Microsoft-Windows-Hyper-V-Hypervisor

118 events across 4 channels

Event ID	Title	Channel
1	Hypervisor successfully started.	System
2	Hypervisor scheduler type is SchedulerType.	System
3	Hypervisor Eventlog for global system events could not be created!	System
5	Hypervisor launch has been disabled through the hypervisorlaunchtype bcdedit …	System
10	Hypervisor Eventlog creation failed!	Microsoft-Windows-Hyper-V-Hypervisor-Operational
11	Hypervisor Eventlog deletion failed!	Microsoft-Windows-Hyper-V-Hypervisor-Operational
12	Host processor features mask: Host_processor_features_mask.	Microsoft-Windows-Hyper-V-Hypervisor-Operational
13	Hypervisor fails to start ETW tracing session.	System
14	Hypervisor Eventlog flush failed!	Microsoft-Windows-Hyper-V-Hypervisor-Operational
20	Hypervisor launch failed; sleep and hibernate could not be disabled (status …	System
26	Hypervisor launch failed; the hypervisor boot loader's internal logic failed …	System
27	Hypervisor launch failed; the hypervisor boot loader was unable to allocate …	System
28	Hypervisor launch failed; the hypervisor boot loader does not support the vendor …	System
29	Hypervisor launch failed; at least one of the processors in the system does not …	System
31	Hyper-V launch failed; the system does not appear to have a sufficient level of …	System
32	Hypervisor launch failed; at least one of the processors in the system does not …	System
33	Hyper-V launch failed; the image {ImageName} could not be accessed (status …	System
34	Hyper-V launch failed; the image ImageName could not be loaded (status Status).	System
35	Hyper-V launch failed; the image {ImageName} could not be read (status …	System
36	Hypervisor launch failed; the image ImageName failed code integrity checks, and …	System
37	Hypervisor launch failed; the image ImageName does not contain the image …	System
38	Hyper-V launch failed; at least one of the processors in the system was unable …	System
39	Hypervisor Load Options - LoadOptions.	Microsoft-Windows-Hyper-V-Hypervisor-Admin
40	Hypervisor launch failed; the hypervisor image is revision HypervisorVersion, …	System
41	Hypervisor launch failed; Either VMX not present or not enabled in BIOS.	System
42	Hypervisor launch failed; Either SVM not present or not enabled in BIOS.	System
43	Hypervisor launch failed; EL2 not present.	System
44	Hypervisor launch failed; Either No Execute feature (NX) not present or not …	System
46	Hypervisor launch failed; Processor does not support the minimum features …	System
47	Hypervisor launch failed; Processor does not provide the features necessary to …	System
48	Hypervisor launch failed; Processor does not provide the features necessary to …	System
54	Hypervisor launch failed; Hypervisor image does not match the platform being run …	System
55	Hypervisor launch failed; Required firmware table not found.	System
56	Hypervisor launch failed; Encountered invalid firmware information.	System
59	Hypervisor launch failed; Second Level Address Translation is required to launch …	System
60	Hypervisor launch failed; Secure Mode Extensions have been enabled by the BIOS.	System
61	Hypervisor launch failed; Minimum CPUID leaves required by the hypervisor are …	System
62	Hypervisor launch failed; The physical address limit supported has been …	System
63	Hypervisor launch failed; The hypervisor was unable to initialize successfully …	System
64	Hypervisor launch failed; Too many runtime services memory ranges described by …	System
65	Hypervisor launch failed; Memory ranges validation failure (BalStatus: …	System
80	Hypervisor launch failed; The operating systems boot loader failed with error …	System
81	Hypervisor launch failed; The operating system boot loader was unable to locate …	System
82	Hypervisor launch failed; The operating system boot loader detected a persistent …	System
83	Hypervisor launch failed; The operating system boot loader was unable to …	System
84	Hypervisor launch failed; The operating system boot loader was unable to …	System
85	Hypervisor launch failed; The operating system boot loader detected a memory map …	System
86	Hypervisor launch failed; the version of the microcode update dll does not match …	System
96	Hypervisor processor startup failed (APIC ID CPU, status ErrorCode).	System
97	Hypervisor processor startup failed (APIC ID CPU) due to CPUID feature …	System
129	Hypervisor initialized I/O remapping.	System
130	Hypervisor I/O remapping is forcibly enabled by policy (the …	System
131	There is an I/O remapping problem with the sytem BIOS.	System
144	A device is operating with reduced performance because of a problem with the …	System
145	A device will not work correctly because of a problem with the system BIOS.	System
146	A device will not work correctly because the hypervisor does not have enough …	System
147	A device will not work correctly because of a problem with the system BIOS.	System
148	A device could not be used by a child partition because of a limitation of the …	System
149	A device could not be used by a child partition because of a limitation of the …	System
150	The image {ImageName} could not be accessed (status {Status}).	System
151	The image {ImageName} could not be loaded (status {Status}).	System
152	The image ImageName could not be read (status Status).	System
153	The image ImageName failed code integrity checks, and cannot be used.	System
154	Hypervisor failed to properly synchronize TSC across logical processors (Max …	System
155	Host processor features mask: BankCount.	Microsoft-Windows-Hyper-V-Hypervisor-Admin
156	Hypervisor initial page allocation NUMA policy: .	Microsoft-Windows-Hyper-V-Hypervisor-Admin
156	Hypervisor configured mitigations for CVE-2018-3646 for virtual machines.	System
157	The hypervisor did not enable mitigations for side channel vulnerabilities for …	System
158	The queried interface version Max is not supported (Min : CurrentVersion, Max : …	System
159	The queried interface is incomplete.	System
160	Partition persistence services will be unavailable.	System
161	The configured Minroot settings are not compatible with the hypervisor core …	System
162	Failed to unregister the remote hypercall interface (status NtStatus).	System
163	The hypervisor encountered an internal error: nested NMI (processor Processor).	Microsoft-Windows-Hyper-V-Hypervisor-Operational
164	The hypervisor encountered an internal error: IPI timeout (processor Processor).	Microsoft-Windows-Hyper-V-Hypervisor-Operational
165	Hypervisor configured mitigations for CVE-2019-11091, CVE-2018-12126, …	System
166	Hypervisor Load Options are conflicting - LoadOptions, LoadFlags.	Microsoft-Windows-Hyper-V-Hypervisor-Admin
167	The hypervisor did not enable mitigations for side channel vulnerabilities for …	System
168	AMD PSP PCI device discovered.	System
169	Secure firmware update status: Secure_firmware_update_status.	System
170	Secure firmware image invalid.	System
171	Secure firmware version: Secure_firmware_version.	System
172	Features are enabled that require all processors be started.	Microsoft-Windows-Hyper-V-Hypervisor-Admin
173	On the prior boot session, the root partition did not respond to the synthetic …	System
8451	Hyper-V failed creating a new partition (status Error)!	Microsoft-Windows-Hyper-V-Hypervisor-Operational
12288		Operational
12289		Operational
12290		Operational
12291		Operational
12292		Operational
12293		Operational
12294		Operational
12295		Operational
12296		Operational
12297		Operational
12298		Operational
12299		Operational
12300		Operational
12301		Operational
12302		Operational
12303		Operational
12304		Operational
12305		Operational
12306		Operational
12307		Operational
12308		Operational
12309		Operational
12310		Operational
12311		Operational
12312		Operational
12313		Operational
12314		Operational
12315		Operational
12316		Operational
12317		Operational
12550	Hyper-V detected access to a restricted MSR.	Microsoft-Windows-Hyper-V-Hypervisor-Operational
16641	Hyper-V successfully created a new partition (partition PartitionId).	Microsoft-Windows-Hyper-V-Hypervisor-Operational
16642	Hyper-V successfully deleted a partition (partition PartitionId).	Microsoft-Windows-Hyper-V-Hypervisor-Operational

Event ID 1 — Hypervisor successfully started.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Level: Informational
Opcode: Info

Description

Hypervisor successfully started.

Message #

Hypervisor successfully started.

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Hyper-V-Hypervisor",
    "guid": "52FC89F8-995E-434C-A91E-199986449890",
    "event_source_name": "",
    "event_id": 1,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 9223442405598953472,
    "time_created": "2026-03-11T06:27:08.616827+00:00",
    "event_record_id": 2708,
    "correlation": {},
    "execution": {
      "process_id": 4,
      "thread_id": 8
    },
    "channel": "System",
    "computer": "LAB-WIN11",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {},
  "message": ""
}

Event ID 2 — Hypervisor scheduler type is SchedulerType.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Level: Informational
Opcode: Info

Description

Hypervisor scheduler type is SchedulerType.

Message #

Hypervisor scheduler type is %1.

Fields #

Name	Description
`SchedulerType` HexInt32	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Hyper-V-Hypervisor",
    "guid": "52FC89F8-995E-434C-A91E-199986449890",
    "event_source_name": "",
    "event_id": 2,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 9223442405598953472,
    "time_created": "2026-03-11T06:27:08.616840+00:00",
    "event_record_id": 2709,
    "correlation": {},
    "execution": {
      "process_id": 4,
      "thread_id": 8
    },
    "channel": "System",
    "computer": "LAB-WIN11",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "SchedulerType": "0x4"
  },
  "message": ""
}

Event ID 3 — Hypervisor Eventlog for global system events could not be created!

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Description

Hypervisor Eventlog for global system events could not be created!

Message #

Hypervisor Eventlog for global system events could not be created!

Event ID 5 — Hypervisor launch has been disabled through the hypervisorlaunchtype bcdedit setting.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Description

Hypervisor launch has been disabled through the hypervisorlaunchtype bcdedit setting.

Message #

Hypervisor launch has been disabled through the hypervisorlaunchtype bcdedit setting.

Event ID 10 — Hypervisor Eventlog creation failed!

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: Microsoft-Windows-Hyper-V-Hypervisor-Operational
Opcode: Info

Description

Hypervisor Eventlog creation failed!

Message #

Hypervisor Eventlog creation failed!

Fields #

Name	Description
`Error` HexInt64	—

Event ID 11 — Hypervisor Eventlog deletion failed!

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: Microsoft-Windows-Hyper-V-Hypervisor-Operational
Opcode: Info

Description

Hypervisor Eventlog deletion failed!

Message #

Hypervisor Eventlog deletion failed!

Fields #

Name	Description
`Error` HexInt64	—

Event ID 12 — Host processor features mask: Host_processor_features_mask.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: Microsoft-Windows-Hyper-V-Hypervisor-Operational
Opcode: Info

Description

Host processor features mask: Host_processor_features_mask.

Message #

Host processor features mask: %1

Host xsave features mask: %2

Host cache line flush size: %3 bytes

Fields #

Name	Description
`Host_processor_features_mask`	—
`Host_xsave_features_mask`	—
`Host_cache_line_flush_size`	—
`BankCount` UInt8	—
`ProcessorFeatures` HexInt64	—
`XsaveFeatures` HexInt64	—
`CLFlushSize` UInt32	—

Event ID 13 — Hypervisor fails to start ETW tracing session.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Description

Hypervisor fails to start ETW tracing session.

Message #

Hypervisor fails to start ETW tracing session.

Event ID 14 — Hypervisor Eventlog flush failed!

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: Microsoft-Windows-Hyper-V-Hypervisor-Operational
Opcode: Info

Description

Hypervisor Eventlog flush failed!

Message #

Hypervisor Eventlog flush failed!

Fields #

Name	Description
`Error` HexInt64	—

Event ID 20 — Hypervisor launch failed; sleep and hibernate could not be disabled (status ErrorCode).

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Description

Hypervisor launch failed; sleep and hibernate could not be disabled (status ErrorCode).

Message #

Hypervisor launch failed; sleep and hibernate could not be disabled (status %1).

Fields #

Name	Description
`ErrorCode` HexInt32	—

Event ID 26 — Hypervisor launch failed; the hypervisor boot loader's internal logic failed (BalStatus BalStatus, sub-status Error).

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Description

Hypervisor launch failed; the hypervisor boot loader's internal logic failed (BalStatus BalStatus, sub-status Error).

Message #

Hypervisor launch failed; the hypervisor boot loader's internal logic failed (BalStatus %1, sub-status %2).

Fields #

Name	Description
`BalStatus` HexInt64	—
`Error` HexInt32	—

Event ID 27 — Hypervisor launch failed; the hypervisor boot loader was unable to allocate sufficient resources to perform the launch.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Description

Hypervisor launch failed; the hypervisor boot loader was unable to allocate sufficient resources to perform the launch.

Message #

Hypervisor launch failed; the hypervisor boot loader was unable to allocate sufficient resources to perform the launch.

Event ID 28 — Hypervisor launch failed; the hypervisor boot loader does not support the vendor of at least one of the processors in the system.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Description

Hypervisor launch failed; the hypervisor boot loader does not support the vendor of at least one of the processors in the system.

Message #

Hypervisor launch failed; the hypervisor boot loader does not support the vendor of at least one of the processors in the system.

Event ID 29 — Hypervisor launch failed; at least one of the processors in the system does not appear to support the features required by the hypervisor.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System

Message #

Hypervisor launch failed; at least one of the processors in the system does not appear to support the features required by the hypervisor.  (leaf: {Leaf}; required features: {FeaturesRequired}; features available: {FeaturesPresent})

Fields #

Name	Description
`Leaf`	—
`FeaturesRequired`	—
`FeaturesPresent`	—

Event ID 31 — Hyper-V launch failed; the system does not appear to have a sufficient level of ACPI support to launch the hypervisor.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Description

Hyper-V launch failed; the system does not appear to have a sufficient level of ACPI support to launch the hypervisor.

Message #

Hyper-V launch failed; the system does not appear to have a sufficient level of ACPI support to launch the hypervisor.

Event ID 32 — Hypervisor launch failed; at least one of the processors in the system does not appear to provide a virtualization platform supported by the hyperv...

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Description

Hypervisor launch failed; at least one of the processors in the system does not appear to provide a virtualization platform supported by the hypervisor.

Message #

Hypervisor launch failed; at least one of the processors in the system does not appear to provide a virtualization platform supported by the hypervisor.

Event ID 33 — Hyper-V launch failed; the image {ImageName} could not be accessed (status {Status}).

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System

Description

Hyper-V launch failed; the image {ImageName} could not be accessed (status {Status}).

Message #

Hyper-V launch failed; the image {ImageName} could not be accessed (status {Status}).

Fields #

Name	Description
`ImageName`	—
`Status`	— NTSTATUS reference

Event ID 34 — Hyper-V launch failed; the image ImageName could not be loaded (status Status).

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Description

Hyper-V launch failed; the image ImageName could not be loaded (status Status).

Message #

Hyper-V launch failed; the image %1 could not be loaded (status %2).

Fields #

Name	Description
`ImageName` UnicodeString	—
`Status` HexInt32	— NTSTATUS reference

Event ID 35 — Hyper-V launch failed; the image {ImageName} could not be read (status {Status}).

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System

Description

Hyper-V launch failed; the image {ImageName} could not be read (status {Status}).

Message #

Hyper-V launch failed; the image {ImageName} could not be read (status {Status}).

Fields #

Name	Description
`ImageName`	—
`Status`	— NTSTATUS reference

Event ID 36 — Hypervisor launch failed; the image ImageName failed code integrity checks, and cannot be used.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Description

Hypervisor launch failed; the image ImageName failed code integrity checks, and cannot be used.

Message #

Hypervisor launch failed; the image %1 failed code integrity checks, and cannot be used.

Fields #

Name	Description
`ImageName` UnicodeString	—

Event ID 37 — Hypervisor launch failed; the image ImageName does not contain the image description datastructures, and cannot be used.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Description

Hypervisor launch failed; the image ImageName does not contain the image description datastructures, and cannot be used.

Message #

Hypervisor launch failed; the image %1 does not contain the image description datastructures, and cannot be used.

Fields #

Name	Description
`ImageName` UnicodeString	—

Event ID 38 — Hyper-V launch failed; at least one of the processors in the system was unable to launch the hypervisor (status BalStatus).

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Description

Hyper-V launch failed; at least one of the processors in the system was unable to launch the hypervisor (status BalStatus).

Message #

Hyper-V launch failed; at least one of the processors in the system was unable to launch the hypervisor (status %1).

Fields #

Name	Description
`BalStatus` HexInt64	—

Event ID 39 — Hypervisor Load Options - LoadOptions.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: Microsoft-Windows-Hyper-V-Hypervisor-Admin
Level: Informational
Opcode: Info

Description

Hypervisor Load Options - LoadOptions.

Message #

Hypervisor Load Options - %1.

Fields #

Name	Description
`LoadOptions` AnsiString	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Hyper-V-Hypervisor",
    "guid": "52FC89F8-995E-434C-A91E-199986449890",
    "event_source_name": "",
    "event_id": 39,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 4611686018427387904,
    "time_created": "2026-03-14T01:39:45.534226+00:00",
    "event_record_id": 3,
    "correlation": {
      "ActivityID": "E6C8E93F-24DF-B4AB-98D2-D123EDC8427C"
    },
    "execution": {
      "process_id": 4,
      "thread_id": 8
    },
    "channel": "Microsoft-Windows-Hyper-V-Hypervisor-Admin",
    "computer": "LAB-WIN11.ludus.domain",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "LoadOptions": " IGNOREMEMPART=1 "
  },
  "message": ""
}

Event ID 40 — Hypervisor launch failed; the hypervisor image is revision HypervisorVersion, but the currently installed virtualization software only supports launching revision...

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Description

Hypervisor launch failed; the hypervisor image is revision HypervisorVersion, but the currently installed virtualization software only supports launching revision VersionSupported hypervisor images.

Message #

Hypervisor launch failed; the hypervisor image is revision %1, but the currently installed virtualization software only supports launching revision %2 hypervisor images.

Fields #

Name	Description
`HypervisorVersion` UInt32	—
`VersionSupported` UInt32	—

Event ID 41 — Hypervisor launch failed; Either VMX not present or not enabled in BIOS.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Level: Error
Opcode: Info

Description

Hypervisor launch failed; Either VMX not present or not enabled in BIOS.

Message #

Hypervisor launch failed; Either VMX not present or not enabled in BIOS.

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Hyper-V-Hypervisor",
    "guid": "52FC89F8-995E-434C-A91E-199986449890",
    "event_source_name": "",
    "event_id": 41,
    "version": 0,
    "level": 2,
    "task": 0,
    "opcode": 0,
    "keywords": 9223442405598953472,
    "time_created": "2023-11-06T06:24:56.254005+00:00",
    "event_record_id": 1627,
    "correlation": {
      "ActivityID": "A94F03D9-96B8-C53E-D5D7-00FBA9067B3F"
    },
    "execution": {
      "process_id": 4,
      "thread_id": 8
    },
    "channel": "System",
    "computer": "WinDev2310Eval",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {},
  "message": ""
}

References #

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 42 — Hypervisor launch failed; Either SVM not present or not enabled in BIOS.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Description

Hypervisor launch failed; Either SVM not present or not enabled in BIOS.

Message #

Hypervisor launch failed; Either SVM not present or not enabled in BIOS.

Event ID 43 — Hypervisor launch failed; EL2 not present.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Description

Hypervisor launch failed; EL2 not present.

Message #

Hypervisor launch failed; EL2 not present.

Event ID 44 — Hypervisor launch failed; Either No Execute feature (NX) not present or not enabled in BIOS.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Description

Hypervisor launch failed; Either No Execute feature (NX) not present or not enabled in BIOS.

Message #

Hypervisor launch failed; Either No Execute feature (NX) not present or not enabled in BIOS.

Event ID 46 — Hypervisor launch failed; Processor does not support the minimum features required to run the hypervisor.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Description

Hypervisor launch failed; Processor does not support the minimum features required to run the hypervisor (MSR index MSRIndex, allowed bits AllowedZeroes, required bits AllowedOnes).

Message #

Hypervisor launch failed; Processor does not support the minimum features required to run the hypervisor (MSR index %1, allowed bits %2, required bits %3).

Fields #

Name	Description
`MSRIndex` HexInt32	—
`AllowedZeroes` HexInt64	—
`AllowedOnes` HexInt64	—

Event ID 47 — Hypervisor launch failed; Processor does not provide the features necessary to run the hypervisor.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System

Message #

Hypervisor launch failed; Processor does not provide the features necessary to run the hypervisor (BalStatus {BalStatus}; leaf1 EAX {Leaf1Eax}; VMCR MS EAX {VmCrMsrValue}; SVM CPUID features {SvmFeatureEax}; has working SMM {HasWorkingSmm}).

Fields #

Name	Description
`BalStatus`	—
`Leaf1Eax`	—
`VmCrMsrValue`	—
`SvmFeatureEax`	—
`HasWorkingSmm`	—

Event ID 48 — Hypervisor launch failed; Processor does not provide the features necessary to run the hypervisor.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Description

Hypervisor launch failed; Processor does not provide the features necessary to run the hypervisor (leaf Leaf, register Register: features needed FeaturesNeeded, features supported FeaturesSupported).

Message #

Hypervisor launch failed; Processor does not provide the features necessary to run the hypervisor (leaf %1, register %2: features needed %3, features supported %4).

Fields #

Name	Description
`Leaf` HexInt32	—
`Register` HexInt32	—
`FeaturesNeeded` HexInt32	—
`FeaturesSupported` HexInt32	—

Event ID 54 — Hypervisor launch failed; Hypervisor image does not match the platform being run on.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Description

Hypervisor launch failed; Hypervisor image does not match the platform being run on.

Message #

Hypervisor launch failed; Hypervisor image does not match the platform being run on.

Event ID 55 — Hypervisor launch failed; Required firmware table not found.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Description

Hypervisor launch failed; Required firmware table not found.

Message #

Hypervisor launch failed; Required firmware table not found.

Event ID 56 — Hypervisor launch failed; Encountered invalid firmware information.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Description

Hypervisor launch failed; Encountered invalid firmware information.

Message #

Hypervisor launch failed; Encountered invalid firmware information.

Event ID 59 — Hypervisor launch failed; Second Level Address Translation is required to launch the hypervisor.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Description

Hypervisor launch failed; Second Level Address Translation is required to launch the hypervisor.

Message #

Hypervisor launch failed; Second Level Address Translation is required to launch the hypervisor.

Event ID 60 — Hypervisor launch failed; Secure Mode Extensions have been enabled by the BIOS.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Description

Hypervisor launch failed; Secure Mode Extensions have been enabled by the BIOS. Please disable Secure Mode Extensions in the BIOS to launch Hyper-V.

Message #

Hypervisor launch failed; Secure Mode Extensions have been enabled by the BIOS. Please disable Secure Mode Extensions in the BIOS to launch Hyper-V.

Event ID 61 — Hypervisor launch failed; Minimum CPUID leaves required by the hypervisor are not supported on the system.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Description

Hypervisor launch failed; Minimum CPUID leaves required by the hypervisor are not supported on the system.

Message #

Hypervisor launch failed; Minimum CPUID leaves required by the hypervisor are not supported on the system.

Event ID 62 — Hypervisor launch failed; The physical address limit supported has been exceeded.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Description

Hypervisor launch failed; The physical address limit supported has been exceeded.

Message #

Hypervisor launch failed; The physical address limit supported has been exceeded.

Event ID 63 — Hypervisor launch failed; The hypervisor was unable to initialize successfully (phase Phase), and was not started.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Message #

Hypervisor launch failed; The hypervisor was unable to initialize successfully (phase %1), and was not started.  This initialization failure may be the result of a platform configuration or firmware issue.  Contact your system vendor for more information or updated firmware.

Fields #

Name	Description
`Phase` HexInt32	—

Event ID 64 — Hypervisor launch failed; Too many runtime services memory ranges described by firmware.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Description

Hypervisor launch failed; Too many runtime services memory ranges described by firmware.

Message #

Hypervisor launch failed; Too many runtime services memory ranges described by firmware.

Event ID 65 — Hypervisor launch failed; Memory ranges validation failure (BalStatus: BalStatus, BalInternalError: BalInternalError, Line: Line, MemoryRangesCount: MemoryRangesCount).

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System

Description

Hypervisor launch failed; Memory ranges validation failure (BalStatus: BalStatus, BalInternalError: BalInternalError, Line: Line, MemoryRangesCount: MemoryRangesCount).

Message #

Hypervisor launch failed; Memory ranges validation failure (BalStatus: %1, BalInternalError: %2, Line: %3, MemoryRangesCount: %4).

Fields #

Name	Description
`BalStatus` HexInt64	—
`BalInternalError` UInt32	—
`Line` UInt16	—
`MemoryRangesCount` UInt32	—
`MemoryRanges` Int16	—

Event ID 80 — Hypervisor launch failed; The operating systems boot loader failed with error NtStatus.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Description

Hypervisor launch failed; The operating systems boot loader failed with error NtStatus.

Message #

Hypervisor launch failed; The operating systems boot loader failed with error %1.

Fields #

Name	Description
`NtStatus` HexInt32	—

Event ID 81 — Hypervisor launch failed; The operating system boot loader was unable to locate a required resource.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Description

Hypervisor launch failed; The operating system boot loader was unable to locate a required resource.

Message #

Hypervisor launch failed; The operating system boot loader was unable to locate a required resource.

Event ID 82 — Hypervisor launch failed; The operating system boot loader detected a persistent memory failure.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Description

Hypervisor launch failed; The operating system boot loader detected a persistent memory failure.

Message #

Hypervisor launch failed; The operating system boot loader detected a persistent memory failure.

Event ID 83 — Hypervisor launch failed; The operating system boot loader was unable to allocate sufficient memory to complete the operation.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Description

Hypervisor launch failed; The operating system boot loader was unable to allocate sufficient memory to complete the operation.

Message #

Hypervisor launch failed; The operating system boot loader was unable to allocate sufficient memory to complete the operation.

Event ID 84 — Hypervisor launch failed; The operating system boot loader was unable to allocate sufficient resources to complete the operation.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Description

Hypervisor launch failed; The operating system boot loader was unable to allocate sufficient resources to complete the operation.

Message #

Hypervisor launch failed; The operating system boot loader was unable to allocate sufficient resources to complete the operation.

Event ID 85 — Hypervisor launch failed; The operating system boot loader detected a memory map conflict.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Description

Hypervisor launch failed; The operating system boot loader detected a memory map conflict.

Message #

Hypervisor launch failed; The operating system boot loader detected a memory map conflict.

Event ID 86 — Hypervisor launch failed; the version of the microcode update dll does not match the current operating system.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Description

Hypervisor launch failed; the version of the microcode update dll does not match the current operating system.

Message #

Hypervisor launch failed; the version of the microcode update dll does not match the current operating system.

Fields #

Name	Description
`ExpectedVersion` UInt32	—
`ActualVersion` UInt32	—
`ExpectedFunctionTableSize` UInt32	—
`ActualFunctionTableSize` UInt32	—
`UpdateDllName` UnicodeString	—

Event ID 96 — Hypervisor processor startup failed (APIC ID CPU, status ErrorCode).

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Description

Hypervisor processor startup failed (APIC ID CPU, status ErrorCode). Further processors in the system were not started.

Message #

Hypervisor processor startup failed (APIC ID %1, status %2). Further processors in the system were not started.

Fields #

Name	Description
`CPU` HexInt32	—
`ErrorCode` HexInt32	—

Event ID 97 — Hypervisor processor startup failed (APIC ID CPU) due to CPUID feature validation error.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Message #

Hypervisor processor startup failed (APIC ID %1) due to CPUID feature validation error. Further processors in the system were not started. Leaf %2, register %3 feature mismatch: BSP has features %5; AP has features %4

Fields #

Name	Description
`CPU` HexInt32	—
`LeafNumber` HexInt64	—
`Register` HexInt64	—
`BSPCpuidData` HexInt64	—
`APCpuidData` HexInt64	—

Event ID 129 — Hypervisor initialized I/O remapping.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Level: Informational
Opcode: Info

Description

Hypervisor initialized I/O remapping.

Message #

Hypervisor initialized I/O remapping.

Hardware present: %1
Hardware enabled: %2
Policy: %3
Enabled features: %4
Internal information: %5
Problems: %6
Additional information: %7

Fields #

Name	Description
`HardwarePresent` Boolean	—
`HardwareEnabled` Boolean	—
`Policy` HexInt64	—
`EnabledFeatures` HexInt64	—
`InternalInfo` HexInt64	—
`Problems` HexInt64	—
`AdditionalInfo` HexInt64	—
`Hardware_present` Boolean	—
`Hardware_enabled` Boolean	—
`Enabled_features` HexInt64	—
`Internal_information` HexInt64	—
`Additional_information` HexInt64	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Hyper-V-Hypervisor",
    "guid": "52FC89F8-995E-434C-A91E-199986449890",
    "event_source_name": "",
    "event_id": 129,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 9223442405598953472,
    "time_created": "2026-03-11T06:27:08.616876+00:00",
    "event_record_id": 2710,
    "correlation": {},
    "execution": {
      "process_id": 4,
      "thread_id": 8
    },
    "channel": "System",
    "computer": "LAB-WIN11",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "HardwarePresent": false,
    "HardwareEnabled": false,
    "Policy": "0x0",
    "EnabledFeatures": "0x0",
    "InternalInfo": "0x0",
    "Problems": "0x0",
    "AdditionalInfo": "0x0"
  },
  "message": ""
}

Event ID 130 — Hypervisor I/O remapping is forcibly enabled by policy (the hypervisoriommupolicy BCD option is set to enable).

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Message #

Hypervisor I/O remapping is forcibly enabled by policy (the hypervisoriommupolicy BCD option is set to enable). If the system exhibits instability or reduced performance, consider restoring the default policy.

Event ID 131 — There is an I/O remapping problem with the sytem BIOS.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Description

There is an I/O remapping problem with the sytem BIOS.

Message #

There is an I/O remapping problem with the sytem BIOS.

Problems: %1

Fields #

Name	Description
`Problems` HexInt64	—

Event ID 144 — A device is operating with reduced performance because of a problem with the system BIOS.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System

Description

A device is operating with reduced performance because of a problem with the system BIOS.

Message #

A device is operating with reduced performance because of a problem with the system BIOS.



The device is not reported under the scope of a unique I/O remapping unit.



Device ID: %1

Partition ID: %2

Fields #

Name	Description
`DeviceId` HexInt64	—
`PartitionId` UInt64	—

Event ID 145 — A device will not work correctly because of a problem with the system BIOS.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System

Description

A device will not work correctly because of a problem with the system BIOS.

Message #

A device will not work correctly because of a problem with the system BIOS.



The Requester IDs reported for the device overlap with those reported for another device.



Device ID: %1

Partition ID: %2

Fields #

Name	Description
`DeviceId` HexInt64	—
`PartitionId` UInt64	—

Event ID 146 — A device will not work correctly because the hypervisor does not have enough resources.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System

Description

A device will not work correctly because the hypervisor does not have enough resources.

Message #

A device will not work correctly because the hypervisor does not have enough resources.



Device ID: %1

Partition ID: %2

Fields #

Name	Description
`DeviceId` HexInt64	—
`PartitionId` UInt64	—

Event ID 147 — A device will not work correctly because of a problem with the system BIOS.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System

Description

A device will not work correctly because of a problem with the system BIOS.

Message #

A device will not work correctly because of a problem with the system BIOS.



An IOAPIC is not correctly reported.



IOAPIC ID: %1

Fields #

Name	Description
`IoApicId` UInt8	—

Event ID 148 — A device could not be used by a child partition because of a limitation of the system hardware and BIOS.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System

Description

A device could not be used by a child partition because of a limitation of the system hardware and BIOS.

Message #

A device could not be used by a child partition because of a limitation of the system hardware and BIOS.



The I/O remapping unit that controls the device does not have sufficient capabilities.



Device ID: %1

I/O remapping unit base address: %2

Partition ID: %3

Fields #

Name	Description
`DeviceId` HexInt64	—
`UnitBaseAddress` HexInt64	—
`PartitionId` UInt64	—

Event ID 149 — A device could not be used by a child partition because of a limitation of the system hardware and BIOS.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System

Description

A device could not be used by a child partition because of a limitation of the system hardware and BIOS.

Message #

A device could not be used by a child partition because of a limitation of the system hardware and BIOS.



The device cannot be securely used by a child partition.



Device ID: %1

Partition ID: %2

Fields #

Name	Description
`DeviceId` HexInt64	—
`PartitionId` UInt64	—

Event ID 150 — The image {ImageName} could not be accessed (status {Status}).

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System

Description

The image {ImageName} could not be accessed (status {Status}).

Message #

The image {ImageName} could not be accessed (status {Status}).

Fields #

Name	Description
`ImageName`	—
`Status`	— NTSTATUS reference

Event ID 151 — The image {ImageName} could not be loaded (status {Status}).

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System

Description

The image {ImageName} could not be loaded (status {Status}).

Message #

The image {ImageName} could not be loaded (status {Status}).

Fields #

Name	Description
`ImageName`	—
`Status`	— NTSTATUS reference

Event ID 152 — The image ImageName could not be read (status Status).

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Description

The image ImageName could not be read (status Status).

Message #

The image %1 could not be read (status %2).

Fields #

Name	Description
`ImageName` UnicodeString	—
`Status` HexInt32	— NTSTATUS reference

Event ID 153 — The image ImageName failed code integrity checks, and cannot be used.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Description

The image ImageName failed code integrity checks, and cannot be used.

Message #

The image %1 failed code integrity checks, and cannot be used.

Fields #

Name	Description
`ImageName` UnicodeString	—

Event ID 154 — Hypervisor failed to properly synchronize TSC across logical processors (Max delta: MaxDelta, Min delta: MinDelta).

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Description

Hypervisor failed to properly synchronize TSC across logical processors (Max delta: MaxDelta, Min delta: MinDelta).

Message #

Hypervisor failed to properly synchronize TSC across logical processors (Max delta: %1, Min delta: %2).

Fields #

Name	Description
`MaxDelta` Int64	—
`MinDelta` Int64	—

Event ID 155 — Host processor features mask: BankCount.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: Microsoft-Windows-Hyper-V-Hypervisor-Admin
Level: Informational
Opcode: Info

Description

Host processor features mask: BankCount.

Message #

Host processor features mask: %1

Host xsave features mask: %2

Host cache line flush size: %3 bytes

Fields #

Name	Description
`BankCount` UInt8	—
`ProcessorFeatures` HexInt64	—
`XsaveFeatures` HexInt64	—
`CLFlushSize` UInt32	—
`Host_processor_features_mask`	—
`Host_xsave_features_mask`	—
`Host_cache_line_flush_size`	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Hyper-V-Hypervisor",
    "guid": "52FC89F8-995E-434C-A91E-199986449890",
    "event_source_name": "",
    "event_id": 155,
    "version": 1,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 4611686018427387904,
    "time_created": "2026-03-11T06:27:24.431418+00:00",
    "event_record_id": 2,
    "correlation": {},
    "execution": {
      "process_id": 4,
      "thread_id": 364
    },
    "channel": "Microsoft-Windows-Hyper-V-Hypervisor-Admin",
    "computer": "LAB-WIN11",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "BankCount": 2,
    "ProcessorFeatures": "0x800040",
    "XsaveFeatures": "0x1f",
    "CLFlushSize": 64
  },
  "message": ""
}

Event ID 156 — Hypervisor initial page allocation NUMA policy: .

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: Microsoft-Windows-Hyper-V-Hypervisor-Admin
Level: Informational
Opcode: Info

Description

Hypervisor configured mitigations for CVE-2018-3646 for virtual machines.

Fields #

Name	Description
`InitialAllocationNumaPolicy` UInt32	Hypervisor initial page allocation NUMA policy.

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Hyper-V-Hypervisor",
    "guid": "52FC89F8-995E-434C-A91E-199986449890",
    "event_source_name": "",
    "event_id": 156,
    "version": 1,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 4611686018427387904,
    "time_created": "2023-11-06T06:24:56.253950+00:00",
    "event_record_id": 6,
    "correlation": {
      "ActivityID": "A94F03D9-96B8-C53E-D5D7-00FBA9067B3F"
    },
    "execution": {
      "process_id": 4,
      "thread_id": 8
    },
    "channel": "Microsoft-Windows-Hyper-V-Hypervisor-Admin",
    "computer": "WinDev2310Eval",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "InitialAllocationNumaPolicy": 0
  },
  "message": ""
}

References #

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 156 — Hypervisor configured mitigations for CVE-2018-3646 for virtual machines.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Level: Informational
Opcode: Info

Description

Hypervisor configured mitigations for CVE-2018-3646 for virtual machines.

Message #

Hypervisor configured mitigations for CVE-2018-3646 for virtual machines.

Processor not affected: %1
Processor family not affected: %2
Processor supports cache flush: %3
HyperThreading enabled: %4
Parent hypervisor applies mitigations: %5
Mitigations disabled by bcdedit: %6
Mitigations enabled: %7
Cache flush needed: %8

Fields #

Name	Description
`NotAffectedRdclNo`	—
`NotAffectedAtom`	—
`CacheFlushSupported`	—
`SmtEnabled`	—
`ParentHypervisorFlushes`	—
`DisabledLoadOption`	—
`Enabled`	—
`CacheFlushNeeded`	—
`InitialAllocationNumaPolicy` UInt32	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Hyper-V-Hypervisor",
    "guid": "52FC89F8-995E-434C-A91E-199986449890",
    "event_source_name": "",
    "event_id": 156,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 9223442405598953472,
    "time_created": "2026-03-11T06:27:08.616901+00:00",
    "event_record_id": 2711,
    "correlation": {},
    "execution": {
      "process_id": 4,
      "thread_id": 8
    },
    "channel": "System",
    "computer": "LAB-WIN11",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "NotAffectedRdclNo": false,
    "NotAffectedAtom": false,
    "CacheFlushSupported": true,
    "SmtEnabled": false,
    "ParentHypervisorFlushes": false,
    "DisabledLoadOption": false,
    "Enabled": true,
    "CacheFlushNeeded": true
  },
  "message": ""
}

Event ID 157 — The hypervisor did not enable mitigations for side channel vulnerabilities for virtual machines because HyperThreading is enabled and the hyperviso...

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Message #

The hypervisor did not enable mitigations for side channel vulnerabilities for virtual machines because HyperThreading is enabled and the hypervisor core scheduler is not enabled. To enable mitigations for virtual machines, enable the core scheduler by running "bcdedit /set hypervisorschedulertype core" from an elevated command prompt and reboot.

Event ID 158 — The queried interface version Max is not supported (Min : CurrentVersion, Max : MinVersion).

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Description

The queried interface version Max is not supported (Min : CurrentVersion, Max : MinVersion).

Message #

The queried interface version %1 is not supported (Min : %2, Max : %3).

Fields #

Name	Description
`Max`	1 is not supported (Min.
`CurrentVersion` UInt8	—
`MinVersion` UInt8	—
`MaxVersion` UInt8	—

Event ID 159 — The queried interface is incomplete.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Description

The queried interface is incomplete.

Message #

The queried interface is incomplete.

Event ID 160 — Partition persistence services will be unavailable.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Description

Partition persistence services will be unavailable.

Message #

Partition persistence services will be unavailable.

Event ID 161 — The configured Minroot settings are not compatible with the hypervisor core scheduler and have been overriden.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Description

The configured Minroot settings are not compatible with the hypervisor core scheduler and have been overriden. This may expose a different number of logical processors to the root partition.

Message #

The configured Minroot settings are not compatible with the hypervisor core scheduler and have been overriden. This may expose a different number of logical processors to the root partition.

Event ID 162 — Failed to unregister the remote hypercall interface (status NtStatus).

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Description

Failed to unregister the remote hypercall interface (status NtStatus).

Message #

Failed to unregister the remote hypercall interface (status %1).

Fields #

Name	Description
`NtStatus` HexInt32	—

Event ID 163 — The hypervisor encountered an internal error: nested NMI (processor Processor).

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: Microsoft-Windows-Hyper-V-Hypervisor-Operational

Description

The hypervisor encountered an internal error: nested NMI (processor Processor).

Message #

The hypervisor encountered an internal error: nested NMI (processor %1).

Fields #

Name	Description
`Processor` UInt32	—

Event ID 164 — The hypervisor encountered an internal error: IPI timeout (processor Processor).

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: Microsoft-Windows-Hyper-V-Hypervisor-Operational

Description

The hypervisor encountered an internal error: IPI timeout (processor Processor).

Message #

The hypervisor encountered an internal error: IPI timeout (processor %1).

Fields #

Name	Description
`Processor` UInt32	—

Event ID 165 — Hypervisor configured mitigations for CVE-2019-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130 for virtual machines.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Level: Informational
Opcode: Info

Description

Hypervisor configured mitigations for CVE-2019-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130 for virtual machines.

Message #

Hypervisor configured mitigations for CVE-2019-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130 for virtual machines.

Processor not affected: %1
Processor family not affected: %2
Processor supports microarchitectural buffer flush: %3
Buffer flush needed: %4

Fields #

Name	Description
`NotAffectedMdsNo` Boolean	—
`NotAffectedAtom` Boolean	—
`MdClearSupported` Boolean	—
`BufferFlushNeeded` Boolean	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Hyper-V-Hypervisor",
    "guid": "52FC89F8-995E-434C-A91E-199986449890",
    "event_source_name": "",
    "event_id": 165,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 9223442405598953472,
    "time_created": "2026-03-11T06:27:08.616931+00:00",
    "event_record_id": 2712,
    "correlation": {},
    "execution": {
      "process_id": 4,
      "thread_id": 8
    },
    "channel": "System",
    "computer": "LAB-WIN11",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "NotAffectedMdsNo": false,
    "NotAffectedAtom": false,
    "MdClearSupported": true,
    "BufferFlushNeeded": true
  },
  "message": ""
}

Event ID 166 — Hypervisor Load Options are conflicting - LoadOptions, LoadFlags.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: Microsoft-Windows-Hyper-V-Hypervisor-Admin
Opcode: Info

Description

Hypervisor Load Options are conflicting - LoadOptions, LoadFlags.

Message #

Hypervisor Load Options are conflicting - %1, %2.

Fields #

Name	Description
`LoadOptions` AnsiString	—
`LoadFlags` HexInt64	—

Event ID 167 — The hypervisor did not enable mitigations for side channel vulnerabilities for virtual machines because HyperThreading is enabled.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Description

The hypervisor did not enable mitigations for side channel vulnerabilities for virtual machines because HyperThreading is enabled. To enable mitigations for virtual machines, disable HyperThreading.

Message #

The hypervisor did not enable mitigations for side channel vulnerabilities for virtual machines because HyperThreading is enabled. To enable mitigations for virtual machines, disable HyperThreading.

Event ID 168 — AMD PSP PCI device discovered.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Description

AMD PSP PCI device discovered. Segment: AMD_PSP_PCI_device_discovered_Segment, bus: bus, device: device, function: function.

Message #

AMD PSP PCI device discovered. Segment: %1, bus: %2, device: %3, function: %4.

Fields #

Name	Description
`AMD_PSP_PCI_device_discovered_Segment` UInt16	AMD PSP PCI device discovered. Segment.
`bus` UInt8	—
`device` UInt8	—
`function` UInt8	—
`Segment` UInt16	—
`Bus` UInt8	—
`Device` UInt8	—
`Function` UInt8	—

Event ID 169 — Secure firmware update status: Secure_firmware_update_status.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Description

Secure firmware update status: Secure_firmware_update_status.

Message #

Secure firmware update status: %1.

Fields #

Name	Description
`Secure_firmware_update_status` UInt32	—
`Status` UInt32	— NTSTATUS reference

Event ID 170 — Secure firmware image invalid.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Description

Secure firmware image invalid.

Message #

Secure firmware image invalid.

Event ID 171 — Secure firmware version: Secure_firmware_version.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Description

Secure firmware version: Secure_firmware_version.

Message #

Secure firmware version: %1.

Fields #

Name	Description
`Secure_firmware_version` UInt64	—
`Version` UInt64	—

Event ID 172 — Features are enabled that require all processors be started.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: Microsoft-Windows-Hyper-V-Hypervisor-Admin
Opcode: Info

Description

Features are enabled that require all processors be started. RunningProcessors of AvailableProcessors processors currently running.

Message #

Features are enabled that require all processors be started. %1 of %2 processors currently running.

Fields #

Name	Description
`RunningProcessors` UInt32	—
`AvailableProcessors` UInt32	—

Event ID 173 — On the prior boot session, the root partition did not respond to the synthetic watchdog in time, triggering a hardware watchdog reboot.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: System
Opcode: Info

Description

On the prior boot session, the root partition did not respond to the synthetic watchdog in time, triggering a hardware watchdog reboot.

Message #

On the prior boot session, the root partition did not respond to the synthetic watchdog in time, triggering a hardware watchdog reboot.

Event ID 8451 — Hyper-V failed creating a new partition (status Error)!

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: Microsoft-Windows-Hyper-V-Hypervisor-Operational
Opcode: Info

Description

Hyper-V failed creating a new partition (status Error)!

Message #

Hyper-V failed creating a new partition (status %1)!

Fields #

Name	Description
`Error` HexInt64	—

Event ID 12288 —

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: Operational
Task: RegisterInterface

Fields #

Name	Description
`FailurePhase` UInt32	—
`NtStatus` UInt32	—

Event ID 12289 —

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: Operational
Task: HvldrIoctl

Fields #

Name	Description
`AuxData` UInt64	—
`NtStatus` UInt32	—

Event ID 12290 —

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: Operational
Task: RemoteHypercall

Fields #

Name	Description
`AuxData` UInt64	—
`NtStatus` UInt32	—

Event ID 12291 —

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: Operational
Task: HvldrCreatePartition

Fields #

Name	Description
`PartitionId` UInt64	—
`NtStatus` UInt32	—
`AuxiliaryData` UInt64	—

Event ID 12292 —

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: Operational
Task: RegisterPartitionId

Fields #

Name	Description
`PartitionId` UInt64	—
`NtStatus` UInt32	—
`AuxiliaryData` UInt64	—

Event ID 12293 —

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: Operational
Task: HvldrDeletePartition

Fields #

Name	Description
`PartitionId` UInt64	—
`NtStatus` UInt32	—
`AuxiliaryData` UInt64	—

Event ID 12294 —

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: Operational
Task: HvldrDepositMemory

Fields #

Name	Description
`PartitionId` UInt64	—
`NtStatus` UInt32	—
`AuxiliaryData` UInt64	—

Event ID 12295 —

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: Operational
Task: HvldrMapGpaPages

Fields #

Name	Description
`PartitionId` UInt64	—
`NtStatus` UInt32	—
`AuxiliaryData` UInt64	—

Event ID 12296 —

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: Operational
Task: HvldrUnmapGpaSpace

Fields #

Name	Description
`PartitionId` UInt64	—
`NtStatus` UInt32	—
`AuxiliaryData` UInt64	—

Event ID 12297 —

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: Operational
Task: HvldrNumaDistributedAllocation

Fields #

Name	Description
`TotalSystemPages` HexInt64	—
`TotalPagesRequested` HexInt32	—
`Policy` UInt32	—
`ProximityDomainCount` UInt32	—
`AllocationPass` UInt32	—
`ProximityDomainIndex` UInt32	—
`ProximityDomainId` HexInt32	—
`TotalDomainPages` HexInt64	—
`PagesRequested` HexInt32	—
`BalStatus` HexInt64	—
`PagesAllocated` HexInt32	—

Event ID 12298 —

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: Operational
Task: HvldrGetLpRegisterMsr

Fields #

Name	Description
`AuxData` UInt64	—
`NtStatus` UInt32	—

Event ID 12299 —

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: Operational
Task: HvldrGetLpRegisterCpuid

Fields #

Name	Description
`AuxData` UInt64	—
`NtStatus` UInt32	—

Event ID 12300 —

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: Operational
Task: HvldrReadSystemMemory

Fields #

Name	Description
`AuxData` UInt64	—
`NtStatus` UInt32	—

Event ID 12301 —

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: Operational
Task: HvldrGetMtrrs

Fields #

Name	Description
`AuxData` UInt64	—
`NtStatus` UInt32	—

Event ID 12302 —

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: Operational
Task: HvldrGetPlatformCaps

Fields #

Name	Description
`BalStatus` HexInt64	—

Event ID 12303 —

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: Operational
Task: HvldrHsrInUse

Fields #

Name	Description
`HsrInUse` Boolean	—
`Reason` UInt32	—

Event ID 12304 —

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: Operational
Task: HvldrConfigureIommuLiveHandoff

Fields #

Name	Description
`AuxData` UInt64	—
`NtStatus` UInt32	—

Event ID 12305 —

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: Operational
Task: HvldrGetIdleStateConfig

Fields #

Name	Description
`AuxData` UInt64	—
`NtStatus` UInt32	—

Event ID 12306 —

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: Operational
Task: HvldrGetVpRegisters

Fields #

Name	Description
`AuxData` UInt64	—
`NtStatus` UInt32	—

Event ID 12307 —

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: Operational
Task: HvldrGetLogicalProcessorProperty

Fields #

Name	Description
`AuxData` UInt64	—
`NtStatus` UInt32	—

Event ID 12308 —

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: Operational
Task: HvldrDisableHypervisor

Fields #

Name	Description
`AuxData` UInt64	—
`NtStatus` UInt32	—

Event ID 12309 —

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: Operational
Task: HvldrDisableHypervisor

Fields #

Name	Description
`AuxData` UInt64	—
`NtStatus` UInt32	—

Event ID 12310 —

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: Operational
Task: HvldrPrepareProtoHypervisor

Fields #

Name	Description
`AuxData` UInt64	—
`NtStatus` UInt32	—

Event ID 12311 —

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: Operational
Task: HvldrImageLoadInfo

Fields #

Name	Description
`ImageName` UnicodeString	—
`Checksum` UInt32	—
`Timestamp` UInt32	—
`NtStatus` UInt32	—

Event ID 12312 —

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: Operational
Task: HvldrReadHvRegister

Fields #

Name	Description
`AuxData` UInt64	—
`NtStatus` UInt32	—

Event ID 12313 —

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: Operational
Task: HvldrProcessInterruptControllers

Fields #

Name	Description
`AuxData` UInt64	—
`NtStatus` UInt32	—

Event ID 12314 —

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: Operational
Task: HvldrHsrMirroringInUse

Fields #

Name	Description
`HsrInUse` Boolean	—
`Reason` UInt32	—

Event ID 12315 —

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: Operational
Task: HvldrDebugMsg

Fields #

Name	Description
`LoadOptions` AnsiString	—

Event ID 12316 —

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: Operational
Task: HvldrDebugMsg

Fields #

Name	Description
`LoadOptions` AnsiString	—

Event ID 12317 —

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: Operational
Task: HvldrFailureLocation

Fields #

Name	Description
`BaseLocation` AnsiString	—
`Line` UInt32	—
`BalStatus` HexInt64	—
`AuxData` UInt64	—

Event ID 12550 — Hyper-V detected access to a restricted MSR.

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: Microsoft-Windows-Hyper-V-Hypervisor-Operational
Opcode: Info

Description

Hyper-V detected access to a restricted MSR (Msr: Msr, IsWrite: IsWrite, MsrValue: MsrValue, AccessStatus: AccessStatus, Pc: Pc, ImageBase: ImageBase, ImageChecksum: ImageChecksum, ImageTimestamp: ImageTimestamp, ImageName: ImageName).

Message #

Hyper-V detected access to a restricted MSR (Msr: %1, IsWrite: %2, MsrValue: %3, AccessStatus: %4, Pc: %5, ImageBase: %6, ImageChecksum: %7, ImageTimestamp: %8, ImageName: %9).

Fields #

Name	Description
`Msr` HexInt32	—
`IsWrite` UInt8	—
`MsrValue` HexInt64	—
`AccessStatus` UInt16	—
`Pc` HexInt64	—
`ImageBase` HexInt64	—
`ImageChecksum` HexInt32	—
`ImageTimestamp` HexInt32	—
`ImageName` AnsiString	—

Event ID 16641 — Hyper-V successfully created a new partition (partition PartitionId).

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: Microsoft-Windows-Hyper-V-Hypervisor-Operational
Level: Informational
Opcode: Info

Description

Hyper-V successfully created a new partition (partition PartitionId).

Message #

Hyper-V successfully created a new partition (partition %1).

Fields #

Name	Description
`PartitionId` UInt64	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Hyper-V-Hypervisor",
    "guid": "52FC89F8-995E-434C-A91E-199986449890",
    "event_source_name": "",
    "event_id": 16641,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 2305843009213693952,
    "time_created": "2026-03-11T06:32:05.545260+00:00",
    "event_record_id": 1,
    "correlation": {},
    "execution": {
      "process_id": 4,
      "thread_id": 2472
    },
    "channel": "Microsoft-Windows-Hyper-V-Hypervisor-Operational",
    "computer": "LAB-WIN11",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "PartitionId": 2
  },
  "message": ""
}

Event ID 16642 — Hyper-V successfully deleted a partition (partition PartitionId).

Provider: Microsoft-Windows-Hyper-V-Hypervisor
Channel: Microsoft-Windows-Hyper-V-Hypervisor-Operational
Level: Informational
Opcode: Info

Description

Hyper-V successfully deleted a partition (partition PartitionId).

Message #

Hyper-V successfully deleted a partition (partition %1).

Fields #

Name	Description
`PartitionId` UInt64	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Hyper-V-Hypervisor",
    "guid": "52FC89F8-995E-434C-A91E-199986449890",
    "event_source_name": "",
    "event_id": 16642,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 2305843009213693952,
    "time_created": "2026-03-13T20:09:16.550106+00:00",
    "event_record_id": 2,
    "correlation": {},
    "execution": {
      "process_id": 4,
      "thread_id": 424
    },
    "channel": "Microsoft-Windows-Hyper-V-Hypervisor-Operational",
    "computer": "LAB-WIN11.ludus.domain",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "PartitionId": 2
  },
  "message": ""
}