Fields

Fields

Fields

Fields

Example Event

system:
  provider: Microsoft-Windows-IIS-W3SVC
  guid: '{05448E22-93DE-4A7A-BBA5-92E27486A8BE}'
  event_source_name: W3SVC
  event_id: 1007
  version: 0
  level: 2
  task: 0
  opcode: 0
  keywords: 36028797018963968
  time_created: '2022-04-04T14:08:17.969392+00:00'
  event_record_id: 1849
  correlation: {}
  execution:
    process_id: 0
    thread_id: 0
  channel: System
  computer: WIN-TKC15D7KHUR
  security:
    user_id: ''
event_data:
  UrlPrefix: http://*:80/
  SiteID: '2'
  Binary: B7000780
message: ''

References

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Message

Not used.

Message

Not used.

Message

Not used.

Message

Not used.

Message

Not used.

Message

Not used.

Message

Not used.

Message

Not used.

Message

Not used.

Message

Not used.

Message

Not used.

Message

Not used.

Message

Not used.

Message

Not used.

Message

Not used.

Message

Not used.

Message

Not used.

Message

Not used.

Message

The World Wide Web Publishing Service (WWW Service) did not configure logging for site %1. The data field contains the error number.

Message

The World Wide Web Publishing Service (WWW Service) failed to intialize performance counters properly. The performance counters will run, but counter data may be inaccurate. The data field contains the error number.

Message

Not used.

Message

Not used.

Message

Not used.

Message

Not used.

Message

The '%1' '%2' failed range validation for property '%3'.  The configured value '%4' is outside of the range '%5' to '%6'.  The value will default to '%7'.

Message

The AppPoolCommand property set for application pool '%1' is not a valid value.  The value is '%2'.  It must be either MD_APPPOOL_COMMAND_START = 1 or MD_APPPOOL_COMMAND_STOP = 2.

Message

The virtual site %1 is invalid because the World Wide Web Publishing Service (WWW Service) could not configure valid site bindings or no site bindings exist for the site.

Message

The virtual site %1 is invalid because the application pool ID for the site is null.

Message

Not Used.

Message

Not used.

Message

Not used.

Message

Not used.

Message

Not used.

Message

Not used.

Message

Not used.

Message

Not used.

Message

Not used.

Message

Not used.

Message

Not used.

Message

Not used.

Message

Not used.

Message

Not used.

Message

Not used.

Message

Not used.

Message

Not used.

Message

The World Wide Web Publishing Service (WWW Service) failed to enable global bandwidth throttling because QoS Packet Scheduler is not installed.

Message

The World Wide Web Publishing Service failed to enable bandwidth throttling on site '%1'.  The data field contains the error number.

Message

The World Wide Web Publishing Service failed to enable global bandwidth throttling because QoS Packet Scheduler is not installed or it's not running.

Message

Not used.

Message

Not used.

Message

The World Wide Web Publishing Service (WWW Service) has both centralized binary logging and centralized W3C logging enabled. Only one type of logging can be enabled at a time, so the system will default to central W3C logging.

Message

The World Wide Web Publishing Service (WWW Service) did not construct valid URLs for virtual site %1. Therefore, the virtual site %1 will be stopped. This can be caused by invalid characters in the site bindings. The following characters are not allowed in a site binding: "\"" "/" "\\" "[" "]" ":" "|" " " "<" ">" "+" "=" ";" "," "?" "*" "%" "#" "@" "{" "}" "^" "`". To fix this problem please remove invalid characters from the site bindings.

Message

Not used.

Message

The World Wide Web Publishing Service (WWW Service) did not register the URL prefix %1 for site %2. The URL may be invalid. The site has been disabled. The data field contains the error number.

Message

The World Wide Web Publishing Service (WWW Service) did not register the URL prefix %1 for site %2. The site has been disabled. The data field contains the error number.

Message

The World Wide Web Publishing Service (WWW Service) is stopping because it encountered an error. The data field contains the error number.

Message

Not used.

Message

The World Wide Web Publishing Service (WWW Service) did not register the URL prefix %1 for site %2. The necessary network binding may already be in use. The site has been disabled. The data field contains the error number.

Message

Not used.

Message

Not used.

Message

The World Wide Web Publishing Service was not able to initialize performance counters. The service will run without the performance counters. Please restart the World Wide Web Publishing Service to reinitialize the performance counters. The data field contains the error number.

Message

The World Wide Web Publishing Service (WWW Service) failed to configure the HTTP.SYS control channel property '%1' properly. The data field contains the error number.

Message

Not Used.

Message

Not used.

Message

The World Wide Web Publishing Service (WWW Service) encountered an error when it tried to secure the handle of application pool %1 from HTTP.sys. Edit the identification information for the application pool so that the WWW Service can secure the handle of the application pool again. The data field contains the error number.

Message

Application pool %1 has been disabled. The HTTP.sys request to enable the application pool failed. The data contains the error number.

Message

Not used.

Message

The World Wide Web Publishing Service (WWW Service) did not configure bindings for an application in site %1. The site has been disabled. The data field contains the error number.

Message

Not used.

Message

Not Used.

Message

The World Wide Web Publishing Service (WWW Service) did not configure logging properties for site %1. The site's log file directory path may be a mapped network path. Using a mapped network path as the site's log file directory is not supported by IIS. Use a UNC path instead.

Message

The World Wide Web Publishing Service (WWW Service) did not configure the logging properties for site %1. The site's log file directory may contain an invalid computer or share name.

Message

The World Wide Web Publishing Service (WWW Service) did not configure the logging properties for site %1. The server does not have permission to access the site's log file directory.

Message

The World Wide Web Publishing Service (WWW Service) did not configure the logging properties for site %1. The site's log file directory is not fully qualified, which may be because it is missing the drive letter or other important information.

Message

Not used.

Message

The HTTP control channel for the World Wide Web Publishing Service (WWW Service) did not open. The data field contains the error number.

Message

Not Used.

Message

Not Used.

Message

Not used.

Message

Not used.

Message

Not used.

Message

Not used.

Message

Not used.

Message

The World Wide Web Publishing Service (WWW Service) failed to configure the logging properties for the HTTP control channel. Logging Enabled is '%1'. Log File Directory is '%2'. Log Period is '%3'.  Log Truncate Size is '%4'. The data field contains the error number.

Message

Not used.

Message

Not used.

Message

Not used.

Message

HTTP.SYS provided inconsistent site performance counter data to the World Wide Web Publishing Service (WWW Service), so the WWW Service will ignore the data.

Message

Application pool %1 was not disabled. The HTTP.sys request to disable the application pool failed. The data contains the error number.

Message

Not used.

Message

The World Wide Web Publishing Service failed to properly configure the load balancer capabilities on application pool '%1'.  The data field contains the error number.

Message

The World Wide Web Publishing Service failed to properly configure the application pool queue length on app pool '%1'.  The data field contains the error number.

Message

Not used.

Message

The World Wide Web Publishing Service (WWW Service) did not issue a demand start to HTTP.sys for application pool %1.  The data field contains the error number.

Message

Not used.

Message

Not used.

Message

Not used.

Message

Not used.

Message

Not used.

Message

The World Wide Web Publishing Service failed to delete the config group for the application '%1' in site '%2'. The data field contains the error number.

Message

The World Wide Web Publishing Service failed to remove the urls for the application '%1' in virtual site '%2'.  The data field contains the error number.

Message

The World Wide Web Publishing Service failed to set the application pool for the application '%1' in site '%2'. The data field contains the error number.

Message

The World Wide Web Publishing Service failed to set the max connections for the virtual site '%1'.  The data field contains the error number.

Message

The World Wide Web Publishing Service failed to set the connection timeout for the virtual site '%1'.  The data field contains the error number.

Message

Not used.

Message

Not used.

Message

Not used.

Message

Not used.

Message

Not used.

Message

Not used.

Message

Not used.

Message

Not used.

Message

Not used.

Message

The World Wide Web Publishing Service (WWW Service) failed to set the filter configuration for the control channel. The data field contains the error number.

Message

Not used.

Message

Not used.

Message

Not used.

Message

Not used.

Message

Not used.

Message

Not used.

Message

Not used.

Message

Not used.

Message

Not used.

Message

The World Wide Web Publishing Service (WWW Service) failed to obtain cache counters from HTTP.SYS. The performance counters that were reported do not include performance counters for this gathering from HTTP.SYS. The data field contains the error number.

Message

The World Wide Web Publishing Service (WWW Service) failed to obtain site performance counters from HTTP.SYS. The performance counters that were reported do not include counters for this gathering from HTTP.SYS. The data field contains the error number.

Message

The World Wide Web Publishing Service (WWW Service) failed to publish the performance counters that it gathered from HTTP.SYS. The data field contains the error number.

Message

The World Wide Web Publishing Service (WWW Service) failed to cancel the timer for gathering performance counters. The data field contains the error number.

Message

The World Wide Web Publishing Service (WWW Service) failed to cancel the timer for the performance counter. The data field contains the error number.

Message

The World Wide Web Publishing Service (WWW Service) failed to start the timer for gathering performance counters. The data field contains the error number.

Message

The World Wide Web Publishing Service (WWW Service) failed to copy a change notification for processing, so the service may not be in sync with data currently in the IIS configuration store. The data field contains the error number.

Message

The World Wide Web Publishing Service (WWW Service) failed to initialize ASP performance counters.  The service will run without ASP performance counters.  Restart the WWW Service to start ASP performance counter gathering.  The data field contains the error number.

Message

The World Wide Web Publishing Service (WWW Service) did not register the URL prefix %1 for site %2. Either the network endpoint for the site's IP address could not be created or the IP listen list for HTTP.sys did not have any usable IP addresses. The site has been disabled. The data field contains the error number.

Message

The World Wide Web Publishing Service (WWW Service) did not register the URL prefix %1 for site %2. The IP address for the site is not in the HTTP.sys IP listen list. The site has been disabled. The data field contains the error number.

Message

The World Wide Web Publishing Service (WWW Service) did not register the URL prefix %1 for site %2. HTTP.sys has been configured to listen to too many ports. The site has been disabled. The data field contains the error number.

Message

The World Wide Web Publishing Service (WWW Service) failed to configure centralized W3C logging properly. The data field contains the error number.

Message

The World Wide Web Publishing Service (WWW Service) failed to configure the centralized W3C logging properties on the HTTP control channel. Logging Enabled is '%1'. Log File Directory is '%2'. Log Period is '%3'. Log Truncate Size is '%4'. Log Ext File Flags is '%5'. Local Time Rollover is '%6'. The data field contains the error number.

Message

The World Wide Web Publishing Service (WWW Service) did not create a relationship between %1 and application %2 in site %3. The site will be stopped because the WWW Service cannot notify HTTP.sys about the application. The data field contains the error number.

Message

The World Wide Web Publishing Service (WWW Service) did not initialize the HTTP driver, and was unable start. Please verify that the HTTP service is in an executable state.  The data field contains the error number.

Message

The World Wide Web Publishing Service (WWW Service) failed to create binding string for site %1. Please verify that site binding (%2) is in correct format and do not contain any invalid characters.

Message

The World Wide Web Publishing Service (WWW Service) failed to enable end point sharing for the HTTP control channel. The data field contains the error number.

Message

The World Wide Web Publishing Service (WWW Service) failed to start dynamic site registration handler. The data field contains the error number.

Message

The World Wide Web Publishing Service (WWW Service) failed to update dynamic site registration handler from configuration change. The data field contains the error number.