Skip to main content

Hyper-V Event Logs Explained

Hyper-V Event Logs Explained

Hyper-V-Config

This log contains entries that pertain to the configuration files that describe individual virtual machines. These are the XML files whose names are globally unique identifiers. They can be found under C:\ProgramData\Microsoft\Windows\Hyper-V\Virtual Machines or under VM-specific folders on a Cluster Shared Volume. The most common error is 4096, which indicates that Hyper-V is unable to locate an expected configuration file. It isn’t entirely unusual to encounter this error in normal operations, as utilities and operations may move the XML files in a fashion that isn’t entirely in sync with the Hyper-V services. It normally doesn’t require attention unless it is a persistent error.

Hyper-V-High-Availability

This section contains events related to the interaction of Failover Clustering with Hyper-V.  Most of the events here will be informational recording of actions that the Cluster service took on individual VMs. Errors should be very rare and are generally related to the same sort of synchronization issues that cause the Hyper-V-Config 4096 errors.

Hyper-V-Hypervisor

As the name implies, these events are related to the hypervisor itself. Most of the events will be related to the creation and destruction of partitions, which are the temporary container that hold running virtual machines. If there is any sort of problem with Hyper-V itself, especially issues that prevent the service from starting, this is where you’ll find out about it.

Hyper-V-Image-Management-Service

The related service is devoted to the handling of VHD files. If any operation involving a virtual hard drive fails, details are logged here.

Hyper-V-Integration

This log tracks events associated with the Integration Services that are installed into virtual machines. Most of the problems reported here can be corrected by re-installing or upgrading the Integration Services components.

Hyper-V-Network

The virtual switch(es) in your deployment will record events here. The first events will be the creation of the virtual networks themselves, as well as pairing of external networks to physical network cards. When a virtual network adapter is created or destroyed in a virtual machine, a matching virtual port is created on the virtual switch; the creation/destruction of those ports will be registered here.

Hyper-V-SynthNic

The synthetic network cards in virtual machines will log an event when they start (12582). Look here for clues as to why a network card won’t function, such as MAC collisions.

Hyper-V-SynthStor

Virtual storage controller drivers use this log for their events. The most common event is logged by virtual SCSI controllers as they start. The virtual IDE driver is emulated and not synthetic, so it initializes before the VM loads and will not log a matching event. If a drive cannot be attached to the virtual controller port as expected, it will be logged here.

Hyper-V-VMMs

The Virtual Machine Management Service generates these events. Problems with import and export actions will be logged here, as will AVHD merge operations. Host shutdown events will also be tracked in this log. It will also report when it cannot locate the files for a VM. As in other logs, these are likely to be cleaned up once a VM is completely removed.

Hyper-V-Worker

Hyper-V’s worker threads log these events. Normally, this is the busiest of all the logs, but most of them are trivial. If you’re curious how long that last Live Migration took, this is where you’ll find it. Emulated network and storage drivers (as opposed to the synthetic drivers) will create events here.

Comments

Post a Comment

Popular posts from this blog

Quick Guide to VCF Automation for VCD Administrators

  Quick Guide to VCF Automation for VCD Administrators VMware Cloud Foundation 9 (VCF 9) has been  released  and with it comes brand new Cloud Management Platform –  VCF Automation (VCFA)  which supercedes both Aria Automation and VMware Cloud Director (VCD). This blog post is intended for those people that know VCD quite well and want to understand how is VCFA similar or different to help them quickly orient in the new direction. It should be emphasized that VCFA is a new solution and not just rebranding of an old one. However it reuses a lot of components from its predecessors. The provider part of VCFA called Tenenat Manager is based on VCD code and the UI and APIs will be familiar to VCD admins, while the tenant part inherist a lot from Aria Automation and especially for VCD end-users will look brand new. Deployment and Architecture VCFA is generaly deployed from VCF Operations Fleet Management (former Aria Suite LCM embeded in VCF Ops. Fleet Management...
Post a Comment
Read more
  Issue with Aria Automation Custom form Multi Value Picker and Data Grid https://knowledge.broadcom.com/external/article?articleNumber=345960 Products VMware Aria Suite Issue/Introduction Symptoms: Getting  error " Expected Type String but was Object ", w hen trying to use Complex Types in MultiValue Picker on the Aria for Automation Custom Form. Environment VMware vRealize Automation 8.x Cause This issue has been identified where the problem appears when a single column Multi Value Picker or Data Grid is used. Resolution This is a known issue. There is a workaround.  Workaround: As a workaround, try adding one empty column in the Multivalue picker without filling the options. So we can add one more column without filling the value which will be hidden(there is a button in the designer page that will hide the column). This way the end user will receive the same view.  
Post a Comment
Read more

Step-by-Step Explanation of Ballooning, Compression & Swapping in VMware

 ðŸ”¹ Step-by-Step Explanation of Ballooning, Compression & Swapping in VMware ⸻ 1️⃣ Memory Ballooning (vmmemctl) Ballooning is the first memory reclamation technique used when ESXi detects memory pressure. ➤ Step-by-Step: How Ballooning Works  1. VMware Tools installs the balloon driver (vmmemctl) inside the guest OS.  2. ESXi detects low free memory on the host.  3. ESXi inflates the balloon in selected VMs.  4. Balloon driver occupies guest memory, making the OS think RAM is full.  5. Guest OS frees idle / unused pages (because it believes memory is needed).  6. ESXi reclaims those freed pages and makes them available to other VMs. Why Ballooning Happens?  • Host free memory is very low.  • ESXi wants the VM to release unused pages before resorting to swapping. Example  • Host memory: 64 GB  • VMs used: 62 GB  • Free: 2 GB → ESXi triggers ballooning  • VM1 (8 GB RAM): Balloon inflates to 2 GB → OS frees 2 GB → ESXi re...
Post a Comment
Read more