OSMC is randomly turning my windows file server on with WOL

I am noticing that at least once a day (I only notice it sometimes), OSMC on my RPi2 (which I never turn off) is waking my windows file server. I use SMB, but apart from enabling that and WOL for file shares, everything about my OSMC install is standard. When I notice my server randomly waking, powercfg -lastwake shows it was woken by the LAN, and when checking Shared Folders>Open Files, “PIPE/lsarpc” is showing as open by OSMC. I’m not finding anything when googling for this, e.g. searching ‘lsarpc osmc’ or ‘kodi’ doesn’t show anyone else complaining about similar.

I consider myself a windows power user, but I’m not familiar with linux systems… What’s happening here, and how can I stop this from waking my server?

We have had users complaining about this before so suggest reading this as long as you have files that Kodi wants its gonna keep checking for those files when the scanner is triggered for scraping.

Thanks for the reply, but I’m not using MySQL for anything… At least, not that I’m aware of… Is there a default program pre-installed on OSMC that uses it that I’m not aware of?..

I know it’s been a while since I last posted here, but it’s a low priority issue, and I’m updating just for if anyone else has the same issue, so here is an update:

For starters, here’s a screenshot showing the file session when it’s active (it only appears here for about 60 seconds)

And event viewer reports this for the wake event:

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          25/01/2016 10:20:09
Event ID:      4624
Task Category: Logon
Level:         Information
Keywords:      Audit Success
User:          N/A
Computer:      J1800
An account was successfully logged on.

	Security ID:		NULL SID
	Account Name:		-
	Account Domain:		-
	Logon ID:		0x0

Logon Information:
	Logon Type:		3
	Restricted Admin Mode:	-
	Virtual Account:		No
	Elevated Token:		No

Impersonation Level:		Impersonation

New Logon:
	Security ID:		J1800\readonly
	Account Name:		readonly
	Account Domain:		J1800
	Logon ID:		0x72D2F1
	Linked Logon ID:		0x0
	Network Account Name:	-
	Network Account Domain:	-
	Logon GUID:		{00000000-0000-0000-0000-000000000000}

Process Information:
	Process ID:		0x0
	Process Name:		-

Network Information:
	Workstation Name:	OSMC
	Source Network Address:
	Source Port:		50828

Detailed Authentication Information:
	Logon Process:		NtLmSsp 
	Authentication Package:	NTLM
	Transited Services:	-
	Package Name (NTLM only):	NTLM V2
	Key Length:		128

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
	- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
	- Transited services indicate which intermediate services have participated in this logon request.
	- Package name indicates which sub-protocol was used among the NTLM protocols.
	- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
    <TimeCreated SystemTime="2016-01-25T10:20:09.186386600Z" />
    <Correlation ActivityID="{2A2962EE-5337-0001-1063-292A3753D101}" />
    <Execution ProcessID="604" ThreadID="640" />
    <Security />
    <Data Name="SubjectUserSid">S-1-0-0</Data>
    <Data Name="SubjectUserName">-</Data>
    <Data Name="SubjectDomainName">-</Data>
    <Data Name="SubjectLogonId">0x0</Data>
    <Data Name="TargetUserSid">S-1-5-21-1509****96-33****9736-3*******36-1002</Data>
    <Data Name="TargetUserName">readonly</Data>
    <Data Name="TargetDomainName">J1800</Data>
    <Data Name="TargetLogonId">0x72d2f1</Data>
    <Data Name="LogonType">3</Data>
    <Data Name="LogonProcessName">NtLmSsp </Data>
    <Data Name="AuthenticationPackageName">NTLM</Data>
    <Data Name="WorkstationName">OSMC</Data>
    <Data Name="LogonGuid">{00000000-0000-0000-0000-000000000000}</Data>
    <Data Name="TransmittedServices">-</Data>
    <Data Name="LmPackageName">NTLM V2</Data>
    <Data Name="KeyLength">128</Data>
    <Data Name="ProcessId">0x0</Data>
    <Data Name="ProcessName">-</Data>
    <Data Name="IpAddress"></Data>
    <Data Name="IpPort">50828</Data>
    <Data Name="ImpersonationLevel">%%1833</Data>
    <Data Name="RestrictedAdminMode">-</Data>
    <Data Name="TargetOutboundUserName">-</Data>
    <Data Name="TargetOutboundDomainName">-</Data>
    <Data Name="VirtualAccount">%%1843</Data>
    <Data Name="TargetLinkedLogonId">0x0</Data>
    <Data Name="ElevatedToken">%%1843</Data>

Does anyone have an idea of what is causing this wake event?

It’s probably the skin widget that scans for recently added content.

I actually don’t use the library, and don’t have any folders/shares set up for scanning any content… I just use the file-list view for my SMB shares. - I’m just posting a quick update as I noticed my server waking again (the same as above) while I’m having lunch.