Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DfsSvc",
    "guid": "{7DA4FE0E-FD42-4708-9AA5-89B77A224885}",
    "event_source_name": "DfsSvc",
    "event_id": 14531,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 36028797018963968,
    "time_created": "2022-04-07T17:06:56.167835+00:00",
    "event_record_id": 433,
    "correlation": {},
    "execution": {
      "process_id": 0,
      "thread_id": 0
    },
    "channel": "System",
    "computer": "WIN-FPV0DSIC9O6",
    "security": {
      "user_id": ""
    }
  },
  "event_data": {
    "Name": "DfsFinishInit"
  },
  "message": ""
}

References #

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Fields #

Fields #

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DfsSvc",
    "guid": "{7DA4FE0E-FD42-4708-9AA5-89B77A224885}",
    "event_source_name": "DfsSvc",
    "event_id": 14533,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 36028797018963968,
    "time_created": "2022-04-07T17:06:56.166883+00:00",
    "event_record_id": 432,
    "correlation": {},
    "execution": {
      "process_id": 0,
      "thread_id": 0
    },
    "channel": "System",
    "computer": "WIN-FPV0DSIC9O6",
    "security": {
      "user_id": ""
    }
  },
  "event_data": {
    "Name": "DfsFinishBuildingNamespace"
  },
  "message": ""
}

References #

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Description

Dfs received a referral request for "path". The return code is in the data.

Message #

Dfs received a referral request for "%2".  The return code is in the data.

Fields #

Description

NetrDfsEnum received an enumeration. The return code is in the record data.

Message #

NetrDfsEnum received an enumeration.  The return code is in the record data.

Fields #

Description

NetrDfsEnumEx received an enumeration. The return code is in the record data.

Message #

NetrDfsEnumEx received an enumeration.  The return code is in the record data.

Fields #

Description

DFS re-established a connection to the PDC to initiate Domain DFS operations.

Message #

DFS re-established a connection to the PDC to initiate Domain DFS operations.

Description

DFS has connected to the dc Active Directory.

Message #

DFS has connected to the %1 Active Directory.

Fields #

Description

DFS server has finished initializing.

Message #

DFS server has finished initializing.

Description

DFS has recovered from an error and is able to read its private data from the Active Directory. Root share is now able to read information from the Active Directory.

Message #

DFS has recovered from an error and is able to read its private data from the Active Directory. Root %1 is now able to read information from the Active Directory.

Fields #

Description

DFS has finished building all namespaces.

Message #

DFS has finished building all namespaces.

Description

DFS is requesting the client for a larger buffer for trusted domain information. Some Win98 clients may not be able to access DFS namespaces.

Message #

DFS is requesting the client for a larger buffer for trusted domain information. Some Win98 clients may not be able to access DFS namespaces.

Description

The DFS Namespace service successfully initialized the trusted domain information on this domain controller.

Message #

The DFS Namespace service successfully initialized the trusted domain information on this domain controller.

Description

The DFS Namespace service successfully initialized cross forest trust information on this domain controller.

Message #

The DFS Namespace service successfully initialized cross forest trust information on this domain controller.

Description

The DFS Namespaces service has successfully initialized the following namespace: DFSRoot.

Message #

The DFS Namespaces service has successfully initialized the following namespace: %1

Fields #

Description

The DFS Namespaces service has successfully initialized the shared folder that hosts the namespace root. Shared folder: SMBShare.

Message #

The DFS Namespaces service has successfully initialized the shared folder that hosts the namespace root. Shared folder: %1

Fields #

Description

DFS could not contact the dc Active Directory. DFS will be using cached data. The return code is in the record data.

Message #

DFS could not contact the %1 Active Directory. DFS will be using cached data. The return code is in the record data.

Fields #

Description

DFS Root share failed during initialization. The root will not be available.

Message #

DFS Root %1 failed during initialization. The root will not be available.

Fields #

Description

DFS is unable to return the entire list of trusted domains to the client. There are too many trusted domains.

Message #

DFS is unable to return the entire list of trusted domains to the client. There are too many trusted domains.

Description

DFS was unable to move all matching links of root: share for path oldPath to new path newPath.

Message #

DFS was unable to move all matching links of root: %1 for path %2 to new path %3

Fields #

Message #

DFS link %1 was marked incorrectly as a DFS root. The DFS namespace is operational on this server. If this namespace is hosted on servers running Windows Server 2003 prior to Service Pack 2 (SP2), or if the server is running Windows 2000 Server, the namespace might not be fully functional on those servers.  Please consult the Microsoft Knowledge Base for more information on correcting this issue.

Fields #

Message #

DFS metadata object %1 is empty in the metadata for DFS root %2. The DFS namespace is operational on this server. If this namespace is hosted on servers running Windows Server 2003 prior to Service Pack 2 (SP2), or if the server is running Windows 2000 Server, the namespace might not be fully functional on those servers.  Please consult the Microsoft Knowledge Base for more information on correcting this issue.

Fields #

Description

The DFS Namespaces service failed to initialize the shared folder that hosts the namespace root. Shared folder: SMBShare.

Message #

The DFS Namespaces service failed to initialize the shared folder that hosts the namespace root. Shared folder: %1

Fields #

Description

Dfs could not create reparse point for directory childDirectory under directory parentDirectory. The return code is in the record data.

Message #

Dfs could not create reparse point for directory %1 under directory %2. The return code is in the record data.

Fields #

Description

Share share mapped to path does not support reparse points. Upgrade Filesystem and retry.

Message #

Share %1 mapped to %2 does not support reparse points. Upgrade Filesystem and retry.

Fields #

Description

Share share mapped to directory directory overlaps an existing root. The DFS Root will not be created.

Message #

Share %1 mapped to %2 directory overlaps an existing root. The DFS Root will not be created.

Fields #

Description

Root share has too many errors. No further eventlogs will be logged on this root.

Message #

Root %1 has too many errors. No further eventlogs will be logged on this root.

Fields #

Description

DFS could not initialize winsock library. The return code is in the record data.

Message #

DFS could not initialize winsock library. The return code is in the record data.

Fields #

Description

DFS could not initialize security library. The return code is in the record data.

Message #

DFS could not initialize security library. The return code is in the record data.

Fields #

Description

DFS could not create DFS support thread. The return code is in the record data.

Message #

DFS could not create DFS support thread. The return code is in the record data.

Fields #

Description

DFS could not initialize IP site cache. The return code is in the record data.

Message #

DFS could not initialize IP site cache. The return code is in the record data.

Fields #

Description

DFS could not synchronize all DFS roots. The return code is in the record data.

Message #

DFS could not synchronize all DFS roots. The return code is in the record data.

Fields #

Description

DFS could not create event handle. The return code is in the record data.

Message #

DFS could not create event handle. The return code is in the record data.

Fields #

Description

DFS could not get required computer information. The return code is in the record data.

Message #

DFS could not get required computer information. The return code is in the record data.

Fields #

Description

DFS could not get required cluster information. The return code is in the record data.

Message #

DFS could not get required cluster information. The return code is in the record data.

Fields #

Description

DFS could not get required DC information. The return code is in the record data.

Message #

DFS could not get required DC information. The return code is in the record data.

Fields #

Description

DFS could not initialize prefix table. The return code is in the record data.

Message #

DFS could not initialize prefix table. The return code is in the record data.

Fields #

Description

DFS could not initialize DFS namespace.The return code is in the record data.

Message #

DFS could not initialize DFS namespace.The return code is in the record data.

Fields #

Description

DFS could not Register DFS Namespaces. The return code is in the record data.

Message #

DFS could not Register DFS Namespaces. The return code is in the record data.

Fields #

Description

DFS could not initialize User/kernel communication package. The return code is in the record data.

Message #

DFS could not initialize User/kernel communication package. The return code is in the record data.

Fields #

Description

DFS could not contact any DC for Domain DFS operations. This operation will be retried periodically.

Message #

DFS could not contact any DC for Domain DFS operations. This operation will be retried periodically.

Description

DFS could not initialize site support table. The return code is in the record data.

Message #

DFS could not initialize site support table. The return code is in the record data.

Fields #

Message #

DFS could not access its private data from the Active Directory. Please manually check network connectivity, security access, and/or consistency of DFS information in the Active Directory. This error occurred on root %1.

Fields #

Description

DFS does not support multiple roots on Standard server SKU. Please cleanup the roots or upgrade.

Message #

DFS does not support multiple roots on Standard server SKU. Please cleanup the roots or upgrade.

Fields #

Message #

DFS was unable to resynchronize this root target for root: %1. This may lead to inaccessability of portions of the DFS namespace.  Please verify the share %1 has all the link directories created for the DFS links. This error may occur if there are directories  on this share that may be preventing creation of links.

Fields #

Description

DFS was unable to delete link: share for root: path during a link move operation.

Message #

DFS was unable to delete link: %2  for root: %1 during a link move operation.

Fields #

Description

The list of folder targets for the following Distributed File System (DFS) folder is corrupt. DFS folder: DFSLinkDN.

Message #

The list of folder targets for the following Distributed File System (DFS) folder is corrupt. DFS folder: %1

Fields #

Message #

A Distributed File System (DFS) folder with folder targets was created that contains other DFS folders. This can occur if two administrators on different namespace servers create conflicting folder structures at approximately the same time. Namespace: %1 DFS folder 1: %2 DFS folder 2: %3

Fields #

Message #

A Distributed File System (DFS) folder with folder targets was created that contains other DFS folders. This can occur if two administrators on different namespace servers create conflicting folder structures at approximately the same time. Namespace: %1 DFS folder: %2

Fields #

Description

Dfs successfully created the reparse point for directory childDirectory under directory parentDirectory. This operation had previously failed.

Message #

Dfs successfully created the reparse point for directory %1 under directory %2. This operation had previously failed.

Fields #

Message #

A Distributed File System (DFS) folder was created with conflicting descriptions. This can occur if two administrators on different namespace servers create conflicting folder structures at approximately the same time. Namespace: %1 DFS folder path: %2 DFS folder 1: %3 DFS folder 2: %4

Fields #

Description

The DFS Namespace service could not initialize the trusted domain information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

Message #

The DFS Namespace service could not initialize the trusted domain information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

Fields #

Description

The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

Message #

The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

Fields #