Fix for Windows 7 "random wake from sleep" problem

For the last few months I’ve had Windows 7 RC installed on two home computers, and both of them have exhibited a strange problem: They would randomly wake from sleep .

The computers would often wake up just seconds after being shut down. At other times they would wake up in the middle of the night. To make matters worse one PC, which had recently had its graphics card upgraded, would go into an endless loop of restarting without ever getting to the Windows login screen. I suspected a power problem relating to the new card.

I spent quite some time investigating these wake problems (which I believed were unrelated) but could not diagnose the issue. Eventually I gave up and had to disable sleep on both machines (which pained me greatly!).

Last week I had a second wind and was determined to resolve this problem once and for all. I figured there must be a tool that could tell me what caused the wake up events, and after some research I discovered the Vista/Windows 7 powercfg tool.

To use this tool you simply type powercfg –lastwake at the command prompt

powercfg

In the above screenshot you can see the computer was woken by something on the USB hub (my mouse in this case). But much to my annoyance, when I ran this tool after a phantom wake it reported the type was “Unknown”!

Because I had a suspicion this could be a wake-on-lan (WOL) behaviour I used the WireShark network analysis tool to monitor network traffic for WOL packets. Perhaps a third computer had been infected with malware and was trying to wake other computers to have its wicked way? Unfortunately nothing showed up on the wire.

No further progress was made until I randomly stumbled across a forum posting about a network adaptor setting called “Wake on pattern match“. I checked both my PCs and this setting was enabled. It appears this obscure setting is enabled by default in Windows 7 for Realtek RTL8168B/8111B and RTL8168C(P)/8111C(P) Family Gigabit Ethernet NICs.

What does “Wake on pattern match” actually do?

Most people are familiar with Wake-on-LAN which uses a “magic packet” (hard-coded) to trigger a wake event. Well it seems that feature has been superseded by the more flexible “Wake on pattern match” capability. According to this Microsoft Article on Power Management for Network Devices:

The packet patterns that define the wake-up frames [for "wake on pattern match"] are provided to the NDIS 5.0 miniport driver by the operating system. At runtime, the protocol sets the wake-up policy using OIDs. These are, for example, Enable WakeupSet Packet PatternRemove Packet Pattern. Currently, the Microsoft TCP/IP is the only Microsoft protocol stack that supports network power management. It will register the following packet patterns at miniport initialization:

  • Directed Layer Two packet
  • Address resolution protocol (ARP) broadcast for station IP address (frames with DIX header)
  • NetBIOS over TCP/IP broadcast for station’s assigned computername (frames with DIX header)

I am no networking expert but the last two sound like they could be pretty common activities on your typical home network. If so it’s no wonder my computers were exhibiting such crazy wakeup symptoms. (Either that or I have got a renegade PC on my networking sending out these packets).

The solution? Simply disable the “Wake on pattern match” setting under the network adaptors advanced properties tab, as shown below:

realtek_wake_on_pattern_match

My biggest mistake? I could have short circuited the resolution of this problem by testing my computers without the Ethernet cable plugged in right at the start. The reason I didn’t was I couldn’t understand how a WOL packet could possibly be being sent so I ignored the possibility.

Now I know about “Wake on pattern match”, next time I will be prepared.

128 thoughts on “Fix for Windows 7 "random wake from sleep" problem

  1. Martin

    Thanks very much, this solved the problem. I just don’t understand what why is this feature enabled by default and what is going on if i disabled this obscured feature

  2. Jeremy DeWitte

    YES YES YES WOL or even WOM both of these were enabled on my PC and I have always experienced the wake up right after my PC went to sleep and always assumed it was just the mouse. At this time I have disabled both settings and am eagerly hoping to find that my PC wont randomly wake up any longer THANX a million!!

  3. don lynch

    Superb fix Jack,

    my Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20) was the problem – I changed the Wake Up capabilities from whatever they were to NONE and end of problem….

    MANY thanks

    Don

  4. Greg

    Yay! After half a dozen google searches on this problem, I found this site, and it worked! All the others obviously did not.

    Thank you! You would think that Microsoft would have this fix in their updates.

  5. Nima

    Thanks so much dude! You solved my laptop’s problem which has been last for 4 years and I have tried many idiot things to fix it!

  6. richard

    Thank you!

    When you look up the event that spuriously wakes the PC seemingly at random, we get the useless “Wake Source: Unkown”: thanks a bunch Microsoft!

  7. Pingback: How to find out why your PC wakes up, and how to stop it | Ghacks

  8. Colin White

    Dear Jack. After disabling all “wake on” on board my PC via Device Manager, it was easy to find that the packet was coming from Windows Update. I was happy to live with this by disconnecting my modem overnight. Then I read your article and applied your fix. It works! Thanks very much, and a Happy New Year.

  9. Darko

    Man, I was going crazy about this, disable wake up on lan feature in BIOS too, but nothing! Then stumble upon this article, both mentioned settings were “enabled” ! Disabled them and now I’m having high hopes that random wake-up wont happened again!!! If this is the case, If you ever come to Serbia, you have as much beer as you can possibly drink from me!!!

  10. batiri

    Hi and thanks a lot for your great job. I think you found and solved one the biggest and common problem of most Microsoft users which windows experts couldn’t solve it and even find it. Thanks and thanks and thanks

  11. Mike

    What about a fix for those of us who actually use Wake-on-LAN?

    something is causing it to wake up besides the Magic Packets, and disabling is a workaround, not a fix…

    With all automatic update, tasks, etc, disabled, the Ethernet card continues to wake up my PC, anyone out there have any other ideas why?

  12. Parker

    Thank you, this is just what I needed. Although to get to it you actually need to go under “Power Management” and just uncheck the box for the network adapter that is currently connected.

  13. Cue

    Thank you so, so much! It was a constant battle trying to get my PC to sleep. I’ve always hated turning it completely off. You’re a life saver!

  14. Dianne

    I’m about to kill myself over this crap. I did the fix recommended and disabled some wake on something but it wasn’t called wake on pattern match and there was no wake on magic packet but whatever wake up it was, I disabled it. No luck.
    Now I did run the CMD powercfg -lastwake and it said FIXED FEATURE and TIMER EXPIRED (RTC)
    I’m out of ideas, can anyone else talk me though this?
    I’ve done NOTHING different to the computer except to add a power supply. Seems to me though before we installed a new power supply the sleep mode was screwy too. It worked all these years until now. I’m so confused. We got the power supply because the button to turn on pc would not turn it on.

  15. Yochva

    Someone linked this article on Tom’s Hardware, and I’m glad I found it! Every other ‘fix’ sounds really complicated… and I usually find that they don’t help. Thanks!

  16. Jeff

    That’s a good tip, although it didn’t completely solve my random wake issue.

    Through this post, I tried powercfg /waketimers which identifies all the processes/services that are configured to wake the machine. I found two, which dealt with Media Center updates and scheduled maintenance.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>