ADWS
8 events across 1 channel
| Event ID | Title | Channel |
|---|---|---|
| 1000 | Active Directory Web Services is starting. | Active Directory Web Services |
| 1004 | Active Directory Web Services has successfully started and is now accepting … | Active Directory Web Services |
| 1006 | Active Directory Web Services is advertising. | Active Directory Web Services |
| 1008 | Active Directory Web Services has successfully reduced its security privileges. | Active Directory Web Services |
| 1100 | The values specified in the <appsettings> section of the configuration file for … | Active Directory Web Services |
| 1200 | Active Directory Web Services is now servicing the specified directory instance. | Active Directory Web Services |
| 1202 | This computer is now hosting the specified directory instance, but Active … | Active Directory Web Services |
| 1400 | Active Directory Web Services could not find a server certificate with the … | Active Directory Web Services |
Event ID 1000 — Active Directory Web Services is starting.
Example Event
system:
provider: ADWS
guid: ''
event_source_name: ''
event_id: 1000
version: 0
level: 4
task: 1
opcode: 0
keywords: 36028797018963968
time_created: '2022-04-07T16:53:33.218560+00:00'
event_record_id: 18
correlation: {}
execution:
process_id: 0
thread_id: 0
channel: Active Directory Web Services
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: ''
event_data: {}
message: Active Directory Web Services is starting.
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 1004 — Active Directory Web Services has successfully started and is now accepting requests.
Example Event
system:
provider: ADWS
guid: ''
event_source_name: ''
event_id: 1004
version: 0
level: 4
task: 1
opcode: 0
keywords: 36028797018963968
time_created: '2022-04-07T16:55:13.656546+00:00'
event_record_id: 25
correlation: {}
execution:
process_id: 0
thread_id: 0
channel: Active Directory Web Services
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: ''
event_data: {}
message: Active Directory Web Services has successfully started and is now accepting
requests.
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 1006 — Active Directory Web Services is advertising.
Example Event
system:
provider: ADWS
guid: ''
event_source_name: ''
event_id: 1006
version: 0
level: 4
task: 1
opcode: 0
keywords: 36028797018963968
time_created: '2022-04-07T16:55:13.656546+00:00'
event_record_id: 24
correlation: {}
execution:
process_id: 0
thread_id: 0
channel: Active Directory Web Services
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: ''
event_data: {}
message: Active Directory Web Services is advertising.
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 1008 — Active Directory Web Services has successfully reduced its security privileges.
Example Event
system:
provider: ADWS
guid: ''
event_source_name: ''
event_id: 1008
version: 0
level: 4
task: 1
opcode: 0
keywords: 36028797018963968
time_created: '2022-04-07T16:53:41.578058+00:00'
event_record_id: 20
correlation: {}
execution:
process_id: 0
thread_id: 0
channel: Active Directory Web Services
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: ''
event_data: {}
message: Active Directory Web Services has successfully reduced its security privileges.
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 1100 — The values specified in the <appsettings> section of the configuration file for Active Directory Web Services have been loaded without errors.
Example Event
system:
provider: ADWS
guid: ''
event_source_name: ''
event_id: 1100
version: 0
level: 4
task: 2
opcode: 0
keywords: 36028797018963968
time_created: '2022-04-07T16:54:38.719082+00:00'
event_record_id: 22
correlation: {}
execution:
process_id: 0
thread_id: 0
channel: Active Directory Web Services
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: ''
event_data: {}
message: The values specified in the <appsettings> section of the configuration file
for Active Directory Web Services have been loaded without errors.
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 1200 — Active Directory Web Services is now servicing the specified directory instance.
Fields
| Name | Description |
|---|---|
Data | — |
Example Event
system:
provider: ADWS
guid: ''
event_source_name: ''
event_id: 1200
version: 0
level: 4
task: 3
opcode: 0
keywords: 36028797018963968
time_created: '2022-04-07T17:00:49.519334+00:00'
event_record_id: 32
correlation: {}
execution:
process_id: 0
thread_id: 0
channel: Active Directory Web Services
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: ''
event_data:
Data:
- GC
- '3268'
- '3269'
message: "Active Directory Web Services is now servicing the specified directory instance.\n\r\n\n\r\nDirectory
instance: GC\n\r\nDirectory instance LDAP port: 3268\n\r\nDirectory instance SSL
port: 3269\n"
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 1202 — This computer is now hosting the specified directory instance, but Active Directory Web Services could not service it.
Fields
| Name | Description |
|---|---|
Data | — |
Example Event
system:
provider: ADWS
guid: ''
event_source_name: ''
event_id: 1202
version: 0
level: 2
task: 3
opcode: 0
keywords: 36028797018963968
time_created: '2022-04-07T16:59:51.452547+00:00'
event_record_id: 30
correlation: {}
execution:
process_id: 0
thread_id: 0
channel: Active Directory Web Services
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: ''
event_data:
Data:
- NTDS
- '389'
- '636'
message: "This computer is now hosting the specified directory instance, but Active
Directory Web Services could not service it. Active Directory Web Services will
retry this operation periodically.\n\r\n\n\r\nDirectory instance: NTDS\n\r\nDirectory
instance LDAP port: 389\n\r\nDirectory instance SSL port: 636\n"
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 1400 — Active Directory Web Services could not find a server certificate with the specified certificate name.
Fields
| Name | Description |
|---|---|
Data | — |
Example Event
system:
provider: ADWS
guid: ''
event_source_name: ''
event_id: 1400
version: 0
level: 4
task: 5
opcode: 0
keywords: 36028797018963968
time_created: '2022-04-07T16:54:00.718478+00:00'
event_record_id: 21
correlation: {}
execution:
process_id: 0
thread_id: 0
channel: Active Directory Web Services
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: ''
event_data:
Data:
- WIN-FPV0DSIC9O6.sigma.fr
message: "Active Directory Web Services could not find a server certificate with the
specified certificate name. A certificate is required to use SSL/TLS connections.
To use SSL/TLS connections, verify that a valid server authentication certificate
from a trusted Certificate Authority (CA) is installed on the machine.\n\r\n\n\r\nCertificate
name: WIN-FPV0DSIC9O6.sigma.fr\n"
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline