Virtual PC Guy's Blog

-- Ben Armstrong, Virtualization Program Manager

Talking about core virtualization at Microsoft (Hyper-V, Virtual PC and Virtual Server).

Search
  • Advanced search options...
Recent Twitters
Tags
Common Tasks
Hyper-V Links
MVP Sites
SCVMM Links
Virtual PC / Virtual Server Links

Looking at the Hyper-V Event Log

MSDN Blogs > Virtual PC Guy's Blog > Looking at the Hyper-V Event Log

Looking at the Hyper-V Event Log

3 Feb 2009 1:03 AM
  • Comments 1

Hyper-V logs a lot of useful information if you need to diagnose a problem, so I thought I would put together a little post explaining where you should be looking.  The first thing to know is that all Hyper-V event logs are stored in the Event Viewer under "Applications and Services Logs", "Microsoft", "Windows":

 eventlog

There are then 10 categories for you to look at:

  • Hyper-V-Config:
    This section is for anything that relates to virtual machine configuration files.  If you have a missing or corrupt virtual machine configuration file - there will be entries here that tell you all about it.
  • Hyper-V-High-Availability:
    This section tells you about actions and changes that happen because of Hyper-V clustering.
  • Hyper-V-Hypervisor:
    This section is used for hypervisor specific events.  You will usually only need to look here if the hypervisor fails to start - then you can get detailed information here.
  • Hyper-V-Image-Management-Service:
    This section is used by the image management service to log information about virtual hard disk operations - like creating, converting and editing virtual hard disks.  If you have problems creating or editing a virtual hard disk - look here.
  • Hyper-V-Integration:
    This section is used to log events that relate specifically to integration services.
  • Hyper-V-Network:
    This section is used for events relating to virtual networks.  You will see information about the creation and configuration of virtual networks here (as opposed to virtual network adapters).
  • Hyper-V-SynthNic:
    This is the section where information about virtual network adapters.  You will see entries in here each time a virtual machine with virtual network adapters powers up.  You will also see entries here if a virtual machine fails to power on because of a configuration issue with its network adapters.
  • Hyper-V-SynthStor:
    This section is to do with virtual hard disks that are associated with running virtual machines (it is the storage equivalent of the SynthNic section).
  • Hyper-V-VMMS:
    This section is where the virtual machine management services files its events.
  • Hyper-V-Worker:
    This section is used by the worker process that is used for the actual running of the virtual machine.

Now - two pointers to keep in mind while looking at the Hyper-V event logs:

  • If you do not know where to start, start with Hyper-V-VMMS.  As the central management service it usually has something to say about everything.
  • Learn to follow the trail of event logs.  If a virtual machine fails to start because of a storage issue there will usually be events logged in the VMMS, Worker and SynthStor sections - and reading all of the events can usually provide better insight into the problem than just reading some of them.

Cheers,
Ben

Leave a Comment
  • Please add 7 and 6 and type the answer here:
  • Post
Comments
  • Vineela
    27 Feb 2009 7:32 PM

    Hi there,

    I am trying to collect hyper-v events using the folllowing query :

    "select * from Win32_NTLogEvent where LogFile = 'Microsoft-Windows-Hyper-V-VMMS-Admin'"

    But the query always return an empty list, even though there are events for the above log file.(we can see those events in event viewer).

    Is there anything that I am missing ?

    Thanks

Page 1 of 1 (1 items)