no other similar issues. I opened a case with Huntress as a precaution, but they don’t see a pattern or relationship and neither do I.
There were about 15-20 users logged in at the time of the crash.
How would you investigate this BSOD beyond digging through event viewer?