Troubleshoot CAU: Log Files for Cluster-Aware Updating
This topic provides an overview of the log files that are generated when you use the Cluster-Aware Updating (CAU) feature in Windows Server 2012. The log files contain information that is mainly intended for use by developers and Microsoft Support engineers. However, in some cases you might want to look at one or more logs to help troubleshoot a problem that you encounter when using CAU.
As a convenience, you can run the Save-CauDebugTrace Windows PowerShell cmdlet to package the CAU log files as a zip file. For example, you might need to gather the logs if you contact Microsoft Support for assistance.
CAU log files
The following table summarizes CAU-related log files that are generated on the CAU Update Coordinator computer or the failover cluster nodes. Some log files are generated automatically when you use CAU to apply updates or perform related actions; to generate others, you must perform additional steps. The table also indicates conditions when the log files are included in the package that is generated when you run the Save-CauDebugTrace Windows PowerShell cmdlet.
For details about running Save-CauDebugTrace, see Run Save-CAUDebugTrace later in this topic.
| Log files | Description | Location | Format | Steps to generate the logs | Package using Save-CauDebugTrace? |
|---|---|---|---|---|---|
CAU debug logs |
Information about CAU-related actions such as scanning, download, and installation of updates using Windows PowerShell on a local or remote Update Coordinator |
On each Update Coordinator computer, in the User's Profile: %localappdata%\Temp\CAU\debugTrace_ *.etl If multiple CAU processes are running, separate trace files for each process are generated—for example, debugTrace_01.etl, debugTrace_02.etl, and so on. |
Event Trace Log (.etl) > [!NOTE]
> To view the information in an .etl file, you can convert it to text format. For example, run the following command: |
None. A new .etl file is created automatically for each CAU Windows PowerShell session that runs on a CAU Update Coordinator. |
Run on an Update Coordinator |
CAU UI tracing logs |
Information about actions performed using the CAU UI on a local or remote Update Coordinator |
On each Update Coordinator: %localappdata%\temp\ClusterUpdateUI.log (by default). If multiple CAU UI instances are running, each additional instance creates a new UI log file with a unique identifier prepended to the default name—for example, 8c1cc20b-8697-47df-ad21-19b058211c26ClusterUpdateUI.log. |
Text |
None. A UI tracing log is automatically created or appended when you start the CAU UI on a CAU Update Coordinator. The location, trace level, and other properties of the UI tracing log can be optionally customized by modifying the file %systemroot%\Cluster\ClusterUpdateUI.exe.config. |
Run on an Update Coordinator |
CAU WMI provider logs |
Information about the CAU WMI provider that is installed on each cluster node to coordinate updates by CAU |
On each cluster node: %systemroot%\system32\LogFiles\ClusterUpdate\CauWmi*.log |
Text |
None. A CAU WMI provider log is generated automatically on each node for each Updating Run. |
Run on a cluster node, or run on a remote Update Coordinator and specify the ClusterName parameter |
Failover Clustering log files |
Configurable level of detail about the normal activities and problems in the failover cluster. This information is not specific to CAU, but may contain related troubleshooting information about the cluster state. |
When generated, on each cluster node: %windir%\cluster\reports\cluster.log (by default) |
Text |
1. Run the Set-ClusterLog Windows PowerShell cmdlet to specify the size and level of detail in the log file. For example, to specify a verbose log with a maximum size of 100 MB: Set-ClusterLog -size 100 -level 5 2. Use CAU or Failover Clustering tools to apply updates or perform a task that causes the problem that you want to troubleshoot. 3. Run the Get-ClusterLog Windows PowerShell cmdlet to generate the log file on all nodes, or a specific node, of the failover cluster. For example, to generate a log on all nodes for a time span of 5 minutes, and place the results in the default cluster log location:Get-ClusterLog -timespan 5 |
Run on a cluster node, or run on a remote Update Coordinator and specify the ClusterName parameter |
Windows Update Agent log files |
Information about when the Windows Update Agent connects to a Microsoft software update source to download or install an update |
On each cluster node: %windir%\Windowsupdate.log |
Text |
None. All Microsoft software update transactions are logged automatically on each cluster node. You can optionally enable verbose logging. For more information, see article 902093 at the Microsoft Support site. |
Run on a cluster node, or run on a remote Update Coordinator and specify the ClusterName parameter |
Run Save-CAUDebugTrace
You can run the Save-CauDebugTrace Windows PowerShell cmdlet on an Update Coordinator computer or on a cluster node to save the CAU log files to a zip file. The files are packaged in a defined structure. Different log files are packaged, depending on the location where you run the cmdlet and the cmdlet parameters that you specify. See the table in CAU log files earlier in this topic.
When running Save-CauDebugTrace, be aware of the following:
- Ensure that Windows PowerShell remoting is enabled on the cluster nodes and that the nodes meet other requirements for remote management. For more information, see Configure the nodes for remote management in the Windows Server Library.
- Before running Save-CauDebugTrace, close any instances of the CAU UI, to ensure that UI tracing log files are properly flushed to the disk.
- It might take several minutes to run Save-CauDebugTrace.
Windows PowerShell commands
The following example runs Save-CauDebugTrace on an Update Coordinator computer to package the local CAU debug and UI tracing logs in the file C:\temp\CAUTrace.zip.
Save-CauDebugTrace -FilePath C:\temp\CAUTrace.zip
The following example runs Save-CauDebugTrace on an Update Coordinator computer to package the local CAU debug and UI tracing logs, plus the available CAU-related logs on the nodes in cluster CONTOSO-FC1, in the file C:\temp\CAUTrace.zip on the local computer.
Save-CauDebugTrace –ClusterName CONTOSO-FC1 -FilePath C:\temp\CAUTrace.zip
The following example runs Save-CauDebugTrace on a cluster node to package the local CAU debug and UI tracing logs, plus the available CAU-related logs on the failover cluster nodes, in the file C:\temp\CAUTrace.zip on the local computer.
Save-CauDebugTrace -FilePath C:\temp\CAUTrace.zip
Structure of the zip file
The zip file that is the output of Save-CauDebugTrace contains log files in a structure similar to the following. Depending on your CAU scenario, the zip file might contain more or fewer files. In the following example, Save-CauDebugTrace was run on a node in a two-node failover cluster consisting of nodes named ContosoNode1 and ContosoNode2. The wildcard character (*) is used here to indicate one or more files.
<!--Root of zip file-->
*ClusterUpdateUI.log <!--CAU UI tracing logs-->
SaveCauDebugTrace.etl <!--Tracing log for the Save-CauDebugTrace process-->
ContosoNode1\ <!--Folder containing logs from node ContosoNode1-->
debugTrace_ *.etl <!--CAU debug tracing logs-->
WUA
WindowsUpdate.log <!--Windows Update Agent log-->
WMI
CauWMI*.log <!--CAU WMI provider logs-->
Cluster
ContosoNode1_cluster.log <!--Failover cluster log-->
ContosoNode2\ <!--Folder containing logs from node ContosoNode2-->
debugTrace_ *.etl <!--CAU debug tracing logs-->
WUA
WindowsUpdate.log <!--Windows Update Agent log-->
WMI
CauWMI*.log <!--CAU WMI provider logs-->
Cluster
ContosoNode2_cluster.log <!--Failover cluster log-->
Event logging channels for CAU
The following table lists CAU- and Failover Clustering-related event logging channels. You can use these to view CAU-related events using Event Viewer on a remote CAU Update Coordinator computer or on a failover cluster node.
You can also use Failover Cluster Manager to view recent events for all of the nodes in a cluster, or the critical events for a specific clustered role or resource.
| Logging channel | Event Viewer path | Enabled | Description |
|---|---|---|---|
ClusterAwareUpdating-Admin |
On each cluster node: Applications and Services Logs\Microsoft\Windows\ |
Yes |
CAU administrative events related to:
|
ClusterAwareUpdating-Debug |
On each cluster node: Applications and Services Logs\Microsoft\Windows\ |
No |
CAU debugging events related to scanning, download, and installation of updates; CAU reporting; Updating Run coordination. |
ClusterAwareUpdating-Management-Admin |
On each CAU Update Coordinator: Applications and Services Logs\Microsoft\Windows\ |
Yes |
CAU administrative events related to cross-cluster orchestration related to:
|
System |
On each cluster node: Windows Logs\ |
Yes |
Includes Failover Clustering events that are of type Critical, Error, or Warning |
FailoverClustering-Diagnostic |
On each cluster node: Applications and Services Logs\Microsoft\Windows\ |
Yes |
Circular log that runs anytime the Cluster service starts. Events can be read in the Event Viewer if logging is disabled. They can also be converted to text file format. The primary way to generate the cluster log is to use the Get-ClusterLog Windows PowerShell cmdlet. |
FailoverClustering-Operational |
A On each cluster node: Applications and Services Logs\Microsoft\Windows\ |
Yes |
Informational cluster events |
FailoverClustering-Performance-CSV |
On each cluster node: Applications and Services Logs\Microsoft\Windows\ |
No |
Events related to Cluster Shared Volumes |
FailoverClustering-Client-Diagnostic |
On each cluster node: Applications and Services Logs\Microsoft\Windows\ |
No |
Trace logging for the Cluster API. This can help troubleshoot the Create Cluster and Add Node cluster actions. |
FailoverClustering-CsvFlt-Diagnostic |
On each cluster node: Applications and Services Logs\Microsoft\Windows\ |
No |
Trace logging for the CSV Proxy File System Driver (CsvFs.sys) which is mounted on all nodes in the cluster. This can provide information regarding direct I/O operations |
FailoverClustering-Manager-Admin |
On each cluster node: Applications and Services Logs\Microsoft\Windows\ |
Yes |
Errors associated with dialog boxes and pop-up warnings that are displayed in Failover Cluster Manager |
FailoverClustering-Manager-Diagnostic |
On each cluster node: Applications and Services Logs\Microsoft\Windows\ |
No |
Trace logging for Failover Cluster Manager |
FailoverClustering-WMIProvider-Admin |
On each cluster node: Applications and Services Logs\Microsoft\Windows\ |
Yes |
Events associated with the Failover Clustering WMI provider |
FailoverClustering-WMIProvider-Diagnostic |
On each cluster node: Applications and Services Logs\Microsoft\Windows\ |
No |
Trace logging for the Failover Clustering WMI provider. This can help you troubleshoot WMI scripts or some System Center applications. |