DFSR
14 events across 1 channel
Event ID 1002 — The DFS Replication service is starting.
Example Event
system:
provider: DFSR
guid: ''
event_source_name: ''
event_id: 1002
version: 0
level: 4
task: 0
opcode: 0
keywords: 36028797018963968
time_created: '2022-04-07T17:06:55.964893+00:00'
event_record_id: 1
correlation: {}
execution:
process_id: 0
thread_id: 0
channel: DFS Replication
computer: WIN-FPV0DSIC9O6
security:
user_id: ''
event_data: {}
message: The DFS Replication service is starting.
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 1004 — The DFS Replication service has started.
Example Event
system:
provider: DFSR
guid: ''
event_source_name: ''
event_id: 1004
version: 0
level: 4
task: 0
opcode: 0
keywords: 36028797018963968
time_created: '2022-04-07T17:06:55.968238+00:00'
event_record_id: 2
correlation: {}
execution:
process_id: 0
thread_id: 0
channel: DFS Replication
computer: WIN-FPV0DSIC9O6
security:
user_id: ''
event_data: {}
message: The DFS Replication service has started.
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 1006 — The DFS Replication service is stopping.
Example Event
system:
provider: DFSR
guid: ''
event_source_name: ''
event_id: 1006
version: 0
level: 4
task: 0
opcode: 0
keywords: 36028797018963968
time_created: '2022-04-07T08:38:25.775344+00:00'
event_record_id: 24
correlation: {}
execution:
process_id: 0
thread_id: 0
channel: DFS Replication
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: ''
event_data: {}
message: The DFS Replication service is stopping.
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 1008 — The DFS Replication service has stopped.
Example Event
system:
provider: DFSR
guid: ''
event_source_name: ''
event_id: 1008
version: 0
level: 4
task: 0
opcode: 0
keywords: 36028797018963968
time_created: '2022-04-07T08:12:41.226907+00:00'
event_record_id: 7
correlation: {}
execution:
process_id: 0
thread_id: 0
channel: DFS Replication
computer: WIN-FPV0DSIC9O6
security:
user_id: ''
event_data: {}
message: The DFS Replication service has stopped.
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 1202 — The DFS Replication service failed to contact domain controller !
Fields
| Name | Description |
|---|---|
Data | — |
Example Event
system:
provider: DFSR
guid: ''
event_source_name: ''
event_id: 1202
version: 0
level: 2
task: 0
opcode: 0
keywords: 36028797018963968
time_created: '2022-04-07T17:06:58.867765+00:00'
event_record_id: 5
correlation: {}
execution:
process_id: 0
thread_id: 0
channel: DFS Replication
computer: WIN-FPV0DSIC9O6
security:
user_id: ''
event_data:
Data:
- ''
- '60'
- '1355'
- The specified domain either does not exist or could not be contacted.
message: "The DFS Replication service failed to contact domain controller !s! to access\r\nconfiguration
information. Replication is stopped. The service will try again\r\nduring the next
configuration polling cycle, which will occur in 60!s! minutes.\r\nThis event can
be caused by TCP/IP connectivity, firewall, Active Directory\r\nDomain Services,
or DNS issues.\r\n\n\r\n\nAdditional Information:\r\n\nError: 1355!s! (The specified
domain either does not exist or could not be contacted.!s!)"
References
- Microsoft Learn https://learn.microsoft.com/en-us/archive/technet-wiki/1206.dfsr-event-1202-dfs-replication
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 1206 — The DFS Replication service successfully contacted domain controller WIN-FPV0DSIC9O6.
Fields
| Name | Description |
|---|---|
Data | — |
Example Event
system:
provider: DFSR
guid: ''
event_source_name: ''
event_id: 1206
version: 0
level: 4
task: 0
opcode: 0
keywords: 36028797018963968
time_created: '2022-04-07T17:04:17.609720+00:00'
event_record_id: 31
correlation: {}
execution:
process_id: 0
thread_id: 0
channel: DFS Replication
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: ''
event_data:
Data:
- WIN-FPV0DSIC9O6.sigma.fr
message: "The DFS Replication service successfully contacted domain controller WIN-FPV0DSIC9O6.sigma.fr!s!
to access\r\nconfiguration information."
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 1210 — The DFS Replication service successfully set up an RPC listener for incoming replication requests.
Fields
| Name | Description |
|---|---|
Data | — |
Example Event
system:
provider: DFSR
guid: ''
event_source_name: ''
event_id: 1210
version: 0
level: 4
task: 0
opcode: 0
keywords: 36028797018963968
time_created: '2022-04-07T17:04:17.828854+00:00'
event_record_id: 32
correlation: {}
execution:
process_id: 0
thread_id: 0
channel: DFS Replication
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: ''
event_data:
Data:
- '0'
message: "The DFS Replication service successfully set up an RPC listener for incoming\r\nreplication
requests.\r\n\n\r\n\nAdditional Information:\r\n\nPort: 0!s!"
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 1314 — The DFS Replication service successfully configured the debug log files.
Fields
| Name | Description |
|---|---|
Data | — |
Example Event
system:
provider: DFSR
guid: ''
event_source_name: ''
event_id: 1314
version: 0
level: 4
task: 0
opcode: 0
keywords: 36028797018963968
time_created: '2022-04-07T17:06:56.028949+00:00'
event_record_id: 3
correlation: {}
execution:
process_id: 0
thread_id: 0
channel: DFS Replication
computer: WIN-FPV0DSIC9O6
security:
user_id: ''
event_data:
Data:
- C:\Windows\debug
message: "The DFS Replication service successfully configured the debug log files.\r\n\n\r\n\nAdditional
Information:\r\n\nDebug Log File Path: C:\\Windows\\debug!s!"
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 4602 — The DFS Replication service successfully initialized the SYSVOL replicated folder at local path C:\Windows\SYSVOL\domain!
Fields
| Name | Description |
|---|---|
Data | — |
Example Event
system:
provider: DFSR
guid: ''
event_source_name: ''
event_id: 4602
version: 0
level: 4
task: 0
opcode: 0
keywords: 36028797018963968
time_created: '2022-04-07T08:15:12.185426+00:00'
event_record_id: 16
correlation: {}
execution:
process_id: 0
thread_id: 0
channel: DFS Replication
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: ''
event_data:
Data:
- 00B8F9C6-C921-4323-A3F2-12C93F833434
- C:\Windows\SYSVOL\domain
- SYSVOL Share
- Domain System Volume
- 0F1D5734-9CBA-4B09-9F1E-D3D69066FB9E
- 31D3B81D-5FCC-4A47-9D43-91C8818A20A4
- ''
- '0'
message: "The DFS Replication service successfully initialized the SYSVOL\r\nreplicated
folder at local path C:\\Windows\\SYSVOL\\domain!s!. This member is the designated\r\nprimary
member for this replicated folder. No user action is\r\nrequired. To check for the
presence of the SYSVOL share, open a\r\ncommand prompt window and then type \"net
share\".\r\n\n\r\n\nAdditional Information:\r\n\nReplicated Folder Name: SYSVOL
Share!s!\r\n\nReplicated Folder ID: 00B8F9C6-C921-4323-A3F2-12C93F833434!s!\r\n\nReplication
Group Name: Domain System Volume!s!\r\n\nReplication Group ID: 0F1D5734-9CBA-4B09-9F1E-D3D69066FB9E!s!\r\n\nMember
ID: 31D3B81D-5FCC-4A47-9D43-91C8818A20A4!s!\r\n\nRead-Only: 0!s!"
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 6016 — The DFS Replication service failed to update configuration in Active Directory Domain Services.
Fields
| Name | Description |
|---|---|
Data | — |
Example Event
system:
provider: DFSR
guid: ''
event_source_name: ''
event_id: 6016
version: 0
level: 3
task: 0
opcode: 0
keywords: 36028797018963968
time_created: '2022-04-07T08:15:11.856970+00:00'
event_record_id: 14
correlation: {}
execution:
process_id: 0
thread_id: 0
channel: DFS Replication
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: ''
event_data:
Data:
- msDFSR-LocalSettings
- CN=DFSR-LocalSettings,CN=WIN-FPV0DSIC9O6,OU=Domain Controllers,DC=sigma,DC=fr
- '1355'
- The specified domain either does not exist or could not be contacted.
- ''
- '60'
message: "The DFS Replication service failed to update configuration in Active Directory\r\nDomain
Services. The service will retry this operation periodically.\r\n\n\r\n\nAdditional
Information:\r\n\nObject Category: msDFSR-LocalSettings!s!\r\n\nObject DN: CN=DFSR-LocalSettings,CN=WIN-FPV0DSIC9O6,OU=Domain
Controllers,DC=sigma,DC=fr!s!\r\n\nError: 1355!s! (The specified domain either does
not exist or could not be contacted.!s!)\r\n\nDomain Controller: !s!\r\n\nPolling
Cycle: 60!s!"
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 6018 — The DFS Replication service successfully updated configuration in Active Directory Domain Services.
Fields
| Name | Description |
|---|---|
Data | — |
Example Event
system:
provider: DFSR
guid: ''
event_source_name: ''
event_id: 6018
version: 0
level: 4
task: 0
opcode: 0
keywords: 36028797018963968
time_created: '2022-04-07T08:20:12.442565+00:00'
event_record_id: 17
correlation: {}
execution:
process_id: 0
thread_id: 0
channel: DFS Replication
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: ''
event_data:
Data:
- WIN-FPV0DSIC9O6.sigma.fr
- '60'
message: "The DFS Replication service successfully updated configuration in Active\r\nDirectory
Domain Services.\r\n\n\r\n\nAdditional Information:\r\n\nDomain Controller: WIN-FPV0DSIC9O6.sigma.fr!s!\r\n\nPolling
Cycle: 60!s! minutes"
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 6102 — The DFS Replication service has successfully registered the WMI provider.
Example Event
system:
provider: DFSR
guid: ''
event_source_name: ''
event_id: 6102
version: 0
level: 4
task: 0
opcode: 0
keywords: 36028797018963968
time_created: '2022-04-07T16:54:10.265683+00:00'
event_record_id: 28
correlation: {}
execution:
process_id: 0
thread_id: 0
channel: DFS Replication
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: ''
event_data: {}
message: The DFS Replication service has successfully registered the WMI provider.
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 6104 — The DFS Replication service failed to register the WMI providers.
Fields
| Name | Description |
|---|---|
Data | — |
Example Event
system:
provider: DFSR
guid: ''
event_source_name: ''
event_id: 6104
version: 0
level: 2
task: 0
opcode: 0
keywords: 36028797018963968
time_created: '2022-04-07T17:06:57.857830+00:00'
event_record_id: 4
correlation: {}
execution:
process_id: 0
thread_id: 0
channel: DFS Replication
computer: WIN-FPV0DSIC9O6
security:
user_id: ''
event_data:
Data:
- '2147749902'
- 100e
message: "The DFS Replication service failed to register the WMI providers. Replication\r\nis
disabled until the problem is resolved.\r\n\n\r\n\nAdditional Information:\r\n\nError:
2147749902!s! (100e!s!)"
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 8000 — The DFSR global settings required for SYSVOL migration have been successfully created on the Primary Domain Controller WIN-FPV0DSIC9O6!
Fields
| Name | Description |
|---|---|
Data | — |
Example Event
system:
provider: DFSR
guid: ''
event_source_name: ''
event_id: 8000
version: 0
level: 4
task: 0
opcode: 0
keywords: 36028797018963968
time_created: '2022-04-07T08:15:11.778898+00:00'
event_record_id: 13
correlation: {}
execution:
process_id: 0
thread_id: 0
channel: DFS Replication
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: ''
event_data:
Data:
- WIN-FPV0DSIC9O6
message: "The DFSR global settings required for SYSVOL migration have been\r\nsuccessfully
created on the Primary Domain Controller WIN-FPV0DSIC9O6!s!.\r\nMigration will not
be triggered until the DFSR global settings\r\nare replicated to all the Domain
Controllers.\r\n\n\r\n\nAdditional Information:\r\n\nPrimary Domain Controller:
WIN-FPV0DSIC9O6!s!"
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline