The time may come when you face a Hyper-V issue that needs to be repaired. You will have to be prepared on how to troubleshoot any issue on Hyper-V when that happens, and the best way to start is using Event Viewer in Windows.
Almost all events on Hyper-V are logged in Event Viewer, however they are divided between different event logs. You need to be able to know how to obtain more details about an error and where to look in case of a Hyper-V problem.
This recipe will show how you can find the Hyper-V Event Viewer entries and what information each of them has.
Make sure you are using an administrative user account to view the Event Viewer details. You can use the dedicated local group named Event Log Readers to add users who need permissions only to see event logs.
How to do it…
The following steps will show how to locate the Hyper-V event logs, how to check all the events in just one view, and how to see the event cluster entries through Failover Cluster Manager:
- To see the specific Hyper-V event logs, launch the Start menu and type
eventvwr. From the search results, open Event Viewer.
- In the Event Viewer console, expand Application and Service Logs | Microsoft | Windows.
- Scroll down till you find the Hyper-V log folders, as shown in the following screenshot:
- To use the default Event Viewer filter that shows all Hyper-V logs in a single view, in the Event Viewer console, click on Custom Views, expand Server Roles and click on Hyper-V, as show in the following screenshot:
- To check the cluster events, type
cluadmin.mscin one of the nodes and open the Failover Cluster Manager console.
- In the Failover Cluster Manager console, click on Cluster Events, as shown in the following screenshot:
How it works…
When Hyper-V is installed on a host computer, event logs are created during the installation to show all the details about the different Hyper-V configurations. The Hyper-V-High-Availability log is also created when the Hyper-V host is member of a cluster.
The logs show admin, operational, networking, and storage details. The following list shows the description of the log entries:
- Hyper-V-Config: Contains all the information related to the virtual machine configuration files
- Hyper-V-High-Availability: Available in Hyper-V Cluster nodes and shows the Hyper-V entries regarding Failover Clustering
- Hyper-V-Hypervisor: Used to log information about hypervisor activities
- Hyper-V-Integration: Shows events about integration services
- Hyper-V-SynthFC: Related to Virtual Fibre Channel details
- Hyper-V-SynthNic: Information about virtual switches
- Hyper-V-SynthStor: Details about virtual hard disks
- Hyper-V-VID: Shows logs about the virtual interface driver
- Hyper-V-VMMS: Dedicated to logs containing information about the Virtual Machine Management service
There is a custom view that could be handy if you want to see all Hyper-V events in just one single view. It can be used to export and save all Event Viewer logs or as a filter to easily find a specific event.
The event entries have different levels, such as information, warnings, and errors. Every entry has details such as ID, time, source, user and computer, which can be used in filters or to get more online information.
Event Viewer should also be used as part of prevention or security health checks to analyze any problem that may occur with no apparent symptom. An administrator must monitor event viewer data constantly to make sure the server and Hyper-V are not expecting any issues.