Hyper-V logs a lot of useful information if you need to diagnose a problem, so I thought I would put together a little post explaining where you should be looking. The first thing to know is that all Hyper-V event logs are stored in the Event Viewer under “Applications and Services Logs”, “Microsoft”, “Windows”:
There are then 10 categories for you to look at:
This section is for anything that relates to virtual machine configuration files. If you have a missing or corrupt virtual machine configuration file – there will be entries here that tell you all about it.
This section tells you about actions and changes that happen because of Hyper-V clustering.
This section is used for hypervisor specific events. You will usually only need to look here if the hypervisor fails to start – then you can get detailed information here.
This section is used by the image management service to log information about virtual hard disk operations – like creating, converting and editing virtual hard disks. If you have problems creating or editing a virtual hard disk – look here.
This section is used to log events that relate specifically to integration services.
This section is used for events relating to virtual networks. You will see information about the creation and configuration of virtual networks here (as opposed to virtual network adapters).
This is the section where information about virtual network adapters. You will see entries in here each time a virtual machine with virtual network adapters powers up. You will also see entries here if a virtual machine fails to power on because of a configuration issue with its network adapters.
This section is to do with virtual hard disks that are associated with running virtual machines (it is the storage equivalent of the SynthNic section).
This section is where the virtual machine management services files its events.
This section is used by the worker process that is used for the actual running of the virtual machine.
Now – two pointers to keep in mind while looking at the Hyper-V event logs:
If you do not know where to start, start with Hyper-V-VMMS. As the central management service it usually has something to say about everything.
Learn to follow the trail of event logs. If a virtual machine fails to start because of a storage issue there will usually be events logged in the VMMS, Worker and SynthStor sections – and reading all of the events can usually provide better insight into the problem than just reading some of them.