Microsoft-Windows-Hyper-V-VSmb

45 events across 3 channels

Event ID	Title	Channel
1		Operational
1	[VMID VmId] TraceData.	Microsoft-Windows-Hyper-V-Worker-Analytic
2		Operational
2	[VMID VmId] TraceData.	Microsoft-Windows-Hyper-V-Worker-Analytic
3		Operational
3	[VMID VmId] TraceData.	Microsoft-Windows-Hyper-V-Worker-Analytic
4		Operational
4	[VMID VmId] TraceData.	Microsoft-Windows-Hyper-V-Worker-Analytic
101	SMB2 Response Negotiate	Operational
102	SMB2 Response Session Setup	Operational
103	SMB2 Response Logoff	Operational
104	SMB2 Response Tree Connect	Operational
105	SMB2 Response Tree Disconnect	Operational
106	SMB2 Response Echo	Operational
108	SMB2 Response Create	Operational
109	SMB2 Response Close	Operational
110	SMB2 Response Flush	Operational
111	SMB2 Response Read	Operational
112	SMB2 Response Write	Operational
113	SMB2 Response Break Oplock	Operational
115	SMB2 Response Acknowledge Break Lease	Operational
116	SMB2 Response Lock	Operational
117	SMB2 Response Ioctl	Operational
118	SMB2 Response Query Directory	Operational
119	SMB2 Response Change Notify	Operational
120	SMB2 Response Query Info	Operational
121	SMB2 Response Set Info	Operational
122	SMB2 Response Error	Operational
201	VSMBNET Read segment length	Operational
202	VSMBNET Read segment	Operational
203	VSMBNET write segment	Operational
204		Operational
204	VMId: VSMB Direct Map Section Created GPA Index GpaPageIndex PageCount …	Microsoft-Windows-Hyper-V-Worker-Operational
205		Operational
205	VMId: VSMB Direct Map Section destroyed GPA Index GpaPageIndex.	Microsoft-Windows-Hyper-V-Worker-Operational
206		Operational
206	VMId: VSMB Dataless CIMFs Direct Map Request failed in share VMName for file …	Microsoft-Windows-Hyper-V-Worker-Operational
301		Operational
301	'VMName': VSMB Share is creating ShareName: 'ShareName' SharePath: 'SharePath' …	Microsoft-Windows-Hyper-V-Worker-Operational
401		Operational
401	Message.	Microsoft-Windows-Hyper-V-Worker-Analytic
402		Operational
402	Message.	Microsoft-Windows-Hyper-V-Worker-Analytic
403		Operational
403	Message.	Microsoft-Windows-Hyper-V-Worker-Analytic

Event ID 1 —

Provider: Microsoft-Windows-Hyper-V-VSmb
Channel: Operational
Opcode: Info

Fields #

Name	Description
`TraceData` UnicodeString	—
`VmName` UnicodeString	—
`VmId` UnicodeString	—
`StackFrameCount` UInt32	—
`StackFrame` Pointer	—
`ModuleCount` UInt32	—
`Module` Int32	—

Event ID 1 — [VMID VmId] TraceData.

Provider: Microsoft-Windows-Hyper-V-VSmb
Channel: Microsoft-Windows-Hyper-V-Worker-Analytic
Opcode: Info

Message #

[VMID %3] %1

Fields #

Name	Description
`TraceData` UnicodeString	—
`VmName` UnicodeString	—
`VmId` UnicodeString	—
`StackFrameCount` UInt32	—
`StackFrame` Pointer	—
`ModuleCount` UInt32	—
`Module` Int32	—

Event ID 2 —

Provider: Microsoft-Windows-Hyper-V-VSmb
Channel: Operational
Opcode: Info

Fields #

Name	Description
`TraceData` UnicodeString	—
`VmName` UnicodeString	—
`VmId` UnicodeString	—
`StackFrameCount` UInt32	—
`StackFrame` Pointer	—
`ModuleCount` UInt32	—
`Module` Int32	—

Event ID 2 — [VMID VmId] TraceData.

Provider: Microsoft-Windows-Hyper-V-VSmb
Channel: Microsoft-Windows-Hyper-V-Worker-Analytic
Opcode: Info

Message #

[VMID %3] %1

Fields #

Name	Description
`TraceData` UnicodeString	—
`VmName` UnicodeString	—
`VmId` UnicodeString	—
`StackFrameCount` UInt32	—
`StackFrame` Pointer	—
`ModuleCount` UInt32	—
`Module` Int32	—

Event ID 3 —

Provider: Microsoft-Windows-Hyper-V-VSmb
Channel: Operational
Opcode: Info

Fields #

Name	Description
`TraceData` UnicodeString	—
`VmName` UnicodeString	—
`VmId` UnicodeString	—
`StackFrameCount` UInt32	—
`StackFrame` Pointer	—
`ModuleCount` UInt32	—
`Module` Int32	—

Event ID 3 — [VMID VmId] TraceData.

Provider: Microsoft-Windows-Hyper-V-VSmb
Channel: Microsoft-Windows-Hyper-V-Worker-Analytic
Opcode: Info

Message #

[VMID %3] %1

Fields #

Name	Description
`TraceData` UnicodeString	—
`VmName` UnicodeString	—
`VmId` UnicodeString	—
`StackFrameCount` UInt32	—
`StackFrame` Pointer	—
`ModuleCount` UInt32	—
`Module` Int32	—

Event ID 4 —

Provider: Microsoft-Windows-Hyper-V-VSmb
Channel: Operational
Opcode: Info

Fields #

Name	Description
`TraceData` UnicodeString	—
`VmName` UnicodeString	—
`VmId` UnicodeString	—
`StackFrameCount` UInt32	—
`StackFrame` Pointer	—
`ModuleCount` UInt32	—
`Module` Int32	—

Event ID 4 — [VMID VmId] TraceData.

Provider: Microsoft-Windows-Hyper-V-VSmb
Channel: Microsoft-Windows-Hyper-V-Worker-Analytic
Opcode: Info

Message #

[VMID %3] %1

Fields #

Name	Description
`TraceData` UnicodeString	—
`VmName` UnicodeString	—
`VmId` UnicodeString	—
`StackFrameCount` UInt32	—
`StackFrame` Pointer	—
`ModuleCount` UInt32	—
`Module` Int32	—

Event ID 101 — SMB2 Response Negotiate

Provider: Microsoft-Windows-Hyper-V-VSmb
Channel: Operational
Task: Smb2ResponseNegotiate

Description

SMB2 Response Negotiate.

Message #

SMB2 Response Negotiate

Fields #

Name	Description
`SessionId` UInt64	—
`ProcessId` UInt32	—
`TreeId` UInt32	—
`MessageId` UInt64	—
`MasterMessageId` UInt64	—
`Command` UInt16	—
`CreditsGranted` UInt16	—
`Flags` UInt32	—
`Status` UInt32	— NTSTATUS reference
`ResponseTime_QPC` UInt64	—

Event ID 102 — SMB2 Response Session Setup

Provider: Microsoft-Windows-Hyper-V-VSmb
Channel: Operational
Task: Smb2ResponseSessionSetup

Description

SMB2 Response Session Setup.

Message #

SMB2 Response Session Setup

Fields #

Name	Description
`SessionId` UInt64	—
`ProcessId` UInt32	—
`TreeId` UInt32	—
`MessageId` UInt64	—
`MasterMessageId` UInt64	—
`Command` UInt16	—
`CreditsGranted` UInt16	—
`Flags` UInt32	—
`Status` UInt32	— NTSTATUS reference
`ResponseTime_QPC` UInt64	—

Event ID 103 — SMB2 Response Logoff

Provider: Microsoft-Windows-Hyper-V-VSmb
Channel: Operational
Task: Smb2ResponseLogoff

Description

SMB2 Response Logoff.

Message #

SMB2 Response Logoff

Fields #

Name	Description
`SessionId` UInt64	—
`ProcessId` UInt32	—
`TreeId` UInt32	—
`MessageId` UInt64	—
`MasterMessageId` UInt64	—
`Command` UInt16	—
`CreditsGranted` UInt16	—
`Flags` UInt32	—
`Status` UInt32	— NTSTATUS reference
`ResponseTime_QPC` UInt64	—

Event ID 104 — SMB2 Response Tree Connect

Provider: Microsoft-Windows-Hyper-V-VSmb
Channel: Operational
Task: Smb2ResponseTreeConnect

Description

SMB2 Response Tree Connect.

Message #

SMB2 Response Tree Connect

Fields #

Name	Description
`SessionId` UInt64	—
`ProcessId` UInt32	—
`TreeId` UInt32	—
`MessageId` UInt64	—
`MasterMessageId` UInt64	—
`Command` UInt16	—
`CreditsGranted` UInt16	—
`Flags` UInt32	—
`Status` UInt32	— NTSTATUS reference
`ResponseTime_QPC` UInt64	—
`ShareType` UInt8	—
`ShareFlags` UInt32	—
`Capabilities` UInt32	—
`MaximalAccess` UInt32	—

Event ID 105 — SMB2 Response Tree Disconnect

Provider: Microsoft-Windows-Hyper-V-VSmb
Channel: Operational
Task: Smb2ResponseTreeDisconnect

Description

SMB2 Response Tree Disconnect.

Message #

SMB2 Response Tree Disconnect

Fields #

Name	Description
`SessionId` UInt64	—
`ProcessId` UInt32	—
`TreeId` UInt32	—
`MessageId` UInt64	—
`MasterMessageId` UInt64	—
`Command` UInt16	—
`CreditsGranted` UInt16	—
`Flags` UInt32	—
`Status` UInt32	— NTSTATUS reference
`ResponseTime_QPC` UInt64	—

Event ID 106 — SMB2 Response Echo

Provider: Microsoft-Windows-Hyper-V-VSmb
Channel: Operational
Task: Smb2ResponseEcho

Description

SMB2 Response Echo.

Message #

SMB2 Response Echo

Fields #

Name	Description
`SessionId` UInt64	—
`ProcessId` UInt32	—
`TreeId` UInt32	—
`MessageId` UInt64	—
`MasterMessageId` UInt64	—
`Command` UInt16	—
`CreditsGranted` UInt16	—
`Flags` UInt32	—
`Status` UInt32	— NTSTATUS reference
`ResponseTime_QPC` UInt64	—

Event ID 108 — SMB2 Response Create

Provider: Microsoft-Windows-Hyper-V-VSmb
Channel: Operational
Task: Smb2ResponseCreate

Description

SMB2 Response Create.

Message #

SMB2 Response Create

Fields #

Name	Description
`SessionId` UInt64	—
`ProcessId` UInt32	—
`TreeId` UInt32	—
`MessageId` UInt64	—
`MasterMessageId` UInt64	—
`Command` UInt16	—
`CreditsGranted` UInt16	—
`Flags` UInt32	—
`Status` UInt32	— NTSTATUS reference
`ResponseTime_QPC` UInt64	—
`AllocationSize` UInt64	—
`FileNameLength` UInt16	—
`FileName` UnicodeString	—

Event ID 109 — SMB2 Response Close

Provider: Microsoft-Windows-Hyper-V-VSmb
Channel: Operational
Task: Smb2ResponseClose

Description

SMB2 Response Close.

Message #

SMB2 Response Close

Fields #

Name	Description
`SessionId` UInt64	—
`ProcessId` UInt32	—
`TreeId` UInt32	—
`MessageId` UInt64	—
`MasterMessageId` UInt64	—
`Command` UInt16	—
`CreditsGranted` UInt16	—
`Flags` UInt32	—
`Status` UInt32	— NTSTATUS reference
`ResponseTime_QPC` UInt64	—
`AllocationSize` UInt64	—
`FileNameLength` UInt16	—
`FileName` UnicodeString	—

Event ID 110 — SMB2 Response Flush

Provider: Microsoft-Windows-Hyper-V-VSmb
Channel: Operational
Task: Smb2ResponseFlush

Description

SMB2 Response Flush.

Message #

SMB2 Response Flush

Fields #

Name	Description
`SessionId` UInt64	—
`ProcessId` UInt32	—
`TreeId` UInt32	—
`MessageId` UInt64	—
`MasterMessageId` UInt64	—
`Command` UInt16	—
`CreditsGranted` UInt16	—
`Flags` UInt32	—
`Status` UInt32	— NTSTATUS reference
`ResponseTime_QPC` UInt64	—
`AllocationSize` UInt64	—
`FileNameLength` UInt16	—
`FileName` UnicodeString	—

Event ID 111 — SMB2 Response Read

Provider: Microsoft-Windows-Hyper-V-VSmb
Channel: Operational
Task: Smb2ResponseRead

Description

SMB2 Response Read.

Message #

SMB2 Response Read

Fields #

Name	Description
`SessionId` UInt64	—
`ProcessId` UInt32	—
`TreeId` UInt32	—
`MessageId` UInt64	—
`MasterMessageId` UInt64	—
`Command` UInt16	—
`CreditsGranted` UInt16	—
`Flags` UInt32	—
`Status` UInt32	— NTSTATUS reference
`ResponseTime_QPC` UInt64	—
`LengthRead` UInt32	—

Event ID 112 — SMB2 Response Write

Provider: Microsoft-Windows-Hyper-V-VSmb
Channel: Operational
Task: Smb2ResponseWrite

Description

SMB2 Response Write.

Message #

SMB2 Response Write

Fields #

Name	Description
`SessionId` UInt64	—
`ProcessId` UInt32	—
`TreeId` UInt32	—
`MessageId` UInt64	—
`MasterMessageId` UInt64	—
`Command` UInt16	—
`CreditsGranted` UInt16	—
`Flags` UInt32	—
`Status` UInt32	— NTSTATUS reference
`ResponseTime_QPC` UInt64	—
`LengthWritten` UInt32	—
`Remaining` UInt32	—
`WriteChannelInfoOffset` UInt16	—
`WriteChannelInfoLength` UInt16	—

Event ID 113 — SMB2 Response Break Oplock

Provider: Microsoft-Windows-Hyper-V-VSmb
Channel: Operational
Task: Smb2ResponseBreakOplock

Description

SMB2 Response Break Oplock.

Message #

SMB2 Response Break Oplock

Fields #

Name	Description
`SessionId` UInt64	—
`ProcessId` UInt32	—
`TreeId` UInt32	—
`MessageId` UInt64	—
`MasterMessageId` UInt64	—
`Command` UInt16	—
`CreditsGranted` UInt16	—
`Flags` UInt32	—
`Status` UInt32	— NTSTATUS reference
`ResponseTime_QPC` UInt64	—
`OplockLevel` UInt8	—
`FileId` UInt64	—

Event ID 115 — SMB2 Response Acknowledge Break Lease

Provider: Microsoft-Windows-Hyper-V-VSmb
Channel: Operational
Task: Smb2ResponseAcknowledgeBreakLease

Description

SMB2 Response Acknowledge Break Lease.

Message #

SMB2 Response Acknowledge Break Lease

Fields #

Name	Description
`SessionId` UInt64	—
`ProcessId` UInt32	—
`TreeId` UInt32	—
`MessageId` UInt64	—
`MasterMessageId` UInt64	—
`Command` UInt16	—
`CreditsGranted` UInt16	—
`Flags` UInt32	—
`Status` UInt32	— NTSTATUS reference
`ResponseTime_QPC` UInt64	—
`LeaseFlags` UInt32	—
`LeaseState` UInt32	—
`LeaseDuration` Int64	—
`LeaseKey` GUID	—

Event ID 116 — SMB2 Response Lock

Provider: Microsoft-Windows-Hyper-V-VSmb
Channel: Operational
Task: Smb2ResponseLock

Description

SMB2 Response Lock.

Message #

SMB2 Response Lock

Fields #

Name	Description
`SessionId` UInt64	—
`ProcessId` UInt32	—
`TreeId` UInt32	—
`MessageId` UInt64	—
`MasterMessageId` UInt64	—
`Command` UInt16	—
`CreditsGranted` UInt16	—
`Flags` UInt32	—
`Status` UInt32	— NTSTATUS reference
`ResponseTime_QPC` UInt64	—

Event ID 117 — SMB2 Response Ioctl

Provider: Microsoft-Windows-Hyper-V-VSmb
Channel: Operational
Task: Smb2ResponseIoctl

Description

SMB2 Response Ioctl.

Message #

SMB2 Response Ioctl

Fields #

Name	Description
`SessionId` UInt64	—
`ProcessId` UInt32	—
`TreeId` UInt32	—
`MessageId` UInt64	—
`MasterMessageId` UInt64	—
`Command` UInt16	—
`CreditsGranted` UInt16	—
`Flags` UInt32	—
`Status` UInt32	— NTSTATUS reference
`ResponseTime_QPC` UInt64	—
`ControlCode` UInt32	—
`IoctlFlags` UInt32	—
`FileId` UInt64	—

Event ID 118 — SMB2 Response Query Directory

Provider: Microsoft-Windows-Hyper-V-VSmb
Channel: Operational
Task: Smb2ResponseQueryDirectory

Description

SMB2 Response Query Directory.

Message #

SMB2 Response Query Directory

Fields #

Name	Description
`SessionId` UInt64	—
`ProcessId` UInt32	—
`TreeId` UInt32	—
`MessageId` UInt64	—
`MasterMessageId` UInt64	—
`Command` UInt16	—
`CreditsGranted` UInt16	—
`Flags` UInt32	—
`Status` UInt32	— NTSTATUS reference
`ResponseTime_QPC` UInt64	—
`Infoclass` UInt64	—

Event ID 119 — SMB2 Response Change Notify

Provider: Microsoft-Windows-Hyper-V-VSmb
Channel: Operational
Task: Smb2ResponseChangeNotify

Description

SMB2 Response Change Notify.

Message #

SMB2 Response Change Notify

Fields #

Name	Description
`SessionId` UInt64	—
`ProcessId` UInt32	—
`TreeId` UInt32	—
`MessageId` UInt64	—
`MasterMessageId` UInt64	—
`Command` UInt16	—
`CreditsGranted` UInt16	—
`Flags` UInt32	—
`Status` UInt32	— NTSTATUS reference
`ResponseTime_QPC` UInt64	—

Event ID 120 — SMB2 Response Query Info

Provider: Microsoft-Windows-Hyper-V-VSmb
Channel: Operational
Task: Smb2ResponseQueryInfo

Description

SMB2 Response Query Info.

Message #

SMB2 Response Query Info

Fields #

Name	Description
`SessionId` UInt64	—
`ProcessId` UInt32	—
`TreeId` UInt32	—
`MessageId` UInt64	—
`MasterMessageId` UInt64	—
`Command` UInt16	—
`CreditsGranted` UInt16	—
`Flags` UInt32	—
`Status` UInt32	— NTSTATUS reference
`ResponseTime_QPC` UInt64	—
`InfoType` UInt32	—
`InfoClass` UInt32	—
`AllocationSize` UInt64	—
`FileNameLength` UInt16	—
`FileName` UnicodeString	—

Event ID 121 — SMB2 Response Set Info

Provider: Microsoft-Windows-Hyper-V-VSmb
Channel: Operational
Task: Smb2ResponseSetInfo

Description

SMB2 Response Set Info.

Message #

SMB2 Response Set Info

Fields #

Name	Description
`SessionId` UInt64	—
`ProcessId` UInt32	—
`TreeId` UInt32	—
`MessageId` UInt64	—
`MasterMessageId` UInt64	—
`Command` UInt16	—
`CreditsGranted` UInt16	—
`Flags` UInt32	—
`Status` UInt32	— NTSTATUS reference
`ResponseTime_QPC` UInt64	—
`InfoType` UInt32	—
`InfoClass` UInt32	—
`AllocationSize` UInt64	—
`FileNameLength` UInt16	—
`FileName` UnicodeString	—

Event ID 122 — SMB2 Response Error

Provider: Microsoft-Windows-Hyper-V-VSmb
Channel: Operational
Task: Smb2ResponseError

Description

SMB2 Response Error.

Message #

SMB2 Response Error

Fields #

Name	Description
`SessionId` UInt64	—
`ProcessId` UInt32	—
`TreeId` UInt32	—
`MessageId` UInt64	—
`MasterMessageId` UInt64	—
`Command` UInt16	—
`CreditsGranted` UInt16	—
`Flags` UInt32	—
`Status` UInt32	— NTSTATUS reference
`ResponseTime_QPC` UInt64	—

Event ID 201 — VSMBNET Read segment length

Provider: Microsoft-Windows-Hyper-V-VSmb
Channel: Operational
Task: VSmbnetReadSegmentLength

Description

VSMBNET Read segment length.

Message #

VSMBNET Read segment length

Fields #

Name	Description
`LengthRead` UInt32	—
`ResponseTime_QPC` UInt64	—

Event ID 202 — VSMBNET Read segment

Provider: Microsoft-Windows-Hyper-V-VSmb
Channel: Operational
Task: VSmbnetReadSegment

Description

VSMBNET Read segment.

Message #

VSMBNET Read segment

Fields #

Name	Description
`LengthRead` UInt32	—
`ResponseTime_QPC` UInt64	—

Event ID 203 — VSMBNET write segment

Provider: Microsoft-Windows-Hyper-V-VSmb
Channel: Operational
Task: VSmbnetWriteSegment

Description

VSMBNET write segment.

Message #

VSMBNET write segment

Fields #

Name	Description
`LengthWrite` UInt32	—
`ResponseTime_QPC` UInt64	—

Event ID 204 —

Provider: Microsoft-Windows-Hyper-V-VSmb
Channel: Operational
Task: VSmbCreateDirectMapSection

Description

: VSMB Direct Map Section Created GPA Index PageCount.

Fields #

Name	Description
`VMId` UnicodeString	—
`GpaPageIndex` UInt64	—
`PageCount` UInt64	—

Event ID 204 — VMId: VSMB Direct Map Section Created GPA Index GpaPageIndex PageCount PageCount.

Provider: Microsoft-Windows-Hyper-V-VSmb
Channel: Microsoft-Windows-Hyper-V-Worker-Operational
Task: VSmbCreateDirectMapSection

Description

VMId: VSMB Direct Map Section Created GPA Index GpaPageIndex PageCount PageCount.

Message #

%1: VSMB Direct Map Section Created GPA Index %2 PageCount %3

Fields #

Name	Description
`VMId` UnicodeString	—
`GpaPageIndex` UInt64	—
`PageCount` UInt64	—

Event ID 205 —

Provider: Microsoft-Windows-Hyper-V-VSmb
Channel: Operational
Task: VSmbDestroyDirectMapSection

Description

: VSMB Direct Map Section destroyed GPA Index.

Fields #

Name	Description
`VMId` UnicodeString	—
`GpaPageIndex` UInt64	—
`PageCount` UInt64	—

Event ID 205 — VMId: VSMB Direct Map Section destroyed GPA Index GpaPageIndex.

Provider: Microsoft-Windows-Hyper-V-VSmb
Channel: Microsoft-Windows-Hyper-V-Worker-Operational
Task: VSmbDestroyDirectMapSection

Description

VMId: VSMB Direct Map Section destroyed GPA Index GpaPageIndex.

Message #

%1: VSMB Direct Map Section destroyed GPA Index %2

Fields #

Name	Description
`VMId` UnicodeString	—
`GpaPageIndex` UInt64	—
`PageCount` UInt64	—

Event ID 206 —

Provider: Microsoft-Windows-Hyper-V-VSmb
Channel: Operational
Opcode: Info

Description

: VSMB Dataless CIMFs Direct Map Request failed in share for file due to size mismatch. Expected: . Actual . The CIM file may need to be recreated.

Fields #

Name	Description
`VMId` UnicodeString	—
`VMName` UnicodeString	—
`SharePath` UnicodeString	—
`FileRelativePath` UnicodeString	—
`ExpectedSize` UInt64	—
`ActualSize` UInt64	—

Event ID 206 — VMId: VSMB Dataless CIMFs Direct Map Request failed in share VMName for file SharePath due to size mismatch.

Provider: Microsoft-Windows-Hyper-V-VSmb
Channel: Microsoft-Windows-Hyper-V-Worker-Operational
Opcode: Info

Description

VMId: VSMB Dataless CIMFs Direct Map Request failed in share VMName for file SharePath due to size mismatch. Expected: FileRelativePath. Actual ExpectedSize. The CIM file may need to be recreated.

Message #

%1: VSMB Dataless CIMFs Direct Map Request failed in share %2 for file %3 due to size mismatch. Expected: %4. Actual %5. The CIM file may need to be recreated.

Fields #

Name	Description
`VMId` UnicodeString	—
`VMName` UnicodeString	—
`SharePath` UnicodeString	—
`FileRelativePath` UnicodeString	—
`ExpectedSize` UInt64	—
`ActualSize` UInt64	—

Event ID 301 —

Provider: Microsoft-Windows-Hyper-V-VSmb
Channel: Operational
Opcode: Info

Description

'VMName': VSMB Share is creating ShareName: 'ShareName' SharePath: 'SharePath' ShareFlags: ShareFlags. (Virtual machine ID VMId).

Fields #

Name	Description
`VMId` UnicodeString	—
`VMName` UnicodeString	—
`ShareName` UnicodeString	—
`SharePath` UnicodeString	—
`ShareFlags` UInt64	—
`ShareJson` UnicodeString	—

Event ID 301 — 'VMName': VSMB Share is creating ShareName: 'ShareName' SharePath: 'SharePath' ShareFlags: ShareFlags.

Provider: Microsoft-Windows-Hyper-V-VSmb
Channel: Microsoft-Windows-Hyper-V-Worker-Operational
Level: Informational
Opcode: Info

Description

'VMName': VSMB Share is creating ShareName: 'ShareName' SharePath: 'SharePath' ShareFlags: ShareFlags. (Virtual machine ID VMId).

Message #

'%2': VSMB Share is creating ShareName: '%3' SharePath: '%4' ShareFlags: %5. (Virtual machine ID %1)

Fields #

Name	Description
`VMId` UnicodeString	—
`VMName` UnicodeString	—
`ShareName` UnicodeString	—
`SharePath` UnicodeString	—
`ShareFlags` UInt64	—
`ShareJson` UnicodeString	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Hyper-V-VSmb",
    "guid": "7B0EA079-E3BC-424A-B2F0-E3D8478D204B",
    "event_source_name": "",
    "event_id": 301,
    "version": 1,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 2305843009213693968,
    "time_created": "2026-03-13T20:08:13.013130+00:00",
    "event_record_id": 1,
    "correlation": {
      "ActivityID": "A5B814C5-B324-0005-441D-B8A524B3DC01"
    },
    "execution": {
      "process_id": 9752,
      "thread_id": 8468
    },
    "channel": "Microsoft-Windows-Hyper-V-Worker-Operational",
    "computer": "LAB-WIN11.ludus.domain",
    "security": {
      "user_id": "S-1-5-83-1-754131803-1256623942-3691508397-1420384594"
    }
  },
  "event_data": {
    "VMId": "2CF3235B-8F46-4AE6-ADF2-07DC5259A954",
    "VMName": "2cf3235b-8f46-4ae6-adf2-07dc5259a954",
    "ShareName": "os",
    "SharePath": "C:\\ProgramData\\Microsoft\\Windows\\Containers\\BaseImages\\a132399d-901b-4af5-af28-9bf0fed54acd\\BaseLayer\\Files",
    "ShareFlags": 16867473,
    "ShareJson": "{\"Name\":\"os\",\"Path\":\"C:\\\\ProgramData\\\\Microsoft\\\\Windows\\\\Containers\\\\BaseImages\\\\a132399d-901b-4af5-af28-9bf0fed54acd\\\\BaseLayer\\\\Files\",\"Options\":{\"ReadOnly\":true,\"TakeBackupPrivilege\":true,\"NoLocks\":true,\"ReparseBaseLayer\":true,\"PseudoOplocks\":true,\"PseudoDirnotify\":true,\"SupportCloudFiles\":true}}"
  },
  "message": ""
}

Event ID 401 —

Provider: Microsoft-Windows-Hyper-V-VSmb
Channel: Operational
Opcode: Info

Fields #

Name	Description
`Message` AnsiString	—

Event ID 401 — Message.

Provider: Microsoft-Windows-Hyper-V-VSmb
Channel: Microsoft-Windows-Hyper-V-Worker-Analytic
Opcode: Info

Message #

%1

Fields #

Name	Description
`Message` AnsiString	—

Event ID 402 —

Provider: Microsoft-Windows-Hyper-V-VSmb
Channel: Operational
Opcode: Info

Fields #

Name	Description
`Message` AnsiString	—

Event ID 402 — Message.

Provider: Microsoft-Windows-Hyper-V-VSmb
Channel: Microsoft-Windows-Hyper-V-Worker-Analytic
Opcode: Info

Message #

%1

Fields #

Name	Description
`Message` AnsiString	—

Event ID 403 —

Provider: Microsoft-Windows-Hyper-V-VSmb
Channel: Operational
Opcode: Info

Fields #

Name	Description
`Message` AnsiString	—

Event ID 403 — Message.

Provider: Microsoft-Windows-Hyper-V-VSmb
Channel: Microsoft-Windows-Hyper-V-Worker-Analytic
Opcode: Info

Message #

%1

Fields #

Name	Description
`Message` AnsiString	—