Microsoft-Windows-IIS-Configuration

104 events across 5 channels

Event ID	Title	Channel
3		Operational
3	A cache node for '.	Debug
7		Operational
7	Configuration cache is handling change notification for '.	Analytic
8		Operational
8	Configuration cache is polling for changes at '.	Analytic
9		Operational
9	Configuration cache is discarding all config files whose configuration path is …	Debug
10		Operational
10	An error has occurred.	Administrative
12		Operational
12	Unable to find schema for config section '.	Administrative
13		Operational
13	Parsing config file '.	Analytic
14		Operational
14	MACHINE/WEBROOT/APPHOST configuration redirection has been enabled.	Analytic
15		Operational
15	Attempting to open file or directory '.	Debug
16		Operational
16	An impersonation token with handle '.	Debug
17		Operational
17	File change notification monitor that watches for changes in '.	Debug
18		Operational
18	File change notification monitor that watches for changes in '.	Debug
19		Operational
19	File change notification monitor that watches for changes in '.	Debug
20		Operational
20	File change notification monitor that watches for changes in '.	Analytic
21		Operational
21	File change notification monitor that watches for changes in '.	Debug
23		Operational
23	A change listener of type '.	Debug
24		Operational
24	During schema file enumeration, the file '.	Analytic
25		Operational
25	The virtual path '.	Analytic
27		Operational
27	The '.	Analytic
28		Operational
28	Thread is impersonating an access token belonging to handle '.	Debug
29		Operational
29	Changes to '.	Operational
30		Operational
30	Failed to commit changes to '.	Administrative
33		Operational
33	Unable to locate IIS_Schema.	Administrative
36		Operational
36	Handle '.	Debug
37		Operational
37	Unable to locate a site with SiteName '.	Analytic
38		Operational
38	Unable to locate a site with SiteId '.	Analytic
39		Operational
39	The SiteId '.	Administrative
40		Operational
40	The SiteName '.	Administrative
41		Operational
41	Failed to instantiate '.	Administrative
42		Operational
42	Failed to initialize the '.	Administrative
43		Operational
43	Failed to encrypt attribute '.	Administrative
44		Operational
44	Failed to decrypt attribute '.	Administrative
45		Operational
45	Unable to map '.	Analytic
46		Operational
46	Virtual directory mapping from '.	Analytic
47		Operational
47	The location of the configuration file whose config path is '.	Analytic
49		Operational
49	Config/child source file for configuration '.	Analytic
50		Operational
50	Changes have successfully been committed to '.	Operational
51		Operational
51	Failed to commit changes to '.	Administrative
52		Operational
52	Checking whether file '.	Analytic
53		Operational
53	Unable to create a path mapping for the virtual directory, /system.	Administrative
54		Operational
54	A commit operation has been initiated.	Analytic
55		Operational
55	A commit operation has completed.	Analytic
56		Operational
56	A kernel transaction for a commit operation has been created.	Debug
57		Operational
57	Failed to create a kernel transaction for the commit operation.	Analytic
58		Operational
58	Changes have successfully been committed with a kernel transaction.	Debug
59		Operational
59	Failed to commit the changes with a kernel transaction.	Analytic
60		Operational
60	A file write operation in a commit operation has been initiated.	Debug
61		Operational
61	The contents of the file '.	Debug
62		Operational
62	The contents of the file '.	Debug
63		Operational
63	The new contents of the file '.	Debug
64		Operational
64	A file write operation in a commit operation has completed.	Debug
65		Operational
65	A change listener of type '.	Debug

Event ID 3 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Fields

Name	Description
`Address`	—
`ConfigCacheAddress`	—
`ConfigPath`	—
`FileChangeNotificationMonitorAddress`	—
`ConfigFileAddress`	—
`PhysicalPath`	—

Event ID 3 — A cache node for '.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Debug

Message

A cache node for '%3' has been added to cache.

Fields

Name	Description
`Address`	—
`ConfigCacheAddress`	—
`ConfigPath`	—
`FileChangeNotificationMonitorAddress`	—
`ConfigFileAddress`	—
`PhysicalPath`	—

Event ID 7 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Fields

Name	Description
`ConfigPath`	—

Event ID 7 — Configuration cache is handling change notification for '.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Analytic

Message

Configuration cache is handling change notification for '%1'.

Fields

Name	Description
`ConfigPath`	—

Event ID 8 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Fields

Name	Description
`ConfigPath`	—

Event ID 8 — Configuration cache is polling for changes at '.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Analytic

Message

Configuration cache is polling for changes at '%1'.

Fields

Name	Description
`ConfigPath`	—

Event ID 9 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Fields

Name	Description
`ConfigPath`	—

Event ID 9 — Configuration cache is discarding all config files whose configuration path is equal to or a subpath of '.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Debug

Message

Configuration cache is discarding all config files whose configuration path is equal to or a subpath of '%1'.

Fields

Name	Description
`ConfigPath`	—

Event ID 10 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Fields

Name	Description
`HRESULT`	—
`PhysicalPath`	—
`Type`	—
`Message`	—
`LineNumber`	—
`PreviousLine`	—
`ErrorLine`	—
`NextLine`	—

Event ID 10 — An error has occurred.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Administrative

Message

An error has occurred: %4

Fields

Name	Description
`HRESULT`	—
`PhysicalPath`	—
`Type`	—
`Message`	—
`LineNumber`	—
`PreviousLine`	—
`ErrorLine`	—
`NextLine`	—

Event ID 12 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Fields

Name	Description
`PhysicalPath`	—
`FileConfigPath`	—
`EffectiveLocationPath`	—
`SectionPath`	—

Event ID 12 — Unable to find schema for config section '.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Administrative

Message

Unable to find schema for config section '%4'. This section will be ignored.

Fields

Name	Description
`PhysicalPath`	—
`FileConfigPath`	—
`EffectiveLocationPath`	—
`SectionPath`	—

Event ID 13 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Fields

Name	Description
`ConfigFileObjectAddress`	—
`PhysicalPath`	—
`ConfigPath`	—
`CryptoImpersonationToken`	—
`FileImpersonationToken`	—
`LastModifiedTime`	—
`FileSize`	—

Event ID 13 — Parsing config file '.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Analytic

Message

Parsing config file '%2'.

Fields

Name	Description
`ConfigFileObjectAddress`	—
`PhysicalPath`	—
`ConfigPath`	—
`CryptoImpersonationToken`	—
`FileImpersonationToken`	—
`LastModifiedTime`	—
`FileSize`	—

Event ID 14 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Fields

Name	Description
`RedirectionPath`	—
`Username`	—
`Password`	—

Event ID 14 — MACHINE/WEBROOT/APPHOST configuration redirection has been enabled.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Analytic

Message

MACHINE/WEBROOT/APPHOST configuration redirection has been enabled. The redirected physical path is '%1'.

Fields

Name	Description
`RedirectionPath`	—
`Username`	—
`Password`	—

Event ID 15 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Fields

Name	Description
`CallSite`	—
`lpFileName`	—
`dwDesiredAccess`	—
`dwShareMode`	—
`dwCreationDisposition`	—
`dwFlagsAndAttributes`	—
`IsTransacted`	—
`Handle`	—
`GetLastError`	—

Event ID 15 — Attempting to open file or directory '.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Debug

Message

Attempting to open file or directory '%2'.

Fields

Name	Description
`CallSite`	—
`lpFileName`	—
`dwDesiredAccess`	—
`dwShareMode`	—
`dwCreationDisposition`	—
`dwFlagsAndAttributes`	—
`IsTransacted`	—
`Handle`	—
`GetLastError`	—

Event ID 16 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Fields

Name	Description
`Domain`	—
`User`	—
`Password`	—
`TokenHandle`	—

Event ID 16 — An impersonation token with handle '.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Debug

Message

An impersonation token with handle '%4' for the credentials of '%1\%2' has been created.

Fields

Name	Description
`Domain`	—
`User`	—
`Password`	—
`TokenHandle`	—

Event ID 17 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Fields

Name	Description
`Address`	—
`ConfigPath`	—
`Directory`	—
`File`	—
`WatchSubPaths`	—
`IsPollingMonitor`	—
`IsSchemaFileMonitor`	—

Event ID 17 — File change notification monitor that watches for changes in '.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Debug

Message

File change notification monitor that watches for changes in '%3' has been created.

Fields

Name	Description
`Address`	—
`ConfigPath`	—
`Directory`	—
`File`	—
`WatchSubPaths`	—
`IsPollingMonitor`	—
`IsSchemaFileMonitor`	—

Event ID 18 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Fields

Name	Description
`Address`	—
`ConfigPath`	—
`Directory`	—
`File`	—
`WatchSubPaths`	—
`IsPollingMonitor`	—
`IsSchemaFileMonitor`	—

Event ID 18 — File change notification monitor that watches for changes in '.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Debug

Message

File change notification monitor that watches for changes in '%3' has blocked waiting for file changes.

Fields

Name	Description
`Address`	—
`ConfigPath`	—
`Directory`	—
`File`	—
`WatchSubPaths`	—
`IsPollingMonitor`	—
`IsSchemaFileMonitor`	—

Event ID 19 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Fields

Name	Description
`Address`	—
`ConfigPath`	—
`Directory`	—
`File`	—
`WatchSubPaths`	—
`IsPollingMonitor`	—
`IsSchemaFileMonitor`	—

Event ID 19 — File change notification monitor that watches for changes in '.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Debug

Message

File change notification monitor that watches for changes in '%3' received a change notification.

Fields

Name	Description
`Address`	—
`ConfigPath`	—
`Directory`	—
`File`	—
`WatchSubPaths`	—
`IsPollingMonitor`	—
`IsSchemaFileMonitor`	—

Event ID 20 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Fields

Name	Description
`Address`	—
`ConfigPath`	—
`Directory`	—
`File`	—
`WatchSubPaths`	—
`IsPollingMonitor`	—
`IsSchemaFileMonitor`	—

Event ID 20 — File change notification monitor that watches for changes in '.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Analytic

Message

File change notification monitor that watches for changes in '%3' is processing notified changes.

Fields

Name	Description
`Address`	—
`ConfigPath`	—
`Directory`	—
`File`	—
`WatchSubPaths`	—
`IsPollingMonitor`	—
`IsSchemaFileMonitor`	—

Event ID 21 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Fields

Name	Description
`Address`	—
`ConfigPath`	—
`Directory`	—
`File`	—
`WatchSubPaths`	—
`IsPollingMonitor`	—
`IsSchemaFileMonitor`	—

Event ID 21 — File change notification monitor that watches for changes in '.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Debug

Message

File change notification monitor that watches for changes in '%3' has been destroyed.

Fields

Name	Description
`Address`	—
`ConfigPath`	—
`Directory`	—
`File`	—
`WatchSubPaths`	—
`IsPollingMonitor`	—
`IsSchemaFileMonitor`	—

Event ID 23 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Fields

Name	Description
`TargetAddress`	—
`TargetType`	—
`ConfigPath`	—
`IsGranular`	—
`IsApplicationSpecific`	—
`IsLocationTag`	—

Event ID 23 — A change listener of type '.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Debug

Message

A change listener of type '%2' is being informed about a configuration change at '%3'.

Fields

Name	Description
`TargetAddress`	—
`TargetType`	—
`ConfigPath`	—
`IsGranular`	—
`IsApplicationSpecific`	—
`IsLocationTag`	—

Event ID 24 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Fields

Name	Description
`PhysicalPath`	—
`LastModifiedTime`	—
`FileSize`	—

Event ID 24 — During schema file enumeration, the file '.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Analytic

Message

During schema file enumeration, the file '%1' was detected in the schema directory.

Fields

Name	Description
`PhysicalPath`	—
`LastModifiedTime`	—
`FileSize`	—

Event ID 25 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Fields

Name	Description
`ConfigPath`	—
`PhysicalPath`	—

Event ID 25 — The virtual path '.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Analytic

Message

The virtual path '%1' has been mapped to the physical path '%2'.

Fields

Name	Description
`ConfigPath`	—
`PhysicalPath`	—

Event ID 27 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Fields

Name	Description
`FileConfigPath`	—
`EffectiveLocationPath`	—
`CallSite`	—
`Address`	—
`TargetName`	—
`MetadataName`	—
`Value`	—

Event ID 27 — The '.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Analytic

Message

The '%6' metadata of a configuration system object was set to '%7'.

Fields

Name	Description
`FileConfigPath`	—
`EffectiveLocationPath`	—
`CallSite`	—
`Address`	—
`TargetName`	—
`MetadataName`	—
`Value`	—

Event ID 28 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Fields

Name	Description
`OriginalImpersonationTokenHandle`	—
`ImpersonationTokenHandle`	—

Event ID 28 — Thread is impersonating an access token belonging to handle '.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Debug

Message

Thread is impersonating an access token belonging to handle '%2'.

Fields

Name	Description
`OriginalImpersonationTokenHandle`	—
`ImpersonationTokenHandle`	—

Event ID 29 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Fields

Name	Description
`PhysicalPath`	—
`ConfigPath`	—
`EffectiveLocationPath`	—
`Configuration`	—
`EditOperationType`	—
`OldValue`	—
`NewValue`	—

Sigma Rules

ETW Logging/Processing Option Disabled On IIS Server
Detects changes to of the IIS server configuration in order to disable/remove the ETW logging/processing option.
HTTP Logging Disabled On IIS Server
Detects changes to of the IIS server configuration in order to disable HTTP logging for successful requests.
New Module Module Added To IIS Server
Detects the addition of a new module to an IIS server.
Previously Installed IIS Module Was Removed
Detects the removal of a previously installed IIS module.

Event ID 29 — Changes to '.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Message

Changes to '%4' at '%2' have successfully been committed.

Fields

Name	Description
`PhysicalPath`	—
`ConfigPath`	—
`EffectiveLocationPath`	—
`Configuration`	—
`EditOperationType`	—
`OldValue`	—
`NewValue`	—

Sigma Rules

ETW Logging/Processing Option Disabled On IIS Server
Detects changes to of the IIS server configuration in order to disable/remove the ETW logging/processing option.
HTTP Logging Disabled On IIS Server
Detects changes to of the IIS server configuration in order to disable HTTP logging for successful requests.
New Module Module Added To IIS Server
Detects the addition of a new module to an IIS server.
Previously Installed IIS Module Was Removed
Detects the removal of a previously installed IIS module.

Event ID 30 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Fields

Name	Description
`PhysicalPath`	—
`ConfigPath`	—
`EffectiveLocationPath`	—
`Configuration`	—
`EditOperationType`	—
`OldValue`	—
`NewValue`	—

Event ID 30 — Failed to commit changes to '.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Administrative

Message

Failed to commit changes to '%4' at '%2'.

Fields

Name	Description
`PhysicalPath`	—
`ConfigPath`	—
`EffectiveLocationPath`	—
`Configuration`	—
`EditOperationType`	—
`OldValue`	—
`NewValue`	—

Event ID 33 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Fields

Name	Description
`PhysicalPath`	—

Event ID 33 — Unable to locate IIS_Schema.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Administrative

Message

Unable to locate IIS_Schema.xml in '%1'.

Fields

Name	Description
`PhysicalPath`	—

Event ID 36 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Fields

Name	Description
`CallSite`	—
`hSourceHandle`	—
`hTargetHandle`	—

Event ID 36 — Handle '.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Debug

Message

Handle '%2' duplicated to '%3'

Fields

Name	Description
`CallSite`	—
`hSourceHandle`	—
`hTargetHandle`	—

Event ID 37 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Fields

Name	Description
`SiteName`	—

Event ID 37 — Unable to locate a site with SiteName '.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Analytic

Message

Unable to locate a site with SiteName '%1'.

Fields

Name	Description
`SiteName`	—

Event ID 38 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Fields

Name	Description
`Id`	—

Event ID 38 — Unable to locate a site with SiteId '.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Analytic

Message

Unable to locate a site with SiteId '%1'.

Fields

Name	Description
`Id`	—

Event ID 39 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Fields

Name	Description
`Id`	—

Event ID 39 — The SiteId '.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Administrative

Message

The SiteId '%1' has been assigned to more than one site. Please change your configuration such that each site is assigned a unique SiteId.

Fields

Name	Description
`Id`	—

Event ID 40 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Fields

Name	Description
`SiteName`	—

Event ID 40 — The SiteName '.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Administrative

Message

The SiteName '%1' has been assigned to more than one site. Please change your configuration such that each site is assigned a unique SiteName.

Fields

Name	Description
`SiteName`	—

Event ID 41 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Fields

Name	Description
`Configuration`	—
`CLSID`	—
`ProgId`	—
`HRESULT`	—

Event ID 41 — Failed to instantiate '.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Administrative

Message

Failed to instantiate '%3' when attempting to populate dynamic configuration for '%1'. This COM component may not be registered.

Fields

Name	Description
`Configuration`	—
`CLSID`	—
`ProgId`	—
`HRESULT`	—

Event ID 42 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Fields

Name	Description
`PhysicalPath`	—
`FileConfigPath`	—
`ProviderName`	—
`ProviderType`	—
`Blob`	—
`ErrorType`	—
`HRESULT`	—

Event ID 42 — Failed to initialize the '.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Administrative

Message

Failed to initialize the '%3' encryption provider in '%1'. Please check your configuration.

Fields

Name	Description
`PhysicalPath`	—
`FileConfigPath`	—
`ProviderName`	—
`ProviderType`	—
`Blob`	—
`ErrorType`	—
`HRESULT`	—

Event ID 43 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Fields

Name	Description
`PhysicalPath`	—
`FileConfigPath`	—
`ProviderName`	—
`ProviderType`	—
`Blob`	—
`ErrorType`	—
`HRESULT`	—

Event ID 43 — Failed to encrypt attribute '.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Administrative

Message

Failed to encrypt attribute '%4'.

Fields

Name	Description
`PhysicalPath`	—
`FileConfigPath`	—
`ProviderName`	—
`ProviderType`	—
`Blob`	—
`ErrorType`	—
`HRESULT`	—

Event ID 44 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Fields

Name	Description
`PhysicalPath`	—
`FileConfigPath`	—
`ProviderName`	—
`ProviderType`	—
`Blob`	—
`ErrorType`	—
`HRESULT`	—

Event ID 44 — Failed to decrypt attribute '.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Administrative

Message

Failed to decrypt attribute '%4'.

Fields

Name	Description
`PhysicalPath`	—
`FileConfigPath`	—
`ProviderName`	—
`ProviderType`	—
`Blob`	—
`ErrorType`	—
`HRESULT`	—

Event ID 45 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Fields

Name	Description
`ConfigPath`	—

Event ID 45 — Unable to map '.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Analytic

Message

Unable to map '%1' to the subpath of any known virtual directory.

Fields

Name	Description
`ConfigPath`	—

Event ID 46 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Fields

Name	Description
`SiteName`	—
`ApplicationPath`	—
`VirtualDirectoryPath`	—
`RelativeVirtualPath`	—
`PhysicalPath`	—

Event ID 46 — Virtual directory mapping from '.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Analytic

Message

Virtual directory mapping from '%4' to '%5' created.

Fields

Name	Description
`SiteName`	—
`ApplicationPath`	—
`VirtualDirectoryPath`	—
`RelativeVirtualPath`	—
`PhysicalPath`	—

Event ID 47 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Fields

Name	Description
`ConfigPath`	—
`Directory`	—
`Filename`	—
`ImpersonationToken`	—
`IsCustomMapping`	—

Event ID 47 — The location of the configuration file whose config path is '.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Analytic

Message

The location of the configuration file whose config path is '%1' was mapped to '%2'.

Fields

Name	Description
`ConfigPath`	—
`Directory`	—
`Filename`	—
`ImpersonationToken`	—
`IsCustomMapping`	—

Event ID 49 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Fields

Name	Description
`CallSite`	—
`PhysicalPath`	—
`FileConfigPath`	—
`EffectiveLocationPath`	—
`ConfigurationElementName`	—
`ConfigSourceFilePath`	—
`LastModifiedTime`	—

Event ID 49 — Config/child source file for configuration '.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Analytic

Message

Config/child source file for configuration '%6' specified in '%2' is being loaded.

Fields

Name	Description
`CallSite`	—
`PhysicalPath`	—
`FileConfigPath`	—
`EffectiveLocationPath`	—
`ConfigurationElementName`	—
`ConfigSourceFilePath`	—
`LastModifiedTime`	—

Event ID 50 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Fields

Name	Description
`ConfigPath`	—

Event ID 50 — Changes have successfully been committed to '.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Message

Changes have successfully been committed to '%1'.

Fields

Name	Description
`ConfigPath`	—

Event ID 51 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Fields

Name	Description
`ConfigPath`	—
`PhysicalPath`	—
`FileExistsInMemory`	—
`FileLastModifiedTimeInMemory`	—
`FileSizeInMemory`	—
`FileExistsOnDisk`	—
`FileLastModifiedTimeOnDisk`	—
`FileSizeOnDisk`	—
`IsInMemoryViewOfFileRecent`	—

Event ID 51 — Failed to commit changes to '.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Administrative

Message

Failed to commit changes to '%2' because file on the disk has been changed.

Fields

Name	Description
`ConfigPath`	—
`PhysicalPath`	—
`FileExistsInMemory`	—
`FileLastModifiedTimeInMemory`	—
`FileSizeInMemory`	—
`FileExistsOnDisk`	—
`FileLastModifiedTimeOnDisk`	—
`FileSizeOnDisk`	—
`IsInMemoryViewOfFileRecent`	—

Event ID 52 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Fields

Name	Description
`ConfigPath`	—
`PhysicalPath`	—
`FileExistsInMemory`	—
`FileLastModifiedTimeInMemory`	—
`FileSizeInMemory`	—
`FileExistsOnDisk`	—
`FileLastModifiedTimeOnDisk`	—
`FileSizeOnDisk`	—
`IsInMemoryViewOfFileRecent`	—

Event ID 52 — Checking whether file '.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Analytic

Message

Checking whether file '%2' has changed on the disk returned '%9'.

Fields

Name	Description
`ConfigPath`	—
`PhysicalPath`	—
`FileExistsInMemory`	—
`FileLastModifiedTimeInMemory`	—
`FileSizeInMemory`	—
`FileExistsOnDisk`	—
`FileLastModifiedTimeOnDisk`	—
`FileSizeOnDisk`	—
`IsInMemoryViewOfFileRecent`	—

Event ID 53 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Fields

Name	Description
`SiteName`	—
`ApplicationPath`	—
`VirtualDirectoryPath`	—
`RelativeVirtualPath`	—
`PhysicalPath`	—

Event ID 53 — Unable to create a path mapping for the virtual directory, /system.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Administrative

Message

Unable to create a path mapping for the virtual directory, /system.applicationHost/sites/site[@name='%1']/application[@path='%2']/virtualDirectory[@path='%3'] because the mapping with the relative virtual path, '%5' was already created for another virtual directory.

Fields

Name	Description
`SiteName`	—
`ApplicationPath`	—
`VirtualDirectoryPath`	—
`RelativeVirtualPath`	—
`PhysicalPath`	—

Event ID 54 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Event ID 54 — A commit operation has been initiated.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Analytic

Message

A commit operation has been initiated.

Event ID 55 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Fields

Name	Description
`HRESULT`	—

Event ID 55 — A commit operation has completed.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Analytic

Message

A commit operation has completed. The status code is: '%1'.

Fields

Name	Description
`HRESULT`	—

Event ID 56 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Fields

Name	Description
`Handle`	—
`HRESULT`	—

Event ID 56 — A kernel transaction for a commit operation has been created.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Debug

Message

A kernel transaction for a commit operation has been created.

Fields

Name	Description
`Handle`	—
`HRESULT`	—

Event ID 57 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Fields

Name	Description
`HRESULT`	—

Event ID 57 — Failed to create a kernel transaction for the commit operation.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Analytic

Message

Failed to create a kernel transaction for the commit operation. The commit operation will proceed without a kernel transaction.

Fields

Name	Description
`HRESULT`	—

Event ID 58 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Fields

Name	Description
`Handle`	—
`HRESULT`	—

Event ID 58 — Changes have successfully been committed with a kernel transaction.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Debug

Message

Changes have successfully been committed with a kernel transaction.

Fields

Name	Description
`Handle`	—
`HRESULT`	—

Event ID 59 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Fields

Name	Description
`Handle`	—
`HRESULT`	—

Event ID 59 — Failed to commit the changes with a kernel transaction.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Analytic

Message

Failed to commit the changes with a kernel transaction. The changes will be reverted.

Fields

Name	Description
`Handle`	—
`HRESULT`	—

Event ID 60 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Event ID 60 — A file write operation in a commit operation has been initiated.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Debug

Message

A file write operation in a commit operation has been initiated.

Event ID 61 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Fields

Name	Description
`Handle`	—
`PhysicalPath`	—
`ConfigPath`	—
`RemainingRetryCount`	—
`HRESULT`	—

Event ID 61 — The contents of the file '.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Debug

Message

The contents of the file '%2' could not be erased. The operation will be tried '%4' more time(s).

Fields

Name	Description
`Handle`	—
`PhysicalPath`	—
`ConfigPath`	—
`RemainingRetryCount`	—
`HRESULT`	—

Event ID 62 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Fields

Name	Description
`Handle`	—
`PhysicalPath`	—
`ConfigPath`	—
`HRESULT`	—

Event ID 62 — The contents of the file '.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Debug

Message

The contents of the file '%2' have successfully been erased. The size of the file is now zero.

Fields

Name	Description
`Handle`	—
`PhysicalPath`	—
`ConfigPath`	—
`HRESULT`	—

Event ID 63 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Fields

Name	Description
`Handle`	—
`PhysicalPath`	—
`ConfigPath`	—
`SizeInBytes`	—
`HRESULT`	—

Event ID 63 — The new contents of the file '.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Debug

Message

The new contents of the file '%2' could not be written to.

Fields

Name	Description
`Handle`	—
`PhysicalPath`	—
`ConfigPath`	—
`SizeInBytes`	—
`HRESULT`	—

Event ID 64 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Fields

Name	Description
`HRESULT`	—

Event ID 64 — A file write operation in a commit operation has completed.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Debug

Message

A file write operation in a commit operation has completed. The status code is: '%1'.

Fields

Name	Description
`HRESULT`	—

Event ID 65 —

Provider: Microsoft-Windows-IIS-Configuration
Channel: Operational

Fields

Name	Description
`TargetAddress`	—
`TargetType`	—
`ConfigPath`	—
`IsGranular`	—
`IsApplicationSpecific`	—
`IsLocationTag`	—

Event ID 65 — A change listener of type '.

Provider: Microsoft-Windows-IIS-Configuration
Channel: Debug

Message

A change listener of type '%2' has been informed about a configuration change at '%3'.

Fields

Name	Description
`TargetAddress`	—
`TargetType`	—
`ConfigPath`	—
`IsGranular`	—
`IsApplicationSpecific`	—
`IsLocationTag`	—