How do we enable & look for the location of dump files in Windows Server 2016?

The file is usually C:\windows\system32\memory.dmp.  If it is configured for a minidump, look in c:\windows\system32\minidmp.

I usually use BlueScreenView from Nirsoft to analyze the files either in place on a running system or manually where I've copied them elsewhere.
https://www.nirsoft.net/utils/blue_screen_view.html

I would also look in Event Viewer, System to see if there is any evidence.  If it rebooted gracefully, there will be messages there to clue you in.  If not, you'll find an entry after the restart that the previous reboot wasn't proper.

I cannot find those files in that folder?

Found it at c:\windows\memory.dmp but the time stamp was back in July 2020?

Unexpected reboot happened this morning?

How do you enable or disable that dump file?

The memory dump file is old, did not see same file for today's unexpected reboot?

& checked that it's enabled

If it didn't actually crash, it won't make the DMP file.  What does the Event Viewer show?  It should be clear there if it crashed or rebooted more properly.  In the latter case, you'll see entries for what initiated it, entries for many items shutting down, and no "improper shutdown" message when it starts back up.

It says only shutdown physical server & virtual machine but what's strange was that event log was found under administrative events not in the system events?

To be sure.... was it the host that rebooted or just the VM?  In any case, you'll want to look for the files on whichever one rebooted.

Did you try BlueScreenView?  If the DMP file (if there is one) is programmed to be elsewhere, it should find it.

Do you see any entries about what initiated the shutdown?

"administrative events not in the system events "
Where are you finding "administrative events"?

I don't see that in my Event Viewer.  Under Windows Logs I have Application, Security, Setup, System, and Forwarded Events.

the physical server shutdown first followed by that specific VM in like 2 minutes apart, no shutdown events from other VMs though

what's bluescreenview?

didn't find any entries that may have initiated the shutdown or reboot?

administrative events is under custom views

I usually use BlueScreenView from Nirsoft to analyze the files either in place on a running system or manually where I've copied them elsewhere.
https://www.nirsoft.net/utils/blue_screen_view.html 

It's a very handy program.

Can you copy the last 20-30 Event Viewer, System entries from the end of the last shutdown?  You can highlight the entries, right-click on them, and then Save....

OK.  I don't usually check Custom Views.  You didn't find those same entries in Windows Logs, System?

you can also use WinDbg from the microsoft store on windows 10; i found it useful

the physical server shutdown first followed by that specific VM in like 2 minutes apart

how did the host shutdown before the guest?  if the host failed, the guest would have failed with it
if the dump file is dated 2 months ago, that says 1) it crashed before (did you determine root cause of that?) and 2) either it had a reset of some sort or failed to create a dump file

determining the cause of the july crash might help to see if this failure is related; especially if it is a hardware issue

i found the results from bluescreenview differs often from Windbg, which i also use; but it's not as easy to use
in case you need it, here's how to set the system to make dmps :
How to Enable Minidump logs in Windows 10

1. Now click System and Security from within the Control Panel:
2. Then click System from the list:
3. Now, click Advanced System Settings:
4. Under the Start-up and Recovery section, click Settings:
5. Finally, select Small Memory Dump from the debugging drop-down menu, then click OK:

"OK.  I don't usually check Custom Views.  You didn't find those same entries in Windows Logs, System?"

No, I did not find the shutdown event under the system windows logs

That's very surprising.  Do you find any part of the shutdown or startup process in System?

"determining the cause of the july crash might help to see if this failure is related; especially if it is a hardware issue"

that was a storage firmware issue that was resolved

that was a storage firmware issue that was resolved

so if there is no dump file for this last failure, your only option is to comb through event logs just prior to the restart

true & we cannot find an issue that caused the unexpected reboot, I'm thinking to open a case w/ Microsoft to make a diagnostics root cause analysis to find out the real issue since our vendor support cannot find anything from the hardware side