You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
589 lines
36 KiB
589 lines
36 KiB
EventCode,LogName,desc
|
|
614,Directory Service,A corrupt index has been detected
|
|
1014,Directory Service,The KCC failed to update the replication topology for the local DS
|
|
1083,Directory Service,Directory is busy and cannot complete replication (KB296714)
|
|
1084,Directory Service,Inbound Replication Failure
|
|
1115,Directory Service,Outbound replication has been disabled by the user
|
|
1173,Directory Service,AD DS encountered an exception (see event details)
|
|
1188,Directory Service,"A replication thread ""hung"" and was cancelled"
|
|
1203,Directory Service,Replication failed because of a schema mismatch
|
|
1220,Directory Service,LDAP over Secure Sockets Layer (SSL) will be unavailable at this time because the server was unable to obtain a certificate
|
|
1232,Directory Service,An RPC Call initiated by AD DS timed out
|
|
1307,Directory Service,Attempts to connect for replication have failed
|
|
1308,Directory Service,Attempts to connect for replication have failed
|
|
1311,Directory Service,Not enough information to generate a complete spanning tree topology (KB214745)
|
|
1419,Directory Service,Local DC is both GC and Infrastructure Master. These are incompatible roles
|
|
1458,Directory Service,A FSMO Role has moved
|
|
1463,Directory Service,Corrupt indices have been detected and will be rebuilt.
|
|
1481,Directory Service,Operation on an object failed (see event details)
|
|
1566,Directory Service,No available DCs in the site are available for replication
|
|
1659,Directory Service,Removal of a directory partition has resumed
|
|
1699,Directory Service,Replication access was denied (KB953392)
|
|
1800,Directory Service,"Partial replica found,but no writeable source found"
|
|
1801,Directory Service,Directory Partition has not been instantiated and no replication hosts found
|
|
1844,Directory Service,Local DC cannot connect to a remote DC for name resolution
|
|
1865,Directory Service,Production of the AD Spanning Tree failed (replication will fail)
|
|
1925,Directory Service,Attempt to establish a writable replication link failed
|
|
1926,Directory Service,Attempt to establish a replication link failed
|
|
1988,Directory Service,Attempt to replicate a non-existant object (KB870695)
|
|
2002,Directory Service,The KCC did not run successfully (problem with object)
|
|
2041,Directory Service,Duplicate Event Log Entries were suppressed
|
|
2052,Directory Service,Replication: Bridgeheads created back channel due to issues connecting for Replication
|
|
2054,Directory Service,Replciation: KCC detected a back channel between bridgeheads (Replication Failure)
|
|
2087,Directory Service,DNS Name Resolution of a DC Failed (KB824449)
|
|
2088,Directory Service,Replication used NetBIOS because DNS Failed (KB824449)
|
|
2089,Directory Service,A Directory Partition has not been backed up (KB914034)
|
|
2108,Directory Service,Repair Procedures for a preceding Event ID 1084 (KB837932)
|
|
2513,Directory Service,Failed to set the desired authentication protocol for a connection to a DSA
|
|
2886,Directory Service,AD Server is accepting insecure SASL LDAP binds
|
|
2887,Directory Service,Some clients performed insecure LDAP binds
|
|
16650,Directory Service,Account Identifier Allocator failed to initialize properly (KB839879)
|
|
36886,Directory Service,No default server credentials available
|
|
512,Security,Windows NT is starting up
|
|
513,Security,Windows is shutting down
|
|
514,Security,An authentication package has been loaded by the Local Security Authority
|
|
515,Security,A trusted logon process has registered with the Local Security Authority
|
|
516,Security,Internal resources exhausted - loss of events
|
|
517,Security,The audit log was cleared
|
|
518,Security,A notification package has been loaded by the Security Account Manager
|
|
519,Security,A process is using an invalid local procedure call (LPC) port
|
|
520,Security,The system time was changed
|
|
528,Security,Successful Logon
|
|
529,Security,Logon Failure - Unknown user name or bad password
|
|
530,Security,Logon Failure - Account logon time restriction violation
|
|
531,Security,Logon Failure - Account currently disabled
|
|
532,Security,Logon Failure - The specified user account has expired
|
|
533,Security,Logon Failure - User not allowed to logon at this computer
|
|
534,Security,Logon Failure - The user has not been granted the requested logon type at this machine
|
|
535,Security,Logon Failure - The specified account's password has expired
|
|
536,Security,Logon Failure - The NetLogon component is not active
|
|
537,Security,Logon failure - The logon attempt failed for other reasons.
|
|
538,Security,User Logoff
|
|
539,Security,Logon Failure - Account locked out
|
|
540,Security,Successful Network Logon
|
|
551,Security,User initiated logoff
|
|
552,Security,Logon attempt using explicit credentials
|
|
560,Security,Object Open
|
|
561,Security,Handle Allocated
|
|
562,Security,Handle Closed
|
|
563,Security,Object Open for Delete
|
|
564,Security,Object Deleted
|
|
565,Security,Object Open (Active Directory)
|
|
566,Security,Object Operation (W3 Active Directory)
|
|
567,Security,Object Access Attempt
|
|
576,Security,Special privileges assigned to new logon
|
|
577,Security,Privileged Service Called
|
|
578,Security,Privileged object operation
|
|
592,Security,A new process has been created
|
|
593,Security,A process has exited
|
|
594,Security,A handle to an object has been duplicated
|
|
595,Security,Indirect access to an object has been obtained
|
|
600,Security,A process was assigned a primary token
|
|
601,Security,Attempt to install service
|
|
602,Security,Scheduled Task created
|
|
608,Security,User Right Assigned
|
|
609,Security,User Right Removed
|
|
610,Security,New Trusted Domain
|
|
611,Security,Removing Trusted Domain
|
|
612,Security,Audit Policy Change
|
|
613,Security,IPSec policy agent started
|
|
614,Security,IPSec policy agent disabled
|
|
615,Security,IPSEC PolicyAgent Service
|
|
616,Security,IPSec policy agent encountered a potentially serious failure.
|
|
617,Security,Kerberos Policy Changed
|
|
618,Security,Encrypted Data Recovery Policy Changed
|
|
619,Security,Quality of Service Policy Changed
|
|
620,Security,Trusted Domain Information Modified
|
|
621,Security,System Security Access Granted
|
|
622,Security,System Security Access Removed
|
|
623,Security,Per User Audit Policy was refreshed
|
|
624,Security,User Account Created
|
|
625,Security,User Account Type Changed
|
|
626,Security,User Account Enabled
|
|
627,Security,Change Password Attempt
|
|
628,Security,User Account password set
|
|
629,Security,User Account Disabled
|
|
630,Security,User Account Deleted
|
|
631,Security,Security Enabled Global Group Created
|
|
632,Security,Security Enabled Global Group Member Added
|
|
633,Security,Security Enabled Global Group Member Removed
|
|
634,Security,Security Enabled Global Group Deleted
|
|
635,Security,Security Enabled Local Group Created
|
|
636,Security,Security Enabled Local Group Member Added
|
|
637,Security,Security Enabled Local Group Member Removed
|
|
638,Security,Security Enabled Local Group Deleted
|
|
639,Security,Security Enabled Local Group Changed
|
|
640,Security,General Account Database Change
|
|
641,Security,Security Enabled Global Group Changed
|
|
642,Security,User Account Changed
|
|
643,Security,Domain Policy Changed
|
|
644,Security,User Account Locked Out
|
|
645,Security,Computer Account Created
|
|
646,Security,Computer Account Changed
|
|
647,Security,Computer Account Deleted
|
|
648,Security,Security Disabled Local Group Created
|
|
649,Security,Security Disabled Local Group Changed
|
|
650,Security,Security Disabled Local Group Member Added
|
|
651,Security,Security Disabled Local Group Member Removed
|
|
652,Security,Security Disabled Local Group Deleted
|
|
653,Security,Security Disabled Global Group Created
|
|
654,Security,Security Disabled Global Group Changed
|
|
655,Security,Security Disabled Global Group Member Added
|
|
656,Security,Security Disabled Global Group Member Removed
|
|
657,Security,Security Disabled Global Group Deleted
|
|
658,Security,Security Enabled Universal Group Created
|
|
659,Security,Security Enabled Universal Group Changed
|
|
660,Security,Security Enabled Universal Group Member Added
|
|
661,Security,Security Enabled Universal Group Member Removed
|
|
662,Security,Security Enabled Universal Group Deleted
|
|
663,Security,Security Disabled Universal Group Created
|
|
664,Security,Security Disabled Universal Group Changed
|
|
665,Security,Security Disabled Universal Group Member Added
|
|
666,Security,Security Disabled Universal Group Member Removed
|
|
667,Security,Security Disabled Universal Group Deleted
|
|
668,Security,Group Type Changed
|
|
669,Security,Add SID History
|
|
670,Security,Add SID History
|
|
671,Security,User Account Unlocked
|
|
672,Security,Authentication Ticket Granted
|
|
673,Security,Service Ticket Granted
|
|
674,Security,Ticket Granted Renewed
|
|
675,Security,Pre-authentication failed
|
|
676,Security,Authentication Ticket Request Failed
|
|
677,Security,Service Ticket Request Failed
|
|
678,Security,Account Mapped for Logon by
|
|
679,Security,Account could not be mapped for logon
|
|
680,Security,Account Used for Logon by
|
|
681,Security,Logon to Account failed
|
|
682,Security,Session reconnected to winstation
|
|
683,Security,Session disconnected from winstation
|
|
684,Security,Set ACLs of members in administrators groups
|
|
685,Security,Account Name Changed
|
|
686,Security,Password of the following user accessed
|
|
687,Security,Basic Application Group Created
|
|
688,Security,Basic Application Group Changed
|
|
689,Security,Basic Application Group Member Added
|
|
690,Security,Basic Application Group Member Removed
|
|
691,Security,Basic Application Group Non-Member Added
|
|
692,Security,Basic Application Group Non-Member Removed
|
|
693,Security,Basic Application Group Deleted
|
|
694,Security,LDAP Query Group Created
|
|
695,Security,LDAP Query Group Changed
|
|
696,Security,LDAP Query Group Deleted
|
|
697,Security,Password Policy Checking API is called
|
|
806,Security,Per User Audit Policy was refreshed
|
|
807,Security,Per user auditing policy set for user
|
|
808,Security,A security event source has attempted to register
|
|
809,Security,A security event source has attempted to unregister
|
|
848,Security,The following policy was active when the Windows Firewall started
|
|
849,Security,An application was listed as an exception when the Windows Firewall started
|
|
850,Security,A port was listed as an exception when the Windows Firewall started
|
|
851,Security,A change has been made to Windows Firewall exception list
|
|
852,Security,A change has been made to the Windows Firewall port exception list
|
|
854,Security,A Windows Firewall setting has changed
|
|
855,Security,ICMP settings changed
|
|
856,Security,A rule has been partially ignored by Windows Firewall
|
|
857,Security,A rule has been rejected by Windows Firewall
|
|
858,Security,The Windows Firewall group policy settings have been removed
|
|
859,Security,The Windows Firewall group policy settings have been removed
|
|
860,Security,The Windows Firewall has switched the active policy profile
|
|
861,Security,The Windows Firewall has detected an application listening for incoming traffic
|
|
1100,Security,The event logging service has shut down
|
|
1101,Security,Audit events have been dropped by the transport.
|
|
1102,Security,The audit log was cleared
|
|
1104,Security,The security Log is now full
|
|
1105,Security,Event log automatic backup
|
|
1108,Security,The event logging service encountered an error
|
|
4500,Security,Metabase Add Key
|
|
4501,Security,Metabase Delete Key
|
|
4502,Security,Metabase Delete Chid Keys
|
|
4503,Security,Metabase Copy Key
|
|
4504,Security,Metabase Rename Key
|
|
4505,Security,Metabase Set Data
|
|
4506,Security,Metabase Delete Data
|
|
4507,Security,Metabase Delete All Data
|
|
4508,Security,Metabase Copy Data
|
|
4509,Security,Metabase Set Last Change Time
|
|
4510,Security,Metabase Restore
|
|
4511,Security,Metabase Delete Backup
|
|
4512,Security,Metabase Import
|
|
4608,Security,Windows is starting up
|
|
4609,Security,Windows is shutting down
|
|
4610,Security,An authentication package has been loaded by the Local Security Authority
|
|
4611,Security,A trusted logon process has been registered with the Local Security Authority
|
|
4612,Security,Internal resources exhausted - loss of events
|
|
4614,Security,A notification package has been loaded by the Security Account Manager.
|
|
4615,Security,Invalid use of LPC port
|
|
4616,Security,The system time was changed.
|
|
4618,Security,A monitored security event pattern has occurred
|
|
4621,Security,Administrator recovered system from CrashOnAuditFail
|
|
4622,Security,A security package has been loaded by the Local Security Authority.
|
|
4624,Security,An account was successfully logged on
|
|
4625,Security,An account failed to log on
|
|
4634,Security,An account was logged off
|
|
4646,Security,IKE DoS-prevention mode started.
|
|
4647,Security,User initiated logoff
|
|
4648,Security,A logon was attempted using explicit credentials
|
|
4649,Security,A replay attack was detected
|
|
4650,Security,An IPsec Main Mode security association was established
|
|
4651,Security,An IPsec Main Mode security association was established
|
|
4652,Security,An IPsec Main Mode negotiation failed
|
|
4653,Security,An IPsec Main Mode negotiation failed
|
|
4654,Security,An IPsec Quick Mode negotiation failed
|
|
4655,Security,An IPsec Main Mode security association ended
|
|
4656,Security,A handle to an object was requested
|
|
4657,Security,A registry value was modified
|
|
4658,Security,The handle to an object was closed
|
|
4659,Security,A handle to an object was requested with intent to delete
|
|
4660,Security,An object was deleted
|
|
4661,Security,A handle to an object was requested
|
|
4662,Security,An operation was performed on an object
|
|
4663,Security,An attempt was made to access an object
|
|
4664,Security,An attempt was made to create a hard link
|
|
4665,Security,An attempt was made to create an application client context.
|
|
4666,Security,An application attempted an operation
|
|
4667,Security,An application client context was deleted
|
|
4668,Security,An application was initialized
|
|
4670,Security,Permissions on an object were changed
|
|
4671,Security,An application attempted to access a blocked ordinal through the TBS
|
|
4672,Security,Special privileges assigned to new logon
|
|
4673,Security,A privileged service was called
|
|
4674,Security,An operation was attempted on a privileged object
|
|
4675,Security,SIDs were filtered
|
|
4688,Security,A new process has been created
|
|
4689,Security,A process has exited
|
|
4690,Security,An attempt was made to duplicate a handle to an object
|
|
4691,Security,Indirect access to an object was requested
|
|
4692,Security,Backup of data protection master key was attempted
|
|
4693,Security,Recovery of data protection master key was attempted
|
|
4694,Security,Protection of auditable protected data was attempted
|
|
4695,Security,Unprotection of auditable protected data was attempted
|
|
4696,Security,A primary token was assigned to process
|
|
4697,Security,A service was installed in the system
|
|
4698,Security,A scheduled task was created
|
|
4699,Security,A scheduled task was deleted
|
|
4700,Security,A scheduled task was enabled
|
|
4701,Security,A scheduled task was disabled
|
|
4702,Security,A scheduled task was updated
|
|
4704,Security,A user right was assigned
|
|
4705,Security,A user right was removed
|
|
4706,Security,A new trust was created to a domain
|
|
4707,Security,A trust to a domain was removed
|
|
4709,Security,IPsec Services was started
|
|
4710,Security,IPsec Services was disabled
|
|
4711,Security,PAStore Engine (1%)
|
|
4712,Security,IPsec Services encountered a potentially serious failure
|
|
4713,Security,Kerberos policy was changed
|
|
4714,Security,Encrypted data recovery policy was changed
|
|
4715,Security,The audit policy (SACL) on an object was changed
|
|
4716,Security,Trusted domain information was modified
|
|
4717,Security,System security access was granted to an account
|
|
4718,Security,System security access was removed from an account
|
|
4719,Security,System audit policy was changed
|
|
4720,Security,A user account was created
|
|
4722,Security,A user account was enabled
|
|
4723,Security,An attempt was made to change an account's password
|
|
4724,Security,An attempt was made to reset an accounts password
|
|
4725,Security,A user account was disabled
|
|
4726,Security,A user account was deleted
|
|
4727,Security,A security-enabled global group was created
|
|
4728,Security,A member was added to a security-enabled global group
|
|
4729,Security,A member was removed from a security-enabled global group
|
|
4730,Security,A security-enabled global group was deleted
|
|
4731,Security,A security-enabled local group was created
|
|
4732,Security,A member was added to a security-enabled local group
|
|
4733,Security,A member was removed from a security-enabled local group
|
|
4734,Security,A security-enabled local group was deleted
|
|
4735,Security,A security-enabled local group was changed
|
|
4737,Security,A security-enabled global group was changed
|
|
4738,Security,A user account was changed
|
|
4739,Security,Domain Policy was changed
|
|
4740,Security,A user account was locked out
|
|
4741,Security,A computer account was created
|
|
4742,Security,A computer account was changed
|
|
4743,Security,A computer account was deleted
|
|
4744,Security,A security-disabled local group was created
|
|
4745,Security,A security-disabled local group was changed
|
|
4746,Security,A member was added to a security-disabled local group
|
|
4747,Security,A member was removed from a security-disabled local group
|
|
4748,Security,A security-disabled local group was deleted
|
|
4749,Security,A security-disabled global group was created
|
|
4750,Security,A security-disabled global group was changed
|
|
4751,Security,A member was added to a security-disabled global group
|
|
4752,Security,A member was removed from a security-disabled global group
|
|
4753,Security,A security-disabled global group was deleted
|
|
4754,Security,A security-enabled universal group was created
|
|
4755,Security,A security-enabled universal group was changed
|
|
4756,Security,A member was added to a security-enabled universal group
|
|
4757,Security,A member was removed from a security-enabled universal group
|
|
4758,Security,A security-enabled universal group was deleted
|
|
4759,Security,A security-disabled universal group was created
|
|
4760,Security,A security-disabled universal group was changed
|
|
4761,Security,A member was added to a security-disabled universal group
|
|
4762,Security,A member was removed from a security-disabled universal group
|
|
4763,Security,A security-disabled universal group was deleted
|
|
4764,Security,A groups type was changed
|
|
4765,Security,SID History was added to an account
|
|
4766,Security,An attempt to add SID History to an account failed
|
|
4767,Security,A user account was unlocked
|
|
4768,Security,A Kerberos authentication ticket (TGT) was requested
|
|
4769,Security,A Kerberos service ticket was requested
|
|
4770,Security,A Kerberos service ticket was renewed
|
|
4771,Security,Kerberos pre-authentication failed
|
|
4772,Security,A Kerberos authentication ticket request failed
|
|
4773,Security,A Kerberos service ticket request failed
|
|
4774,Security,An account was mapped for logon
|
|
4775,Security,An account could not be mapped for logon
|
|
4776,Security,The domain controller attempted to validate the credentials for an account
|
|
4777,Security,The domain controller failed to validate the credentials for an account
|
|
4778,Security,A session was reconnected to a Window Station
|
|
4779,Security,A session was disconnected from a Window Station
|
|
4780,Security,The ACL was set on accounts which are members of administrators groups
|
|
4781,Security,The name of an account was changed
|
|
4782,Security,The password hash an account was accessed
|
|
4783,Security,A basic application group was created
|
|
4784,Security,A basic application group was changed
|
|
4785,Security,A member was added to a basic application group
|
|
4786,Security,A member was removed from a basic application group
|
|
4787,Security,A non-member was added to a basic application group
|
|
4788,Security,A non-member was removed from a basic application group..
|
|
4789,Security,A basic application group was deleted
|
|
4790,Security,An LDAP query group was created
|
|
4791,Security,A basic application group was changed
|
|
4792,Security,An LDAP query group was deleted
|
|
4793,Security,The Password Policy Checking API was called
|
|
4794,Security,An attempt was made to set the Directory Services Restore Mode administrator password
|
|
4800,Security,The workstation was locked
|
|
4801,Security,The workstation was unlocked
|
|
4802,Security,The screen saver was invoked
|
|
4803,Security,The screen saver was dismissed
|
|
4816,Security,RPC detected an integrity violation while decrypting an incoming message
|
|
4817,Security,Auditing settings on object were changed.
|
|
4864,Security,A namespace collision was detected
|
|
4865,Security,A trusted forest information entry was added
|
|
4866,Security,A trusted forest information entry was removed
|
|
4867,Security,A trusted forest information entry was modified
|
|
4868,Security,The certificate manager denied a pending certificate request
|
|
4869,Security,Certificate Services received a resubmitted certificate request
|
|
4870,Security,Certificate Services revoked a certificate
|
|
4871,Security,Certificate Services received a request to publish the certificate revocation list (CRL)
|
|
4872,Security,Certificate Services published the certificate revocation list (CRL)
|
|
4873,Security,A certificate request extension changed
|
|
4874,Security,One or more certificate request attributes changed.
|
|
4875,Security,Certificate Services received a request to shut down
|
|
4876,Security,Certificate Services backup started
|
|
4877,Security,Certificate Services backup completed
|
|
4878,Security,Certificate Services restore started
|
|
4879,Security,Certificate Services restore completed
|
|
4880,Security,Certificate Services started
|
|
4881,Security,Certificate Services stopped
|
|
4882,Security,The security permissions for Certificate Services changed
|
|
4883,Security,Certificate Services retrieved an archived key
|
|
4884,Security,Certificate Services imported a certificate into its database
|
|
4885,Security,The audit filter for Certificate Services changed
|
|
4886,Security,Certificate Services received a certificate request
|
|
4887,Security,Certificate Services approved a certificate request and issued a certificate
|
|
4888,Security,Certificate Services denied a certificate request
|
|
4889,Security,Certificate Services set the status of a certificate request to pending
|
|
4890,Security,The certificate manager settings for Certificate Services changed.
|
|
4891,Security,A configuration entry changed in Certificate Services
|
|
4892,Security,A property of Certificate Services changed
|
|
4893,Security,Certificate Services archived a key
|
|
4894,Security,Certificate Services imported and archived a key
|
|
4895,Security,Certificate Services published the CA certificate to Active Directory Domain Services
|
|
4896,Security,One or more rows have been deleted from the certificate database
|
|
4897,Security,Role separation enabled
|
|
4898,Security,Certificate Services loaded a template
|
|
4899,Security,A Certificate Services template was updated
|
|
4900,Security,Certificate Services template security was updated
|
|
4902,Security,The Per-user audit policy table was created
|
|
4904,Security,An attempt was made to register a security event source
|
|
4905,Security,An attempt was made to unregister a security event source
|
|
4906,Security,The CrashOnAuditFail value has changed
|
|
4907,Security,Auditing settings on object were changed
|
|
4908,Security,Special Groups Logon table modified
|
|
4909,Security,The local policy settings for the TBS were changed
|
|
4910,Security,The group policy settings for the TBS were changed
|
|
4912,Security,Per User Audit Policy was changed
|
|
4928,Security,An Active Directory replica source naming context was established
|
|
4929,Security,An Active Directory replica source naming context was removed
|
|
4930,Security,An Active Directory replica source naming context was modified
|
|
4931,Security,An Active Directory replica destination naming context was modified
|
|
4932,Security,Synchronization of a replica of an Active Directory naming context has begun
|
|
4933,Security,Synchronization of a replica of an Active Directory naming context has ended
|
|
4934,Security,Attributes of an Active Directory object were replicated
|
|
4935,Security,Replication failure begins
|
|
4936,Security,Replication failure ends
|
|
4937,Security,A lingering object was removed from a replica
|
|
4944,Security,The following policy was active when the Windows Firewall started
|
|
4945,Security,A rule was listed when the Windows Firewall started
|
|
4946,Security,A change has been made to Windows Firewall exception list. A rule was added
|
|
4947,Security,A change has been made to Windows Firewall exception list. A rule was modified
|
|
4948,Security,A change has been made to Windows Firewall exception list. A rule was deleted
|
|
4949,Security,Windows Firewall settings were restored to the default values
|
|
4950,Security,A Windows Firewall setting has changed
|
|
4951,Security,A rule has been ignored by Windows Firewall
|
|
4952,Security,Parts of a rule have been ignored by Windows Firewall
|
|
4953,Security,A rule has been ignored by Windows Firewall because it could not parse the rule
|
|
4954,Security,Windows Firewall Group Policy settings has changed. The new settings have been applied
|
|
4956,Security,Windows Firewall has changed the active profile
|
|
4957,Security,Windows Firewall did not apply a rule
|
|
4958,Security,Windows Firewall did not apply a rule
|
|
4960,Security,IPsec dropped an inbound packet that failed an integrity check
|
|
4961,Security,IPsec dropped an inbound packet that failed a replay check
|
|
4962,Security,IPsec dropped an inbound packet that failed a replay check
|
|
4963,Security,IPsec dropped an inbound clear text packet that should have been secured
|
|
4964,Security,Special groups have been assigned to a new logon
|
|
4965,Security,IPsec received a packet from a remote computer with an incorrect Security Parameter Index (SPI).
|
|
4976,Security,"During Main Mode negotiation,Security,IPsec received an invalid negotiation packet."
|
|
4977,Security,"During Quick Mode negotiation,Security,IPsec received an invalid negotiation packet."
|
|
4978,Security,"During Extended Mode negotiation,Security,IPsec received an invalid negotiation packet."
|
|
4979,Security,IPsec Main Mode and Extended Mode security associations were established.
|
|
4980,Security,IPsec Main Mode and Extended Mode security associations were established
|
|
4981,Security,IPsec Main Mode and Extended Mode security associations were established
|
|
4982,Security,IPsec Main Mode and Extended Mode security associations were established
|
|
4983,Security,An IPsec Extended Mode negotiation failed
|
|
4984,Security,An IPsec Extended Mode negotiation failed
|
|
4985,Security,The state of a transaction has changed
|
|
5024,Security,The Windows Firewall Service has started successfully
|
|
5025,Security,The Windows Firewall Service has been stopped
|
|
5027,Security,The Windows Firewall Service was unable to retrieve the security policy from the local storage
|
|
5028,Security,The Windows Firewall Service was unable to parse the new security policy.
|
|
5029,Security,The Windows Firewall Service failed to initialize the driver
|
|
5030,Security,The Windows Firewall Service failed to start
|
|
5031,Security,The Windows Firewall Service blocked an application on the network.
|
|
5032,Security,Windows Firewall was unable to notify the user about blocked connections
|
|
5033,Security,The Windows Firewall Driver has started successfully
|
|
5034,Security,The Windows Firewall Driver has been stopped
|
|
5035,Security,The Windows Firewall Driver failed to start
|
|
5037,Security,The Windows Firewall Driver detected critical runtime error. Terminating
|
|
5038,Security,Code integrity determined that the image hash of a file is not valid
|
|
5039,Security,A registry key was virtualized.
|
|
5040,Security,A change has been made to IPsec settings. An Authentication Set was added.
|
|
5041,Security,A change has been made to IPsec settings. An Authentication Set was modified
|
|
5042,Security,A change has been made to IPsec settings. An Authentication Set was deleted
|
|
5043,Security,A change has been made to IPsec settings. A Connection Security Rule was added
|
|
5044,Security,A change has been made to IPsec settings. A Connection Security Rule was modified
|
|
5045,Security,A change has been made to IPsec settings. A Connection Security Rule was deleted
|
|
5046,Security,A change has been made to IPsec settings. A Crypto Set was added
|
|
5047,Security,A change has been made to IPsec settings. A Crypto Set was modified
|
|
5048,Security,A change has been made to IPsec settings. A Crypto Set was deleted
|
|
5049,Security,An IPsec Security Association was deleted
|
|
5050,Security,An attempt to programmatically disable the Windows Firewall
|
|
5051,Security,A file was virtualized
|
|
5056,Security,A cryptographic self test was performed
|
|
5057,Security,A cryptographic primitive operation failed
|
|
5058,Security,Key file operation
|
|
5059,Security,Key migration operation
|
|
5060,Security,Verification operation failed
|
|
5061,Security,Cryptographic operation
|
|
5062,Security,A kernel-mode cryptographic self test was performed
|
|
5063,Security,A cryptographic provider operation was attempted
|
|
5064,Security,A cryptographic context operation was attempted
|
|
5065,Security,A cryptographic context modification was attempted
|
|
5066,Security,A cryptographic function operation was attempted
|
|
5067,Security,A cryptographic function modification was attempted
|
|
5068,Security,A cryptographic function provider operation was attempted
|
|
5069,Security,A cryptographic function property operation was attempted
|
|
5070,Security,A cryptographic function property operation was attempted
|
|
5120,Security,OCSP Responder Service Started
|
|
5121,Security,OCSP Responder Service Stopped
|
|
5122,Security,A Configuration entry changed in the OCSP Responder Service
|
|
5123,Security,A configuration entry changed in the OCSP Responder Service
|
|
5124,Security,A security setting was updated on OCSP Responder Service
|
|
5125,Security,A request was submitted to OCSP Responder Service
|
|
5126,Security,Signing Certificate was automatically updated by the OCSP Responder Service
|
|
5127,Security,The OCSP Revocation Provider successfully updated the revocation information
|
|
5136,Security,A directory service object was modified
|
|
5137,Security,A directory service object was created
|
|
5138,Security,A directory service object was undeleted
|
|
5139,Security,A directory service object was moved
|
|
5140,Security,A network share object was accessed
|
|
5141,Security,A directory service object was deleted
|
|
5142,Security,A network share object was added.
|
|
5143,Security,A network share object was modified
|
|
5144,Security,A network share object was deleted.
|
|
5145,Security,A network share object was checked to see whether client can be granted desired access
|
|
5148,Security,The Windows Filtering Platform has detected a DoS attack and entered a defensive mode
|
|
5149,Security,The DoS attack has subsided and normal processing is being resumed.
|
|
5150,Security,The Windows Filtering Platform has blocked a packet.
|
|
5151,Security,A more restrictive Windows Filtering Platform filter has blocked a packet.
|
|
5152,Security,The Windows Filtering Platform blocked a packet
|
|
5153,Security,A more restrictive Windows Filtering Platform filter has blocked a packet
|
|
5154,Security,The Windows Filtering Platform has permitted an application or service to listen
|
|
5155,Security,The Windows Filtering Platform has blocked an application or service from listening
|
|
5156,Security,The Windows Filtering Platform has allowed a connection
|
|
5157,Security,The Windows Filtering Platform has blocked a connection
|
|
5158,Security,The Windows Filtering Platform has permitted a bind to a local port
|
|
5159,Security,The Windows Filtering Platform has blocked a bind to a local port
|
|
5168,Security,Spn check for SMB/SMB2 fails.
|
|
5376,Security,Credential Manager credentials were backed up
|
|
5377,Security,Credential Manager credentials were restored from a backup
|
|
5378,Security,The requested credentials delegation was disallowed by policy
|
|
5440,Security,The following callout was present when the Windows Filtering Platform Base Filtering Engine started
|
|
5441,Security,The following filter was present when the Windows Filtering Platform Base Filtering Engine started
|
|
5442,Security,The following provider was present when the Windows Filtering Platform Base Filtering Engine started
|
|
5443,Security,The following provider context was present when the Windows Filtering Platform Base Filtering Engine started
|
|
5444,Security,The following sub-layer was present when the Windows Filtering Platform Base Filtering Engine started
|
|
5446,Security,A Windows Filtering Platform callout has been changed
|
|
5447,Security,A Windows Filtering Platform filter has been changed
|
|
5448,Security,A Windows Filtering Platform provider has been changed
|
|
5449,Security,A Windows Filtering Platform provider context has been changed
|
|
5450,Security,A Windows Filtering Platform sub-layer has been changed
|
|
5451,Security,An IPsec Quick Mode security association was established
|
|
5452,Security,An IPsec Quick Mode security association ended
|
|
5453,Security,An IPsec negotiation with a remote computer failed
|
|
5456,Security,PAStore Engine applied Active Directory storage IPsec policy on the computer
|
|
5457,Security,PAStore Engine failed to apply Active Directory storage IPsec policy on the computer
|
|
5458,Security,PAStore Engine applied locally cached copy of Active Directory storage IPsec policy on the computer
|
|
5459,Security,PAStore Engine failed to apply locally cached copy of Active Directory storage IPsec policy on the computer
|
|
5460,Security,PAStore Engine applied local registry storage IPsec policy on the computer
|
|
5461,Security,PAStore Engine failed to apply local registry storage IPsec policy on the computer
|
|
5462,Security,PAStore Engine failed to apply some rules of the active IPsec policy on the computer
|
|
5463,Security,PAStore Engine polled for changes to the active IPsec policy and detected no changes
|
|
5464,Security,PAStore Engine applied changes to IPsec Services
|
|
5465,Security,PAStore Engine received a control for forced reloading of IPsec policy and processed the control successfully
|
|
5466,Security,PAStore Engine determined that Active Directory cannot be reached and will use the cached copy of the Active Directory IPsec policy instead
|
|
5467,Security,PAStore Engine found no changes to the IPSec policy
|
|
5468,Security,PAStore Engine found changes to the policy and applied those changes
|
|
5471,Security,PAStore Engine loaded local storage IPsec policy on the computer
|
|
5472,Security,PAStore Engine failed to load local storage IPsec policy on the computer
|
|
5473,Security,PAStore Engine loaded directory storage IPsec policy on the computer
|
|
5474,Security,PAStore Engine failed to load directory storage IPsec policy on the computer
|
|
5477,Security,PAStore Engine failed to add quick mode filter
|
|
5478,Security,IPsec Services has started successfully
|
|
5479,Security,IPsec Services has been shut down successfully
|
|
5480,Security,IPsec Services failed to get the complete list of network interfaces on the computer
|
|
5483,Security,IPsec Services failed to initialize RPC server. IPsec Services could not be started
|
|
5484,Security,IPsec Services has experienced a critical failure and has been shut down
|
|
5485,Security,IPsec Services failed to process some IPsec filters on a plug-and-play event for network interfaces
|
|
5632,Security,A request was made to authenticate to a wireless network
|
|
5633,Security,A request was made to authenticate to a wired network
|
|
5712,Security,A Remote Procedure Call (RPC) was attempted
|
|
5888,Security,An object in the COM+ Catalog was modified
|
|
5889,Security,An object was deleted from the COM+ Catalog
|
|
5890,Security,An object was added to the COM+ Catalog
|
|
6144,Security,Security policy in the group policy objects has been applied successfully
|
|
6145,Security,One or more errors occured while processing security policy in the group policy objects
|
|
6272,Security,Network Policy Server granted access to a user
|
|
6273,Security,Network Policy Server denied access to a user
|
|
6274,Security,Network Policy Server discarded the request for a user
|
|
6275,Security,Network Policy Server discarded the accounting request for a user
|
|
6276,Security,Network Policy Server quarantined a user
|
|
6277,Security,Network Policy Server granted access to a user but put it on probation because the host did not meet the defined health policy
|
|
6278,Security,Network Policy Server granted full access to a user because the host met the defined health policy
|
|
6279,Security,Network Policy Server locked the user account due to repeated failed authentication attempts
|
|
6280,Security,Network Policy Server unlocked the user account
|
|
6281,Security,Code Integrity determined that the page hashes of an image file are not valid...
|
|
6400,Security,BranchCache: Received an incorrectly formatted response while discovering availability of content.
|
|
6401,Security,BranchCache: Received invalid data from a peer. Data discarded.
|
|
6402,Security,BranchCache: The message to the hosted cache offering it data is incorrectly formatted.
|
|
6403,Security,BranchCache: The hosted cache sent an incorrectly formatted response to the client's message to offer it data.
|
|
6404,Security,BranchCache: Hosted cache could not be authenticated using the provisioned SSL certificate.
|
|
6405,Security,BranchCache: Multiple instances of another Event ID
|
|
6406,Security,A application registered to Windows Firewall to control filtering for the following:
|
|
6407,Security,Unknown - see event
|
|
6408,Security,Registered product failed and Windows Firewall is now controlling the filtering.
|
|
1014,System,Name resolution for critical SRV timed out
|
|
1056,System,Dynamic DNS Registration credentials not set
|
|
5782,System,No DNS servers configured for local system |