Message

Hypervisor successfully started.

Message

Hypervisor scheduler type is %1.

Fields

Message

Hypervisor Eventlog for global system events could not be created!

Message

Hypervisor launch has been disabled through the hypervisorlaunchtype bcdedit setting.

Message

Hypervisor Eventlog creation failed!

Fields

Message

Hypervisor Eventlog deletion failed!

Fields

Message

Host processor features mask: %1

Host xsave features mask: %2

Host cache line flush size: %3 bytes

Fields

Message

Hypervisor fails to start ETW tracing session.

Message

Hypervisor Eventlog flush failed!

Fields

Message

Hypervisor launch failed; sleep and hibernate could not be disabled (status %1).

Fields

Message

Hypervisor launch failed; the hypervisor boot loader's internal logic failed (BalStatus %1, sub-status %2).

Fields

Message

Hypervisor launch failed; the hypervisor boot loader was unable to allocate sufficient resources to perform the launch.

Message

Hypervisor launch failed; the hypervisor boot loader does not support the vendor of at least one of the processors in the system.

Message

Hypervisor launch failed; at least one of the processors in the system does not appear to support the features required by the hypervisor.  (leaf: {Leaf}; required features: {FeaturesRequired}; features available: {FeaturesPresent})

Fields

Message

Hyper-V launch failed; the system does not appear to have a sufficient level of ACPI support to launch the hypervisor.

Message

Hypervisor launch failed; at least one of the processors in the system does not appear to provide a virtualization platform supported by the hypervisor.

Message

Hyper-V launch failed; the image {ImageName} could not be accessed (status {Status}).

Fields

Message

Hyper-V launch failed; the image %1 could not be loaded (status %2).

Fields

Message

Hyper-V launch failed; the image {ImageName} could not be read (status {Status}).

Fields

Message

Hypervisor launch failed; the image %1 failed code integrity checks, and cannot be used.

Fields

Message

Hypervisor launch failed; the image %1 does not contain the image description datastructures, and cannot be used.

Fields

Message

Hyper-V launch failed; at least one of the processors in the system was unable to launch the hypervisor (status %1).

Fields

Message

Hypervisor Load Options - %1.

Fields

Message

Hypervisor launch failed; the hypervisor image is revision %1, but the currently installed virtualization software only supports launching revision %2 hypervisor images.

Fields

Message

Hypervisor launch failed; Either VMX not present or not enabled in BIOS.

Example Event

system:
  provider: Microsoft-Windows-Hyper-V-Hypervisor
  guid: 52FC89F8-995E-434C-A91E-199986449890
  event_source_name: ''
  event_id: 41
  version: 0
  level: 2
  task: 0
  opcode: 0
  keywords: 9223442405598953472
  time_created: '2023-11-06T06:24:56.254005+00:00'
  event_record_id: 1627
  correlation:
    ActivityID: A94F03D9-96B8-C53E-D5D7-00FBA9067B3F
  execution:
    process_id: 4
    thread_id: 8
  channel: System
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-18
event_data: {}
message: ''

References

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Message

Hypervisor launch failed; Either SVM not present or not enabled in BIOS.

Message

Hypervisor launch failed; EL2 not present.

Message

Hypervisor launch failed; Either No Execute feature (NX) not present or not enabled in BIOS.

Message

Hypervisor launch failed; Processor does not support the minimum features required to run the hypervisor (MSR index %1, allowed bits %2, required bits %3).

Fields

Message

Hypervisor launch failed; Processor does not provide the features necessary to run the hypervisor (BalStatus {BalStatus}; leaf1 EAX {Leaf1Eax}; VMCR MS EAX {VmCrMsrValue}; SVM CPUID features {SvmFeatureEax}; has working SMM {HasWorkingSmm}).

Fields

Message

Hypervisor launch failed; Processor does not provide the features necessary to run the hypervisor (leaf %1, register %2: features needed %3, features supported %4).

Fields

Message

Hypervisor launch failed; Hypervisor image does not match the platform being run on.

Message

Hypervisor launch failed; Required firmware table not found.

Message

Hypervisor launch failed; Encountered invalid firmware information.

Message

Hypervisor launch failed; Second Level Address Translation is required to launch the hypervisor.

Message

Hypervisor launch failed; Secure Mode Extensions have been enabled by the BIOS. Please disable Secure Mode Extensions in the BIOS to launch Hyper-V.

Message

Hypervisor launch failed; Minimum CPUID leaves required by the hypervisor are not supported on the system.

Message

Hypervisor launch failed; The physical address limit supported has been exceeded.

Message

Hypervisor launch failed; The hypervisor was unable to initialize successfully (phase %1), and was not started.  This initialization failure may be the result of a platform configuration or firmware issue.  Contact your system vendor for more information or updated firmware.

Fields

Message

Hypervisor launch failed; Too many runtime services memory ranges described by firmware.

Message

Hypervisor launch failed; Memory ranges validation failure (BalStatus: %1, BalInternalError: %2, Line: %3, MemoryRangesCount: %4).

Fields

Message

Hypervisor launch failed; The operating systems boot loader failed with error %1.

Fields

Message

Hypervisor launch failed; The operating system boot loader was unable to locate a required resource.

Message

Hypervisor launch failed; The operating system boot loader detected a persistent memory failure.

Message

Hypervisor launch failed; The operating system boot loader was unable to allocate sufficient memory to complete the operation.

Message

Hypervisor launch failed; The operating system boot loader was unable to allocate sufficient resources to complete the operation.

Message

Hypervisor launch failed; The operating system boot loader detected a memory map conflict.

Message

Hypervisor launch failed; the version of the microcode update dll does not match the current operating system.

Fields

Message

Hypervisor processor startup failed (APIC ID %1, status %2). Further processors in the system were not started.

Fields

Message

Hypervisor processor startup failed (APIC ID %1) due to CPUID feature validation error. Further processors in the system were not started. Leaf %2, register %3 feature mismatch: BSP has features %5; AP has features %4

Fields

Message

Hypervisor initialized I/O remapping.

Hardware present: %1
Hardware enabled: %2
Policy: %3
Enabled features: %4
Internal information: %5
Problems: %6
Additional information: %7

Fields

Message

Hypervisor I/O remapping is forcibly enabled by policy (the hypervisoriommupolicy BCD option is set to enable). If the system exhibits instability or reduced performance, consider restoring the default policy.

Message

There is an I/O remapping problem with the sytem BIOS.

Problems: %1

Fields

Message

A device is operating with reduced performance because of a problem with the system BIOS.



The device is not reported under the scope of a unique I/O remapping unit.



Device ID: %1

Partition ID: %2

Fields

Message

A device will not work correctly because of a problem with the system BIOS.



The Requester IDs reported for the device overlap with those reported for another device.



Device ID: %1

Partition ID: %2

Fields

Message

A device will not work correctly because the hypervisor does not have enough resources.



Device ID: %1

Partition ID: %2

Fields

Message

A device will not work correctly because of a problem with the system BIOS.



An IOAPIC is not correctly reported.



IOAPIC ID: %1

Fields

Message

A device could not be used by a child partition because of a limitation of the system hardware and BIOS.



The I/O remapping unit that controls the device does not have sufficient capabilities.



Device ID: %1

I/O remapping unit base address: %2

Partition ID: %3

Fields

Message

A device could not be used by a child partition because of a limitation of the system hardware and BIOS.



The device cannot be securely used by a child partition.



Device ID: %1

Partition ID: %2

Fields

Message

The image {ImageName} could not be accessed (status {Status}).

Fields

Message

The image {ImageName} could not be loaded (status {Status}).

Fields

Message

The image %1 could not be read (status %2).

Fields

Message

The image %1 failed code integrity checks, and cannot be used.

Fields

Message

Hypervisor failed to properly synchronize TSC across logical processors (Max delta: %1, Min delta: %2).

Fields

Message

Host processor features mask: %1

Host xsave features mask: %2

Host cache line flush size: %3 bytes

Fields

Message

Hypervisor configured mitigations for CVE-2018-3646 for virtual machines.

Processor not affected: %1
Processor family not affected: %2
Processor supports cache flush: %3
HyperThreading enabled: %4
Parent hypervisor applies mitigations: %5
Mitigations disabled by bcdedit: %6
Mitigations enabled: %7
Cache flush needed: %8

Fields

Fields

Example Event

system:
  provider: Microsoft-Windows-Hyper-V-Hypervisor
  guid: 52FC89F8-995E-434C-A91E-199986449890
  event_source_name: ''
  event_id: 156
  version: 1
  level: 4
  task: 0
  opcode: 0
  keywords: 4611686018427387904
  time_created: '2023-11-06T06:24:56.253950+00:00'
  event_record_id: 6
  correlation:
    ActivityID: A94F03D9-96B8-C53E-D5D7-00FBA9067B3F
  execution:
    process_id: 4
    thread_id: 8
  channel: Microsoft-Windows-Hyper-V-Hypervisor-Admin
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-18
event_data:
  InitialAllocationNumaPolicy: 0
message: ''

References

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Message

The hypervisor did not enable mitigations for side channel vulnerabilities for virtual machines because HyperThreading is enabled and the hypervisor core scheduler is not enabled. To enable mitigations for virtual machines, enable the core scheduler by running "bcdedit /set hypervisorschedulertype core" from an elevated command prompt and reboot.

Message

The queried interface version %1 is not supported (Min : %2, Max : %3).

Fields

Message

The queried interface is incomplete.

Message

Partition persistence services will be unavailable.

Message

The configured Minroot settings are not compatible with the hypervisor core scheduler and have been overriden. This may expose a different number of logical processors to the root partition.

Message

Failed to unregister the remote hypercall interface (status %1).

Fields

Message

The hypervisor encountered an internal error: nested NMI (processor %1).

Fields

Message

The hypervisor encountered an internal error: IPI timeout (processor %1).

Fields

Message

Hypervisor configured mitigations for CVE-2019-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130 for virtual machines.

Processor not affected: %1
Processor family not affected: %2
Processor supports microarchitectural buffer flush: %3
Buffer flush needed: %4

Fields

Message

Hypervisor Load Options are conflicting - %1, %2.

Fields

Message

The hypervisor did not enable mitigations for side channel vulnerabilities for virtual machines because HyperThreading is enabled. To enable mitigations for virtual machines, disable HyperThreading.

Message

AMD PSP PCI device discovered. Segment: %1, bus: %2, device: %3, function: %4.

Fields

Message

Secure firmware update status: %1.

Fields

Message

Secure firmware image invalid.

Message

Secure firmware version: %1.

Fields

Message

Features are enabled that require all processors be started. %1 of %2 processors currently running.

Fields

Message

On the prior boot session, the root partition did not respond to the synthetic watchdog in time, triggering a hardware watchdog reboot.

Message

Hyper-V failed creating a new partition (status %1)!

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Message

Hyper-V detected access to a restricted MSR (Msr: %1, IsWrite: %2, MsrValue: %3, AccessStatus: %4, Pc: %5, ImageBase: %6, ImageChecksum: %7, ImageTimestamp: %8, ImageName: %9).

Fields

Message

Hyper-V successfully created a new partition (partition %1).

Fields

Message

Hyper-V successfully deleted a partition (partition %1).

Fields