detection.wiki

Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic

110 events across 3 channels

Event IDTitleChannel
16Operational
16Activity Transfer.Diagnostic
256Operational
256Openning file FileName.Diagnostic
512Operational
512Closing file object FileName.Diagnostic
768Operational
768Cleaning file object FileName.Diagnostic
848Operational
848All file objects for the stream Scb are invalidated.Diagnostic
864Operational
864All file objects for the stream Scb of file id FileIdHi.Operational
885Operational
885File handle FileObject for the stream Ccb is invalidated.Diagnostic
896Operational
896File handle FileObject for the stream Scb file id .Operational
1024Operational
1024Query Volume Information completed with status status.Diagnostic
1280Operational
1280Down-level File Object FileName is opened with status Status.Diagnostic
1536Operational
1536Down-level File Object FileName is closed.Diagnostic
1792Operational
1792Down-level File Object FileName is released.Diagnostic
2048Operational
2048Paging File Object FileNameLength is opened with status AttributeFlags.Diagnostic
2304Operational
2304Paging File Object FileNameLength is closed.Diagnostic
4096Operational
4096Paging File Object FileNameLength is released.Diagnostic
6144Operational
6144Received Byte Range Lock Request MinorFunction.Diagnostic
6400Operational
6400Completed Byte Range Lock Request MinorFunction.Diagnostic
8192Operational
8192Removed Lock.Diagnostic
8208Operational
8208Cleanup Locks.Diagnostic
8224Operational
8224Resume Lock.Diagnostic
8272Operational
8272Resuming oplock to level OplockLevel completed with status Status.Diagnostic
8448Operational
8448Enqueuing Single Client Notify.Diagnostic
8464Operational
8464Single Client Notify Completion.Diagnostic
8704Operational
8704Volume VolumeId transitioning from CurrentState to SetDownlevel.Operational
8960Operational
8960Volume VolumeId transitioning from CurrentState to NewState.Operational
9216Operational
9216Volume VolumeId moved to state State.Operational
9296Operational
9296Volume VolumeId is autopaused.Operational
9312Operational
9312Volume was renamed.Operational
9328Operational
9328Count IOs timed out on the volume VolumeId.Operational
9472Operational
9472Start IO Irp on FileObject (FileName).Diagnostic
9728Operational
9728Completed IO Irp.Diagnostic
9984Operational
9984Posted IO Irp.Diagnostic
10240Operational
10240Continue IO Irp.Diagnostic
10496Operational
10496Pause IO Irp.Diagnostic
12288Operational
12288Resume IO Irp.Diagnostic
12320Operational
12320Direct IO Irp.Diagnostic
12336Operational
12336Redirect IO Irp.Diagnostic
12368Operational
12368Current Node Id NodeId.Operational
12544Operational
12544Volume VolumeId, CountersName.Operational
12800Operational
12800File FileName.Diagnostic
13056Operational
13056Lock.Diagnostic
16384Operational
16384Tunnel operation TunnelOperationCode.Diagnostic
20480Operational
20480Stream was flushed and purged from offset FileOffset, length Length.Diagnostic
24576Operational
24576Stream was flushed from offset FileOffset, length Length.Diagnostic
28672Operational
28672Stream was purged from offset FileOffset, length Length.Diagnostic
32768Operational
32768Volume was purged.Diagnostic
36864Operational
36864Bookmark: Bookmark.Diagnostic
40960Operational
40960Driver loaded.Operational
45056Operational
45056Cluster service connected.Operational
49152Operational
49152Cluster service disconnected.Operational
53248Operational
53248Data section created.Diagnostic
57344Operational
57344Shared Cahce Map Initialized.Diagnostic
61440Operational
61440Shared Cahce Map Uninitialized.Diagnostic
61696Operational
61696Capture full payload.Diagnostic
61952Operational
61952Capture payload segment.Diagnostic

Event ID 16 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
ActivityTransfer
Opcode
Send

Description

Activity Transfer.

Event ID 16 — Activity Transfer.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Diagnostic
Task
ActivityTransfer
Opcode
Send

Description

Activity Transfer.

Message #

Activity Transfer.

Event ID 256 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
UpLevelFileOpen

Description

Openning file .

Fields #

NameDescription
Irp Pointer
Volume Pointer
VolumeId GUID
FileObject Pointer
RelativeFileObject Pointer
FileNameLength UInt16
FileName UnicodeString
DesiredAccess HexInt32Process access rights reference
Options HexInt32
SharedAccess HexInt32
AttributeFlags HexInt32

Event ID 256 — Openning file FileName.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Diagnostic
Task
UpLevelFileOpen

Description

Openning file FileName.

Message #

Openning file %7.

Fields #

NameDescription
Irp Pointer
Volume Pointer
VolumeId GUID
FileObject Pointer
RelativeFileObject Pointer
FileNameLength UInt16
FileName UnicodeString
DesiredAccess HexInt32Process access rights reference
Options HexInt32
SharedAccess HexInt32
AttributeFlags HexInt32

Event ID 512 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
UpLevelFileClosed

Description

Closing file object .

Fields #

NameDescription
Irp Pointer
FileObject Pointer
Scb Pointer
FileNameLength UInt16
FileName UnicodeString

Event ID 512 — Closing file object FileName.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Diagnostic
Task
UpLevelFileClosed

Description

Closing file object FileName.

Message #

Closing file object %5.

Fields #

NameDescription
Irp Pointer
FileObject Pointer
Scb Pointer
FileNameLength UInt16
FileName UnicodeString

Event ID 768 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
UpLevelFileReleased

Description

Cleaning file object .

Fields #

NameDescription
Irp Pointer
FileObject Pointer
Scb Pointer
FileNameLength UInt16
FileName UnicodeString

Event ID 768 — Cleaning file object FileName.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Diagnostic
Task
UpLevelFileReleased

Description

Cleaning file object FileName.

Message #

Cleaning file object %5.

Fields #

NameDescription
Irp Pointer
FileObject Pointer
Scb Pointer
FileNameLength UInt16
FileName UnicodeString

Event ID 848 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
UpLevelFileInvalidated

Description

All file objects for the stream Scb are invalidated. Reason: 'Reason'.

Fields #

NameDescription
Scb Pointer
Condition HexInt32
Reason HexInt32
Vcb Pointer
VolumeId GUID
Status HexInt32NTSTATUS reference

Event ID 848 — All file objects for the stream Scb are invalidated.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Diagnostic
Task
UpLevelFileInvalidated

Description

All file objects for the stream Scb are invalidated. Reason: 'Reason'.

Message #

All file objects for the stream %1 are invalidated. Reason: '%3'

Fields #

NameDescription
Scb Pointer
Condition HexInt32
Reason HexInt32
Vcb Pointer
VolumeId GUID
Status HexInt32NTSTATUS reference

Event ID 864 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
UpLevelFileInvalidated

Description

All file objects for the stream Scb of file id FileIdHi.FileId are invalidated. Reason: 'Reason'.

Fields #

NameDescription
FileId HexInt64
FileIdHi HexInt64
Scb Pointer
Condition HexInt32
Reason HexInt32
Volume Pointer
VolumeId GUID
Status HexInt32NTSTATUS reference

Event ID 864 — All file objects for the stream Scb of file id FileIdHi.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
UpLevelFileInvalidated

Description

All file objects for the stream Scb of file id FileIdHi.FileId are invalidated. Reason: 'Reason'.

Message #

All file objects for the stream %3 of file id %2.%1 are invalidated. Reason: '%5'

Fields #

NameDescription
FileId HexInt64
FileIdHi HexInt64
Scb Pointer
Condition HexInt32
Reason HexInt32
Volume Pointer
VolumeId GUID
Status HexInt32NTSTATUS reference

Event ID 885 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
UpLevelFileHandleInvalidated

Description

File handle FileObject for the stream Ccb is invalidated. Reason: 'Reason'.

Fields #

NameDescription
FileObject Pointer
Ccb Pointer
Scb Pointer
Flags HexInt32
Reason HexInt32
Vcb Pointer
VolumeId GUID
Status HexInt32NTSTATUS reference

Event ID 885 — File handle FileObject for the stream Ccb is invalidated.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Diagnostic
Task
UpLevelFileHandleInvalidated

Description

File handle FileObject for the stream Ccb is invalidated. Reason: 'Reason'.

Message #

File handle %1 for the stream %2 is invalidated. Reason: '%5'

Fields #

NameDescription
FileObject Pointer
Ccb Pointer
Scb Pointer
Flags HexInt32
Reason HexInt32
Vcb Pointer
VolumeId GUID
Status HexInt32NTSTATUS reference

Event ID 896 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
UpLevelFileHandleInvalidated

Description

File handle FileObject for the stream Scb file id .FileIdHi.FileId is invalidated. Reason: 'Reason'. File name: 'FileName'.

Fields #

NameDescription
FileId HexInt64
FileIdHi HexInt64
FileNameLength UInt16
FileName UnicodeString
FileObject Pointer
Ccb Pointer
Scb Pointer
Flags HexInt32
Reason HexInt32
Volume Pointer
VolumeId GUID
Status HexInt32NTSTATUS reference

Event ID 896 — File handle FileObject for the stream Scb file id .

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
UpLevelFileHandleInvalidated

Description

File handle FileObject for the stream Scb file id .FileIdHi.FileId is invalidated. Reason: 'Reason'. File name: 'FileName'.

Message #

File handle %5 for the stream %7 file id .%2.%1 is invalidated. Reason: '%9'. File name: '%4'

Fields #

NameDescription
FileId HexInt64
FileIdHi HexInt64
FileNameLength UInt16
FileName UnicodeString
FileObject Pointer
Ccb Pointer
Scb Pointer
Flags HexInt32
Reason HexInt32
Volume Pointer
VolumeId GUID
Status HexInt32NTSTATUS reference

Event ID 1024 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
QueryVolumeInformation

Description

Query Volume Information completed with status .

Fields #

NameDescription
Vcb Pointer
BytesPerSector HexInt64
BytesPerCluster HexInt64
BytesPerFileRecordSegment HexInt64
status HexInt32NTSTATUS reference

Event ID 1024 — Query Volume Information completed with status status.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Diagnostic
Task
QueryVolumeInformation

Description

Query Volume Information completed with status status.

Message #

Query Volume Information completed with status %5.

Fields #

NameDescription
Vcb Pointer
BytesPerSector HexInt64
BytesPerCluster HexInt64
BytesPerFileRecordSegment HexInt64
status HexInt32NTSTATUS reference

Event ID 1280 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
DownLevelFileOpen

Description

Down-level File Object is opened with status .

Fields #

NameDescription
FileObject Pointer
Scb Pointer
FileNameLength UInt16
FileName UnicodeString
CreateDisposition HexInt32
DesiredAccess HexInt32Process access rights reference
SharedAccess HexInt32
CreateFlags HexInt32
AttributeFlags HexInt32
Status HexInt32NTSTATUS reference

Event ID 1280 — Down-level File Object FileName is opened with status Status.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Diagnostic
Task
DownLevelFileOpen

Description

Down-level File Object FileName is opened with status Status.

Message #

Down-level File Object %4 is opened with status %10.

Fields #

NameDescription
FileObject Pointer
Scb Pointer
FileNameLength UInt16
FileName UnicodeString
CreateDisposition HexInt32
DesiredAccess HexInt32Process access rights reference
SharedAccess HexInt32
CreateFlags HexInt32
AttributeFlags HexInt32
Status HexInt32NTSTATUS reference

Event ID 1536 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
DownLevelFileClosed

Description

Down-level File Object is closed.

Fields #

NameDescription
FileObject Pointer
Scb Pointer
FileNameLength UInt16
FileName UnicodeString

Event ID 1536 — Down-level File Object FileName is closed.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Diagnostic
Task
DownLevelFileClosed

Description

Down-level File Object FileName is closed.

Message #

Down-level File Object %4 is closed.

Fields #

NameDescription
FileObject Pointer
Scb Pointer
FileNameLength UInt16
FileName UnicodeString

Event ID 1792 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
DownLevelFileReleased

Description

Down-level File Object is released.

Fields #

NameDescription
FileObject Pointer
Scb Pointer
FileNameLength UInt16
FileName UnicodeString

Event ID 1792 — Down-level File Object FileName is released.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Diagnostic
Task
DownLevelFileReleased

Description

Down-level File Object FileName is released.

Message #

Down-level File Object %4 is released.

Fields #

NameDescription
FileObject Pointer
Scb Pointer
FileNameLength UInt16
FileName UnicodeString

Event ID 2048 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
PagingFileOpen

Description

Paging File Object is opened with status .

Fields #

NameDescription
FileObject Pointer
Scb Pointer
FileNameLength UInt16
FileName UnicodeString
CreateDisposition HexInt32
DesiredAccess HexInt32Process access rights reference
SharedAccess HexInt32
CreateFlags HexInt32
AttributeFlags HexInt32
Status HexInt32NTSTATUS reference

Event ID 2048 — Paging File Object FileNameLength is opened with status AttributeFlags.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Diagnostic
Task
PagingFileOpen

Description

Paging File Object FileNameLength is opened with status AttributeFlags.

Message #

Paging File Object %3 is opened with status %9.

Fields #

NameDescription
FileObject Pointer
Scb Pointer
FileNameLength UInt16
FileName UnicodeString
CreateDisposition HexInt32
DesiredAccess HexInt32Process access rights reference
SharedAccess HexInt32
CreateFlags HexInt32
AttributeFlags HexInt32
Status HexInt32NTSTATUS reference

Event ID 2304 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
PagingFileClosed

Description

Paging File Object is closed.

Fields #

NameDescription
FileObject Pointer
Scb Pointer
FileNameLength UInt16
FileName UnicodeString

Event ID 2304 — Paging File Object FileNameLength is closed.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Diagnostic
Task
PagingFileClosed

Description

Paging File Object FileNameLength is closed.

Message #

Paging File Object %3 is closed.

Fields #

NameDescription
FileObject Pointer
Scb Pointer
FileNameLength UInt16
FileName UnicodeString

Event ID 4096 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
PagingFileReleased

Description

Paging File Object is released.

Fields #

NameDescription
FileObject Pointer
Scb Pointer
FileNameLength UInt16
FileName UnicodeString

Event ID 4096 — Paging File Object FileNameLength is released.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Diagnostic
Task
PagingFileReleased

Description

Paging File Object FileNameLength is released.

Message #

Paging File Object %3 is released.

Fields #

NameDescription
FileObject Pointer
Scb Pointer
FileNameLength UInt16
FileName UnicodeString

Event ID 6144 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
ByteRangeLock

Description

Received Byte Range Lock Request . At ; Length ; Key ; Fags .

Fields #

NameDescription
File Pointer
Scb Pointer
Irp Pointer
MinorFunction HexInt32
Flags HexInt32
Process Pointer
Offset HexInt64
Length HexInt64
Key HexInt32
FailImmediately Boolean
Exclusive Boolean

Event ID 6144 — Received Byte Range Lock Request MinorFunction.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Diagnostic
Task
ByteRangeLock

Description

Received Byte Range Lock Request MinorFunction. At Offset; Length Length; Key Key; Fags Flags.

Message #

Received Byte Range Lock Request %4. At %7; Length %8; Key %9; Fags %5.

Fields #

NameDescription
File Pointer
Scb Pointer
Irp Pointer
MinorFunction HexInt32
Flags HexInt32
Process Pointer
Offset HexInt64
Length HexInt64
Key HexInt32
FailImmediately Boolean
Exclusive Boolean

Event ID 6400 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
ByteRangeLock

Description

Completed Byte Range Lock Request . At ; Length ; Key ; Fags .

Fields #

NameDescription
File Pointer
Scb Pointer
Irp Pointer
MinorFunction HexInt32
Flags HexInt32
Process Pointer
Offset HexInt64
Length HexInt64
Key HexInt32
FailImmediately Boolean
Exclusive Boolean
Status HexInt32NTSTATUS reference

Event ID 6400 — Completed Byte Range Lock Request MinorFunction.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Diagnostic
Task
ByteRangeLock

Description

Completed Byte Range Lock Request MinorFunction. At Offset; Length Length; Key Key; Fags Flags.

Message #

Completed Byte Range Lock Request %4. At %7; Length %8; Key %9; Fags %5.

Fields #

NameDescription
File Pointer
Scb Pointer
Irp Pointer
MinorFunction HexInt32
Flags HexInt32
Process Pointer
Offset HexInt64
Length HexInt64
Key HexInt32
FailImmediately Boolean
Exclusive Boolean
Status HexInt32NTSTATUS reference

Event ID 8192 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
ByteRangeLock

Description

Removed Lock. At ; Length ; Key ; Exclusive .

Fields #

NameDescription
File Pointer
Irp Pointer
Process Pointer
Offset HexInt64
Length HexInt64
Key HexInt32
Exclusive Boolean
Context Pointer

Event ID 8192 — Removed Lock.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Diagnostic
Task
ByteRangeLock

Description

Removed Lock. At Offset; Length Length; Key Key; Exclusive Exclusive.

Message #

Removed Lock. At %4; Length %5; Key %6; Exclusive %7.

Fields #

NameDescription
File Pointer
Irp Pointer
Process Pointer
Offset HexInt64
Length HexInt64
Key HexInt32
Exclusive Boolean
Context Pointer

Event ID 8208 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
ByteRangeLock

Description

Cleanup Locks. Status . Downlevel status .

Fields #

NameDescription
File Pointer
Process Pointer
Status HexInt32NTSTATUS reference
DownLevelStatus HexInt32

Event ID 8208 — Cleanup Locks.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Diagnostic
Task
ByteRangeLock

Description

Cleanup Locks. Status Status. Downlevel status DownLevelStatus.

Message #

Cleanup Locks. Status %3. Downlevel status %4.

Fields #

NameDescription
File Pointer
Process Pointer
Status HexInt32NTSTATUS reference
DownLevelStatus HexInt32

Event ID 8224 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
ByteRangeLock

Description

Resume Lock. At ; Length ; Key ; Exclusive . Status .

Fields #

NameDescription
File Pointer
Process Pointer
Offset HexInt64
Length HexInt64
Key HexInt32
Exclusive Boolean
Status HexInt32NTSTATUS reference

Event ID 8224 — Resume Lock.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Diagnostic
Task
ByteRangeLock

Description

Resume Lock. At Offset; Length Length; Key Key; Exclusive Exclusive. Status Status.

Message #

Resume Lock. At %3; Length %4; Key %5; Exclusive %6. Status %7.

Fields #

NameDescription
File Pointer
Process Pointer
Offset HexInt64
Length HexInt64
Key HexInt32
Exclusive Boolean
Status HexInt32NTSTATUS reference

Event ID 8272 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
Oplock

Description

Resuming oplock to level completed with status .

Fields #

NameDescription
FileObject Pointer
Scb Pointer
OplockLevel HexInt32
Status HexInt32NTSTATUS reference

Event ID 8272 — Resuming oplock to level OplockLevel completed with status Status.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Diagnostic
Task
Oplock

Description

Resuming oplock to level OplockLevel completed with status Status.

Message #

Resuming oplock to level %3 completed with status %4.

Fields #

NameDescription
FileObject Pointer
Scb Pointer
OplockLevel HexInt32
Status HexInt32NTSTATUS reference

Event ID 8448 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
OplockUpgrade

Description

Enqueuing Single Client Notify. For File ; Oplock Level is ; Ignore Current Conditions .

Fields #

NameDescription
File Pointer
Scb Pointer
FullPathLength UInt16
FullPath UnicodeString
OplockLevel HexInt32
IgnoreCurrentConditions Boolean

Event ID 8448 — Enqueuing Single Client Notify.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Diagnostic
Task
OplockUpgrade

Description

Enqueuing Single Client Notify. For File FullPathLength; Oplock Level is OplockLevel; Ignore Current Conditions IgnoreCurrentConditions.

Message #

Enqueuing Single Client Notify.  For File %3; Oplock Level is %5; Ignore Current Conditions %6.

Fields #

NameDescription
File Pointer
Scb Pointer
FullPathLength UInt16
FullPath UnicodeString
OplockLevel HexInt32
IgnoreCurrentConditions Boolean

Event ID 8464 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
OplockUpgrade

Description

Single Client Notify Completion. For File ; Oplock Level is ; Status ; Is Event Completion .

Fields #

NameDescription
File Pointer
Scb Pointer
FullPathLength UInt16
FullPath UnicodeString
OplockLevel HexInt32
Status HexInt32NTSTATUS reference
IsEventCompletion Boolean

Event ID 8464 — Single Client Notify Completion.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Diagnostic
Task
OplockUpgrade

Description

Single Client Notify Completion. For File FullPath; Oplock Level is OplockLevel; Status Status; Is Event Completion IsEventCompletion.

Message #

Single Client Notify Completion.  For File %4; Oplock Level is %5; Status %6; Is Event Completion %7.

Fields #

NameDescription
File Pointer
Scb Pointer
FullPathLength UInt16
FullPath UnicodeString
OplockLevel HexInt32
Status HexInt32NTSTATUS reference
IsEventCompletion Boolean

Event ID 8704 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
VolumeStateChangeStarted
Opcode
Start

Description

Volume transitioning from to SetDownlevel. Local ; Flags ; CountersName ; Volume target path ; File System target path .

Fields #

NameDescription
Volume Pointer
VolumeId GUID
CurrentState UInt32
IsLocal Boolean
Flags HexInt32
CountersName UnicodeString
VolumeTargetPath UnicodeString
FsTargetPath UnicodeString
EnableCOW Boolean
EnableDirectIo Boolean
ForceWriteThrough Int32
TargetNodeId Int32
DcmSequenceId UnicodeString
LastUptime UInt64
CurrentDowntime UInt64
TimeSinceLastStateTransition UInt64
Lifetime UInt64

Event ID 8704 — Volume VolumeId transitioning from CurrentState to SetDownlevel.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
VolumeStateChangeStarted
Opcode
Start

Description

Volume VolumeId transitioning from CurrentState to SetDownlevel. Local IsLocal; Flags Flags; CountersName CountersName; Volume target path VolumeTargetPath; File System target path FsTargetPath.

Message #

Volume %2 transitioning from %3 to SetDownlevel. Local %4; Flags %5; CountersName %6; Volume target path %7; File System target path %8.

Fields #

NameDescription
Volume Pointer
VolumeId GUID
CurrentState UInt32
IsLocal Boolean
Flags HexInt32
CountersName UnicodeString
VolumeTargetPath UnicodeString
FsTargetPath UnicodeString
EnableCOW Boolean
EnableDirectIo Boolean
ForceWriteThrough Int32
TargetNodeId Int32
DcmSequenceId UnicodeString
LastUptime UInt64
CurrentDowntime UInt64
TimeSinceLastStateTransition UInt64
Lifetime UInt64

Event ID 8960 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
VolumeStateChangeStarted
Opcode
Start

Description

Volume transitioning from to .

Fields #

NameDescription
Volume Pointer
VolumeId GUID
CurrentState UInt32
NewState UInt32
DcmSequenceId UnicodeString
LastUptime UInt64
CurrentDowntime UInt64
TimeSinceLastStateTransition UInt64
Lifetime UInt64

Event ID 8960 — Volume VolumeId transitioning from CurrentState to NewState.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
VolumeStateChangeStarted
Opcode
Start

Description

Volume VolumeId transitioning from CurrentState to NewState.

Message #

Volume %2 transitioning from %3 to %4.

Fields #

NameDescription
Volume Pointer
VolumeId GUID
CurrentState UInt32
NewState UInt32
DcmSequenceId UnicodeString
LastUptime UInt64
CurrentDowntime UInt64
TimeSinceLastStateTransition UInt64
Lifetime UInt64

Event ID 9216 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
VolumeStateChangeCompleted
Opcode
Stop

Description

Volume moved to state . Reason ; Status .

Fields #

NameDescription
Volume Pointer
VolumeId GUID
State UInt32
Source UInt32
Status HexInt32NTSTATUS reference
DcmSequenceId UnicodeString
LastUptime UInt64
CurrentDowntime UInt64
TimeSinceStateTransitionStart UInt64
Lifetime UInt64
InvalidationReason UInt32

Event ID 9216 — Volume VolumeId moved to state State.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
VolumeStateChangeCompleted
Opcode
Stop

Description

Volume VolumeId moved to state State. Reason Source; Status Status.

Message #

Volume %2 moved to state %3. Reason %4; Status %5.

Fields #

NameDescription
Volume Pointer
VolumeId GUID
State UInt32
Source UInt32
Status HexInt32NTSTATUS reference
DcmSequenceId UnicodeString
LastUptime UInt64
CurrentDowntime UInt64
TimeSinceStateTransitionStart UInt64
Lifetime UInt64
InvalidationReason UInt32

Event ID 9296 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
VolumeAutopause

Description

Volume is autopaused. Status . Source: .

Fields #

NameDescription
Volume Pointer
VolumeId GUID
CountersName UnicodeString
FromDirectIo Boolean
Irp Pointer
Status HexInt32NTSTATUS reference
Source UInt32
Parameter1 HexInt64
Parameter2 HexInt64
LastUptime UInt64
CurrentDowntime UInt64
TimeSinceLastStateTransition UInt64
Lifetime UInt64

Event ID 9296 — Volume VolumeId is autopaused.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
VolumeAutopause

Description

Volume VolumeId is autopaused. Status Status. Source: Source.

Message #

Volume %2 is autopaused. Status %6. Source: %7.

Fields #

NameDescription
Volume Pointer
VolumeId GUID
CountersName UnicodeString
FromDirectIo Boolean
Irp Pointer
Status HexInt32NTSTATUS reference
Source UInt32
Parameter1 HexInt64
Parameter2 HexInt64
LastUptime UInt64
CurrentDowntime UInt64
TimeSinceLastStateTransition UInt64
Lifetime UInt64

Event ID 9312 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
VolumeRenamed

Description

Volume was renamed. New name .

Fields #

NameDescription
Volume Pointer
VolumeId GUID
CountersName UnicodeString
CurrentState UInt32
DcmSequenceId UnicodeString
LastUptime UInt64
CurrentDowntime UInt64
TimeSinceLastStateTransition UInt64
Lifetime UInt64

Event ID 9312 — Volume was renamed.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
VolumeRenamed

Description

Volume was renamed. New name VolumeId.

Message #

Volume was renamed. New name %2.

Fields #

NameDescription
Volume Pointer
VolumeId GUID
CountersName UnicodeString
CurrentState UInt32
DcmSequenceId UnicodeString
LastUptime UInt64
CurrentDowntime UInt64
TimeSinceLastStateTransition UInt64
Lifetime UInt64

Event ID 9328 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
IOTimedOut

Description

IOs timed out on the volume .

Fields #

NameDescription
Volume Pointer
VolumeId GUID
Count UInt64
LastUptime UInt64
CurrentDowntime UInt64
TimeSinceStateTransitionStart UInt64
Lifetime UInt64

Event ID 9328 — Count IOs timed out on the volume VolumeId.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
IOTimedOut

Description

Count IOs timed out on the volume VolumeId.

Message #

%3 IOs timed out on the volume %2.

Fields #

NameDescription
Volume Pointer
VolumeId GUID
Count UInt64
LastUptime UInt64
CurrentDowntime UInt64
TimeSinceStateTransitionStart UInt64
Lifetime UInt64

Event ID 9472 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
IOStarted
Opcode
Start

Description

Start IO on (). Major Code . Minor Code .

Fields #

NameDescription
Irp Pointer
IrpContext Pointer
FileObject Pointer
Vcb Pointer
Scb Pointer
Ccb Pointer
FileNameLength UInt16
FileName UnicodeString
IrpFlags HexInt32
IrpContextFlags HexInt32
MajorFunction HexInt32
MinorFunction HexInt32
IrpSlFlags HexInt32
Control HexInt32
Parameter1 HexInt64
Parameter2 HexInt64
Parameter3 HexInt64
Parameter4 HexInt64
IrpContextFlagsUpper HexInt32

Event ID 9472 — Start IO Irp on FileObject (FileName).

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Diagnostic
Task
IOStarted
Opcode
Start

Description

Start IO Irp on FileObject (FileName). Major Code MajorFunction. Minor Code MinorFunction.

Message #

Start IO %1 on %3 (%8). Major Code %11. Minor Code %12.

Fields #

NameDescription
Irp Pointer
IrpContext Pointer
FileObject Pointer
Vcb Pointer
Scb Pointer
Ccb Pointer
FileNameLength UInt16
FileName UnicodeString
IrpFlags HexInt32
IrpContextFlags HexInt32
MajorFunction HexInt32
MinorFunction HexInt32
IrpSlFlags HexInt32
Control HexInt32
Parameter1 HexInt64
Parameter2 HexInt64
Parameter3 HexInt64
Parameter4 HexInt64
IrpContextFlagsUpper HexInt32

Event ID 9728 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
IOCompleted
Opcode
Stop

Description

Completed IO . Status . Information .

Fields #

NameDescription
Irp Pointer
IrpContext Pointer
Status HexInt32NTSTATUS reference
Information HexInt64

Event ID 9728 — Completed IO Irp.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Diagnostic
Task
IOCompleted
Opcode
Stop

Description

Completed IO Irp. Status Status. Information Information.

Message #

Completed IO %1. Status %3. Information %4.

Fields #

NameDescription
Irp Pointer
IrpContext Pointer
Status HexInt32NTSTATUS reference
Information HexInt64

Event ID 9984 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
IOPosted

Description

Posted IO .

Fields #

NameDescription
Irp Pointer
IrpContext Pointer

Event ID 9984 — Posted IO Irp.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Diagnostic
Task
IOPosted

Description

Posted IO Irp.

Message #

Posted IO %1.

Fields #

NameDescription
Irp Pointer
IrpContext Pointer

Event ID 10240 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
IOContinue

Description

Continue IO .

Fields #

NameDescription
Irp Pointer
IrpContext Pointer

Event ID 10240 — Continue IO Irp.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Diagnostic
Task
IOContinue

Description

Continue IO Irp.

Message #

Continue IO %1.

Fields #

NameDescription
Irp Pointer
IrpContext Pointer

Event ID 10496 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
IOPause
Opcode
Suspend

Description

Pause IO . Status . Information .

Fields #

NameDescription
Irp Pointer
IrpContext Pointer
IrpContextFlags HexInt32
Status HexInt32NTSTATUS reference
Information HexInt64
IrpContextFlagsUpper HexInt32

Event ID 10496 — Pause IO Irp.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Diagnostic
Task
IOPause
Opcode
Suspend

Description

Pause IO Irp. Status IrpContextFlags. Information Status.

Message #

Pause IO %1. Status %3. Information %4.

Fields #

NameDescription
Irp Pointer
IrpContext Pointer
IrpContextFlags HexInt32
Status HexInt32NTSTATUS reference
Information HexInt64
IrpContextFlagsUpper HexInt32

Event ID 12288 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
IOResume
Opcode
Resume

Description

Resume IO .

Fields #

NameDescription
Irp Pointer
IrpContext Pointer

Event ID 12288 — Resume IO Irp.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Diagnostic
Task
IOResume
Opcode
Resume

Description

Resume IO Irp.

Message #

Resume IO %1.

Fields #

NameDescription
Irp Pointer
IrpContext Pointer

Event ID 12320 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
DirectIOCompleted

Description

Direct IO . Status . Information . Duration 100s nanoseconds.

Fields #

NameDescription
Irp Pointer
IrpContext Pointer
Status HexInt32NTSTATUS reference
Information HexInt64
Duration HexInt64
RedirectionReason HexInt32

Event ID 12320 — Direct IO Irp.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Diagnostic
Task
DirectIOCompleted

Description

Direct IO Irp. Status Status. Information Information. Duration Duration 100s nanoseconds.

Message #

Direct IO %1. Status %3. Information %4. Duration %5 100s nanoseconds.

Fields #

NameDescription
Irp Pointer
IrpContext Pointer
Status HexInt32NTSTATUS reference
Information HexInt64
Duration HexInt64
RedirectionReason HexInt32

Event ID 12336 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
RedirectedIOCompleted

Description

Redirect IO . Status . Information . Duration 100s nanoseconds.

Fields #

NameDescription
Irp Pointer
IrpContext Pointer
Status HexInt32NTSTATUS reference
Information HexInt64
Duration HexInt64
RedirectionReason HexInt32

Event ID 12336 — Redirect IO Irp.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Diagnostic
Task
RedirectedIOCompleted

Description

Redirect IO Irp. Status Status. Information Information. Duration Duration 100s nanoseconds.

Message #

Redirect IO %1. Status %3. Information %4. Duration %5 100s nanoseconds.

Fields #

NameDescription
Irp Pointer
IrpContext Pointer
Status HexInt32NTSTATUS reference
Information HexInt64
Duration HexInt64
RedirectionReason HexInt32

Event ID 12368 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
NodeStateRundown

Description

Current Node Id .

Fields #

NameDescription
NodeId Int32
ReportCsvFs Boolean

Event ID 12368 — Current Node Id NodeId.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
NodeStateRundown

Description

Current Node Id NodeId.

Message #

Current Node Id %1.

Fields #

NameDescription
NodeId Int32
ReportCsvFs Boolean

Event ID 12544 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
VolumeStateRundown

Description

Volume , .

Fields #

NameDescription
Volume Pointer
VolumeId GUID
VpbFlags Int32
State UInt32
CountersName UnicodeString
VolumeTargetPath UnicodeString
FsTargetPath UnicodeString
EnableCOW Boolean
EnableDirectIo Boolean
ForceWriteThrough Int32
TargetNodeId Int32

Event ID 12544 — Volume VolumeId, CountersName.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
VolumeStateRundown

Description

Volume VolumeId, CountersName.

Message #

Volume %2, %5.

Fields #

NameDescription
Volume Pointer
VolumeId GUID
VpbFlags Int32
State UInt32
CountersName UnicodeString
VolumeTargetPath UnicodeString
FsTargetPath UnicodeString
EnableCOW Boolean
EnableDirectIo Boolean
ForceWriteThrough Int32
TargetNodeId Int32

Event ID 12800 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
UpLevelFileStateRundown

Fields #

NameDescription
Vcb Pointer
Scb Pointer
ScbState HexInt32
ScbCondition HexInt32
ScbConditionStatus HexInt32
ScbDownlevelOplockLevel HexInt32
FileId HexInt64
Ccb Pointer
CcbFlags HexInt32
ShadowFileObject Pointer
RealFileObject Pointer
FileNameLength UInt16
FileName UnicodeString
CreateDisposition HexInt32
DesiredAccess HexInt32Process access rights reference
SharedAccess HexInt32
CreateFlags HexInt32
AttributeFlags HexInt32
FileIdHi HexInt64

Event ID 12800 — File FileName.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Diagnostic
Task
UpLevelFileStateRundown

Message #

File %13.

Fields #

NameDescription
Vcb Pointer
Scb Pointer
ScbState HexInt32
ScbCondition HexInt32
ScbConditionStatus HexInt32
ScbDownlevelOplockLevel HexInt32
FileId HexInt64
Ccb Pointer
CcbFlags HexInt32
ShadowFileObject Pointer
RealFileObject Pointer
FileNameLength UInt16
FileName UnicodeString
CreateDisposition HexInt32
DesiredAccess HexInt32Process access rights reference
SharedAccess HexInt32
CreateFlags HexInt32
AttributeFlags HexInt32
FileIdHi HexInt64

Event ID 13056 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
ByteRangeLockRundown

Description

Lock. At ; Length ; Key ; Exclusive .

Fields #

NameDescription
Scb Pointer
File Pointer
Process Pointer
Offset HexInt64
Length HexInt64
Key HexInt32
Exclusive Boolean
Context Pointer

Event ID 13056 — Lock.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Diagnostic
Task
ByteRangeLockRundown

Description

Lock. At Offset; Length Length; Key Key; Exclusive Exclusive.

Message #

Lock. At %4; Length %5; Key %6; Exclusive %7.

Fields #

NameDescription
Scb Pointer
File Pointer
Process Pointer
Offset HexInt64
Length HexInt64
Key HexInt32
Exclusive Boolean
Context Pointer

Event ID 16384 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
Tunneling

Description

Tunnel operation . Result .

Fields #

NameDescription
TunnelOperationCode HexInt32
TunnelActivityId HexInt32
status HexInt32NTSTATUS reference

Event ID 16384 — Tunnel operation TunnelOperationCode.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Diagnostic
Task
Tunneling

Description

Tunnel operation TunnelOperationCode. Result status.

Message #

Tunnel operation %1. Result %3.

Fields #

NameDescription
TunnelOperationCode HexInt32
TunnelActivityId HexInt32
status HexInt32NTSTATUS reference

Event ID 20480 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
StreamFlushAndPurge

Description

Stream was flushed and purged from offset , length . Result .

Fields #

NameDescription
Scb Pointer
FileOffset HexInt64
Length HexInt32
Flags HexInt32
status HexInt32NTSTATUS reference

Event ID 20480 — Stream was flushed and purged from offset FileOffset, length Length.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Diagnostic
Task
StreamFlushAndPurge

Description

Stream was flushed and purged from offset FileOffset, length Length. Result status.

Message #

Stream was flushed and purged from offset %2, length %3. Result %5.

Fields #

NameDescription
Scb Pointer
FileOffset HexInt64
Length HexInt32
Flags HexInt32
status HexInt32NTSTATUS reference

Event ID 24576 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
StreamFlush

Description

Stream was flushed from offset , length . Result .

Fields #

NameDescription
Scb Pointer
FileOffset HexInt64
Length HexInt32
status HexInt32NTSTATUS reference

Event ID 24576 — Stream was flushed from offset FileOffset, length Length.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Diagnostic
Task
StreamFlush

Description

Stream was flushed from offset FileOffset, length Length. Result status.

Message #

Stream was flushed from offset %2, length %3. Result %4.

Fields #

NameDescription
Scb Pointer
FileOffset HexInt64
Length HexInt32
status HexInt32NTSTATUS reference

Event ID 28672 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
StreamPurge

Description

Stream was purged from offset , length . Result .

Fields #

NameDescription
Scb Pointer
FileOffset HexInt64
Length HexInt32
status HexInt32NTSTATUS reference

Event ID 28672 — Stream was purged from offset FileOffset, length Length.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Diagnostic
Task
StreamPurge

Description

Stream was purged from offset FileOffset, length Length. Result status.

Message #

Stream was purged from offset %2, length %3. Result %4.

Fields #

NameDescription
Scb Pointer
FileOffset HexInt64
Length HexInt32
status HexInt32NTSTATUS reference

Event ID 32768 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
VolumePurge

Description

Volume was purged. Result .

Fields #

NameDescription
Vcb Pointer
status HexInt32NTSTATUS reference

Event ID 32768 — Volume was purged.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Diagnostic
Task
VolumePurge

Description

Volume was purged. Result status.

Message #

Volume was purged. Result %2.

Fields #

NameDescription
Vcb Pointer
status HexInt32NTSTATUS reference

Event ID 36864 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
Bookmark

Description

Bookmark: .

Fields #

NameDescription
Vcb Pointer
Scb Pointer
FileId HexInt64
Ccb Pointer
ShadowFileObject Pointer
FileNameLength UInt16
FileName UnicodeString
BookmarkLength UInt16
Bookmark UnicodeString
FileIdHi HexInt64

Event ID 36864 — Bookmark: Bookmark.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Diagnostic
Task
Bookmark

Description

Bookmark: Bookmark.

Message #

Bookmark: %9.

Fields #

NameDescription
Vcb Pointer
Scb Pointer
FileId HexInt64
Ccb Pointer
ShadowFileObject Pointer
FileNameLength UInt16
FileName UnicodeString
BookmarkLength UInt16
Bookmark UnicodeString
FileIdHi HexInt64

Event ID 40960 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
DriverLoad

Description

Driver loaded.

Fields #

NameDescription
MaxLookAsideDepth UInt64
CpuCount UInt64
Status HexInt32NTSTATUS reference

Event ID 40960 — Driver loaded.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
DriverLoad

Description

Driver loaded.

Message #

Driver loaded.

Fields #

NameDescription
MaxLookAsideDepth UInt64
CpuCount UInt64
Status HexInt32NTSTATUS reference

Event ID 45056 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
ClusterConnected

Description

Cluster service connected.

Fields #

NameDescription
FileObject Pointer
ProcessId Pointer
Status HexInt32NTSTATUS reference

Event ID 45056 — Cluster service connected.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
ClusterConnected

Description

Cluster service connected.

Message #

Cluster service connected.

Fields #

NameDescription
FileObject Pointer
ProcessId Pointer
Status HexInt32NTSTATUS reference

Event ID 49152 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
ClusterDisconnected

Description

Cluster service disconnected.

Fields #

NameDescription
FileObject Pointer
ProcessId Pointer

Event ID 49152 — Cluster service disconnected.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
ClusterDisconnected

Description

Cluster service disconnected.

Message #

Cluster service disconnected.

Fields #

NameDescription
FileObject Pointer
ProcessId Pointer

Event ID 53248 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
AcquireForCreateSection

Description

Data section created.

Fields #

NameDescription
FileObject Pointer
FileNameLength UInt16
FileName UnicodeString
Scb Pointer
Ccb Pointer
Operation UInt16
Known values
%%2456
Open key file.
%%2457
Delete key file.
%%2458
Read persisted key from file.
%%2459
Write persisted key to file.
%%2464
Export of persistent cryptographic key.
%%2465
Import of persistent cryptographic key.
%%2480
Open Key.
%%2481
Create Key.
%%2482
Delete Key.
%%2483
Encrypt.
%%2484
Decrypt.
%%2485
Sign hash.
%%2486
Secret agreement.
%%2487
Domain settings.
%%2488
Local settings.
%%2489
Add provider.
%%2490
Remove provider.
%%2491
Add context.
%%2492
Remove context.
%%2493
Add function.
%%2494
Remove function.
%%2495
Add function provider.
%%2496
Remove function provider.
%%2497
Add function property.
%%2498
Remove function property.
%%2499
Machine key.
%%2500
User key.
%%2501
Key Derivation.
%%2502
Claim Creation.
%%2503
Claim Verification.
SyncType UInt32
Status HexInt32NTSTATUS reference

Event ID 53248 — Data section created.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Diagnostic
Task
AcquireForCreateSection

Description

Data section created.

Message #

Data section created.

Fields #

NameDescription
FileObject Pointer
FileNameLength UInt16
FileName UnicodeString
Scb Pointer
Ccb Pointer
Operation UInt16
Known values
%%2456
Open key file.
%%2457
Delete key file.
%%2458
Read persisted key from file.
%%2459
Write persisted key to file.
%%2464
Export of persistent cryptographic key.
%%2465
Import of persistent cryptographic key.
%%2480
Open Key.
%%2481
Create Key.
%%2482
Delete Key.
%%2483
Encrypt.
%%2484
Decrypt.
%%2485
Sign hash.
%%2486
Secret agreement.
%%2487
Domain settings.
%%2488
Local settings.
%%2489
Add provider.
%%2490
Remove provider.
%%2491
Add context.
%%2492
Remove context.
%%2493
Add function.
%%2494
Remove function.
%%2495
Add function provider.
%%2496
Remove function provider.
%%2497
Add function property.
%%2498
Remove function property.
%%2499
Machine key.
%%2500
User key.
%%2501
Key Derivation.
%%2502
Claim Creation.
%%2503
Claim Verification.
SyncType UInt32
Status HexInt32NTSTATUS reference

Event ID 57344 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
SharedCacheMapInitialized

Description

Shared Cahce Map Initialized.

Fields #

NameDescription
FileObject Pointer
FileNameLength UInt16
FileName UnicodeString
Scb Pointer
Ccb Pointer

Event ID 57344 — Shared Cahce Map Initialized.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Diagnostic
Task
SharedCacheMapInitialized

Description

Shared Cahce Map Initialized.

Message #

Shared Cahce Map Initialized.

Fields #

NameDescription
FileObject Pointer
FileNameLength UInt16
FileName UnicodeString
Scb Pointer
Ccb Pointer

Event ID 61440 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
SharedCacheMapUninitialized

Description

Shared Cahce Map Uninitialized.

Fields #

NameDescription
FileObject Pointer
FileNameLength UInt16
FileName UnicodeString
Scb Pointer
Ccb Pointer
TruncateSize HexInt64
HasEvent Boolean
Result Boolean

Event ID 61440 — Shared Cahce Map Uninitialized.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Diagnostic
Task
SharedCacheMapUninitialized

Description

Shared Cahce Map Uninitialized.

Message #

Shared Cahce Map Uninitialized.

Fields #

NameDescription
FileObject Pointer
FileNameLength UInt16
FileName UnicodeString
Scb Pointer
Ccb Pointer
TruncateSize HexInt64
HasEvent Boolean
Result Boolean

Event ID 61696 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
Capture

Description

Capture full payload.

Fields #

NameDescription
FileObject Pointer
Ccb Pointer
Scb Pointer
Fcb Pointer
FileId HexInt64
FileIdHi HexInt64
StreamId HexInt64
OplockLevel HexInt32
Flags HexInt32
Offset HexInt64
Length HexInt32
Data Binary
Status HexInt32NTSTATUS reference

Event ID 61696 — Capture full payload.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Diagnostic
Task
Capture

Description

Capture full payload.

Message #

Capture full payload.

Fields #

NameDescription
FileObject Pointer
Ccb Pointer
Scb Pointer
Fcb Pointer
FileId HexInt64
FileIdHi HexInt64
StreamId HexInt64
OplockLevel HexInt32
Flags HexInt32
Offset HexInt64
Length HexInt32
Data Binary
Status HexInt32NTSTATUS reference

Event ID 61952 —

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Operational
Task
Capture

Description

Capture payload segment.

Fields #

NameDescription
FileObject Pointer
Ccb Pointer
Scb Pointer
Fcb Pointer
FileId HexInt64
FileIdHi HexInt64
StreamId HexInt64
OplockLevel HexInt32
Flags HexInt32
Offset HexInt64
Length HexInt32
FragmentOffset HexInt64
FragmentLength HexInt32
Data Binary
Status HexInt32NTSTATUS reference

Event ID 61952 — Capture payload segment.

Provider
Microsoft-Windows-FailoverClustering-CsvFs-Diagnostic
Channel
Diagnostic
Task
Capture

Description

Capture payload segment.

Message #

Capture payload segment.

Fields #

NameDescription
FileObject Pointer
Ccb Pointer
Scb Pointer
Fcb Pointer
FileId HexInt64
FileIdHi HexInt64
StreamId HexInt64
OplockLevel HexInt32
Flags HexInt32
Offset HexInt64
Length HexInt32
FragmentOffset HexInt64
FragmentLength HexInt32
Data Binary
Status HexInt32NTSTATUS reference