Troubleshoot CAU: Log Files for Cluster-Aware Updating

Troubleshoot CAU: Log Files for Cluster-Aware Updating

This topic provides an overview of the log files that are generated when you use the Cluster-Aware Updating (CAU) feature in Windows Server 2012. The log files contain information that is mainly intended for use by developers and Microsoft Support engineers. However, in some cases you might want to look at one or more logs to help troubleshoot a problem that you encounter when using CAU.

As a convenience, you can run the Save-CauDebugTrace Windows PowerShell cmdlet to package the CAU log files as a zip file. For example, you might need to gather the logs if you contact Microsoft Support for assistance.

CAU log files

The following table summarizes CAU-related log files that are generated on the CAU Update Coordinator computer or the failover cluster nodes. Some log files are generated automatically when you use CAU to apply updates or perform related actions; to generate others, you must perform additional steps. The table also indicates conditions when the log files are included in the package that is generated when you run the Save-CauDebugTrace Windows PowerShell cmdlet.

For details about running Save-CauDebugTrace, see Run Save-CAUDebugTrace later in this topic.

Log files Description Location Format Steps to generate the logs Package using Save-CauDebugTrace?

CAU debug logs

Information about CAU-related actions such as scanning, download, and installation of updates using Windows PowerShell on a local or remote Update Coordinator

On each Update Coordinator computer, in the User's Profile: %localappdata%\Temp\CAU\debugTrace_ *.etl

If multiple CAU processes are running, separate trace files for each process are generated—for example, debugTrace_01.etl, debugTrace_02.etl, and so on.

Event Trace Log (.etl)

 Note
To view the information in an .etl file, you can convert it to text format. For example, run the following command:netsh trace convert <EtlFileName> dump=TXT

None. A new .etl file is created automatically for each CAU Windows PowerShell session that runs on a CAU Update Coordinator.

Run on an Update Coordinator

CAU UI tracing logs

Information about actions performed using the CAU UI on a local or remote Update Coordinator

On each Update Coordinator: %localappdata%\temp\ClusterUpdateUI.log (by default).

If multiple CAU UI instances are running, each additional instance creates a new UI log file with a unique identifier prepended to the default name—for example, 8c1cc20b-8697-47df-ad21-19b058211c26ClusterUpdateUI.log.

Text

None. A UI tracing log is automatically created or appended when you start the CAU UI on a CAU Update Coordinator.

The location, trace level, and other properties of the UI tracing log can be optionally customized by modifying the file %systemroot%\Cluster\ClusterUpdateUI.exe.config.

Run on an Update Coordinator

CAU WMI provider logs

Information about the CAU WMI provider that is installed on each cluster node to coordinate updates by CAU

On each cluster node: %systemroot%\system32\LogFiles\ClusterUpdate\CauWmi*.log

Text

None. A CAU WMI provider log is generated automatically on each node for each Updating Run.

Run on a cluster node, or run on a remote Update Coordinator and specify the ClusterName parameter

Failover Clustering log files

Configurable level of detail about the normal activities and problems in the failover cluster. This information is not specific to CAU, but may contain related troubleshooting information about the cluster state.

When generated, on each cluster node: %windir%\cluster\reports\cluster.log (by default)

Text

1. Run the Set-ClusterLog Windows PowerShell cmdlet to specify the size and level of detail in the log file. For example, to specify a verbose log with a maximum size of 100 MB:

Set-ClusterLog -size 100 -level 5

2. Use CAU or Failover Clustering tools to apply updates or perform a task that causes the problem that you want to troubleshoot.

3. Run the Get-ClusterLog Windows PowerShell cmdlet to generate the log file on all nodes, or a specific node, of the failover cluster. For example, to generate a log on all nodes for a time span of 5 minutes, and place the results in the default cluster log location:

Get-ClusterLog -timespan 5

Run on a cluster node, or run on a remote Update Coordinator and specify the ClusterName parameter

Windows Update Agent log files

Information about when the Windows Update Agent connects to a Microsoft software update source to download or install an update

On each cluster node: %windir%\Windowsupdate.log

Text

None. All Microsoft software update transactions are logged automatically on each cluster node.

You can optionally enable verbose logging. For more information, see article 902093 at the Microsoft Support site.

Run on a cluster node, or run on a remote Update Coordinator and specify the ClusterName parameter

Run Save-CAUDebugTrace

You can run the Save-CauDebugTrace Windows PowerShell cmdlet on an Update Coordinator computer or on a cluster node to save the CAU log files to a zip file. The files are packaged in a defined structure. Different log files are packaged, depending on the location where you run the cmdlet and the cmdlet parameters that you specify. See the table in CAU log files earlier in this topic.

When running Save-CauDebugTrace, be aware of the following:

  • Ensure that Windows PowerShell remoting is enabled on the cluster nodes and that the nodes meet other requirements for remote management. For more information, see Configure the nodes for remote management in the Windows Server Library.
  • Before running Save-CauDebugTrace, close any instances of the CAU UI, to ensure that UI tracing log files are properly flushed to the disk.
  • It might take several minutes to run Save-CauDebugTrace.

Windows PowerShell commands

The following example runs Save-CauDebugTrace on an Update Coordinator computer to package the local CAU debug and UI tracing logs in the file C:\temp\CAUTrace.zip.

Save-CauDebugTrace -FilePath C:\temp\CAUTrace.zip

The following example runs Save-CauDebugTrace on an Update Coordinator computer to package the local CAU debug and UI tracing logs, plus the available CAU-related logs on the nodes in cluster CONTOSO-FC1, in the file C:\temp\CAUTrace.zip on the local computer.

Save-CauDebugTrace –ClusterName CONTOSO-FC1 -FilePath C:\temp\CAUTrace.zip

The following example runs Save-CauDebugTrace on a cluster node to package the local CAU debug and UI tracing logs, plus the available CAU-related logs on the failover cluster nodes, in the file C:\temp\CAUTrace.zip on the local computer.

Save-CauDebugTrace -FilePath C:\temp\CAUTrace.zip

Structure of the zip file

The zip file that is the output of Save-CauDebugTrace contains log files in a structure similar to the following. Depending on your CAU scenario, the zip file might contain more or fewer files. In the following example, Save-CauDebugTrace was run on a node in a two-node failover cluster consisting of nodes named ContosoNode1 and ContosoNode2. The wildcard character (*) is used here to indicate one or more files.

<!--Root of zip file-->

   *ClusterUpdateUI.log       <!--CAU UI tracing logs-->
   SaveCauDebugTrace.etl      <!--Tracing log for the Save-CauDebugTrace process-->

   ContosoNode1\      <!--Folder containing logs from node ContosoNode1-->
      debugTrace_ *.etl            <!--CAU debug tracing logs-->
      WUA
          WindowsUpdate.log        <!--Windows Update Agent log-->
      WMI
          CauWMI*.log              <!--CAU WMI provider logs-->
      Cluster
          ContosoNode1_cluster.log <!--Failover cluster log-->

   ContosoNode2\      <!--Folder containing logs from node ContosoNode2-->
      debugTrace_ *.etl            <!--CAU debug tracing logs-->
      WUA
          WindowsUpdate.log        <!--Windows Update Agent log-->
      WMI
          CauWMI*.log              <!--CAU WMI provider logs-->
      Cluster
          ContosoNode2_cluster.log <!--Failover cluster log-->

 

 

Event logging channels for CAU

The following table lists CAU- and Failover Clustering-related event logging channels. You can use these to view CAU-related events using Event Viewer on a remote CAU Update Coordinator computer or on a failover cluster node.

You can also use Failover Cluster Manager to view recent events for all of the nodes in a cluster, or the critical events for a specific clustered role or resource.

Logging channel Event Viewer path Enabled Description

ClusterAwareUpdating-Admin

On each cluster node: Applications and Services Logs\Microsoft\Windows\

Yes

CAU administrative events related to:

  • Scanning, download, and installation of updates.
  • Reporting
  • Updating Run coordination

ClusterAwareUpdating-Debug

On each cluster node: Applications and Services Logs\Microsoft\Windows\

No

CAU debugging events related to scanning, download, and installation of updates; CAU reporting; Updating Run coordination.

ClusterAwareUpdating-Management-Admin

On each CAU Update Coordinator: Applications and Services Logs\Microsoft\Windows\

Yes

CAU administrative events related to cross-cluster orchestration related to:

  • Scanning, download, and installation of updates.
  • Reporting
  • Updating Run coordination

System

On each cluster node: Windows Logs\

Yes

Includes Failover Clustering events that are of type Critical, Error, or Warning

FailoverClustering-Diagnostic

On each cluster node: Applications and Services Logs\Microsoft\Windows\

Yes

Circular log that runs anytime the Cluster service starts. Events can be read in the Event Viewer if logging is disabled. They can also be converted to text file format. The primary way to generate the cluster log is to use the Get-ClusterLog Windows PowerShell cmdlet.

FailoverClustering-Operational

A On each cluster node: Applications and Services Logs\Microsoft\Windows\

Yes

Informational cluster events

FailoverClustering-Performance-CSV

On each cluster node: Applications and Services Logs\Microsoft\Windows\

No

Events related to Cluster Shared Volumes

FailoverClustering-Client-Diagnostic

On each cluster node: Applications and Services Logs\Microsoft\Windows\

No

Trace logging for the Cluster API. This can help troubleshoot the Create Cluster and Add Node cluster actions.

FailoverClustering-CsvFlt-Diagnostic

On each cluster node: Applications and Services Logs\Microsoft\Windows\

No

Trace logging for the CSV Proxy File System Driver (CsvFs.sys) which is mounted on all nodes in the cluster. This can provide information regarding direct I/O operations

FailoverClustering-Manager-Admin

On each cluster node: Applications and Services Logs\Microsoft\Windows\

Yes

Errors associated with dialog boxes and pop-up warnings that are displayed in Failover Cluster Manager

FailoverClustering-Manager-Diagnostic

On each cluster node: Applications and Services Logs\Microsoft\Windows\

No

Trace logging for Failover Cluster Manager

FailoverClustering-WMIProvider-Admin

On each cluster node: Applications and Services Logs\Microsoft\Windows\

Yes

Events associated with the Failover Clustering WMI provider

FailoverClustering-WMIProvider-Diagnostic

On each cluster node: Applications and Services Logs\Microsoft\Windows\

No

Trace logging for the Failover Clustering WMI provider. This can help you troubleshoot WMI scripts or some System Center applications.


Leave a Comment
  • Please add 3 and 4 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Sort by: Published Date | Most Recent | Most Useful
Comments
  • Dan Lepow [MSFT] edited Revision 5. Comment: Corrected PowerShell commands

  • Dan Lepow [MSFT] edited Revision 3. Comment: Removed [toc] tag - didn't work as expected

  • Dan Lepow [MSFT] edited Revision 2. Comment: More table formatting

  • Dan Lepow [MSFT] edited Revision 1. Comment: More table formatting

  • Dan Lepow [MSFT] edited Original. Comment: Added [toc] tag, fixed table formatting

Page 1 of 1 (5 items)
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Comments
  • Dan Lepow [MSFT] edited Original. Comment: Added [toc] tag, fixed table formatting

  • Dan Lepow [MSFT] edited Revision 1. Comment: More table formatting

  • Dan Lepow [MSFT] edited Revision 2. Comment: More table formatting

  • Dan Lepow [MSFT] edited Revision 3. Comment: Removed [toc] tag - didn't work as expected

  • Dan Lepow [MSFT] edited Revision 5. Comment: Corrected PowerShell commands

Page 1 of 1 (5 items)