Microsoft-Windows-LoadPerf

53 events across 1 channel

Event ID	Title	Channel
1000	Performance counters for the WmiApRpl!	Application
1001	Performance counters for the WmiApRpl!	Application
1002	Performance counters for the http://schemas.	Application
2001	No MOF file param2 was created for the param1 service.	Application
2002	The MOF file created for the param1 service could not be loaded.	Application
2003	The MOF file created for the param1 service cannot be deleted as requested.	Application
2004	The Performance registry value param1 string is corrupted.	Application
2005	No COUNTER/HELP definition for Language param1.	Application
2006	The LastCounter and LastHelp values of the performance registry are corrupted …	Application
2007	Cannot repair performance counters for param1 service.	Application
3000	The performance strings in the registry do not match the index values stored in …	Application
3001	The performance counter name string value in the registry is not formatted …	Application
3002	The performance counter explain text string value in the registry is not …	Application
3003	Unable to install counter strings because the param1 key could not be opened or …	Application
3004	Unable to read the param1 registry value.	Application
3005	Unable to open the registry key for the performance counter strings defined for …	Application
3006	Unable to read the performance counter strings defined for the param1 language …	Application
3007	Unable to read the performance counter explain text strings defined for the …	Application
3008	Unable to allocate a required memory buffer.	Application
3009	Installing the performance counter strings for service param1 (param2) failed.	Application
3011	Unloading the performance counter strings for service param1 (param2) failed.	Application
3012	The performance strings in the Performance registry value is corrupted when …	Application
3013	Unable to update the performance counter strings defined for the param1 language …	Application
3014	Unable to update the performance counter explain text strings of the param1 …	Application
3015	Index for param1 is corrupted.	Application
3016	Cannot update param1 value of param2 key.	Application
3017	Cannot update param1 value of param2 key.	Application
3018	param1 index range of service param2 is corrupted.	Application
1073742824	Performance counters for the {param1} ({param2}) service were loaded …	Application
1073742825	Performance counters for the {param1} ({param2}) service were removed …	Application
1073742826	Performance counters for the {param1} ({param2}) service are already in the …	Application
2147485649	No MOF file {param2} was created for the {param1} service.	Application
2147485650	The MOF file created for the {param1} service could not be loaded.	Application
2147485651	The MOF file created for the {param1} service cannot be deleted as requested.	Application
2147485652	The Performance registry value {param1} string is corrupted.	Application
2147485653	No COUNTER/HELP definition for Language {param1}.	Application
2147485655	Cannot repair performance counters for {param1} service.	Application
3221228473	The performance counter name string value in the registry is not formatted …	Application
3221228474	The performance counter explain text string value in the registry is not …	Application
3221228475	Unable to install counter strings because the {param1} key could not be opened …	Application
3221228476	Unable to read the {param1} registry value.	Application
3221228477	Unable to open the registry key for the performance counter strings defined for …	Application
3221228478	Unable to read the performance counter strings defined for the {param1} language …	Application
3221228479	Unable to read the performance counter explain text strings defined for the …	Application
3221228481	Installing the performance counter strings for service {param1} ({param2}) …	Application
3221228483	Unloading the performance counter strings for service {param1} ({param2}) …	Application
3221228484	The performance strings in the Performance registry value is corrupted when …	Application
3221228485	Unable to update the performance counter strings defined for the {param1} …	Application
3221228486	Unable to update the performance counter explain text strings of the {param1} …	Application
3221228487	Index for {param1} is corrupted.	Application
3221228488	Cannot update {param1} value of {param2} key.	Application
3221228489	Cannot update {param1} value of {param2} key.	Application
3221228490	{param1} index range of service {param2} is corrupted.	Application

Event ID 1000 — Performance counters for the WmiApRpl!

Provider: Microsoft-Windows-LoadPerf
Channel: Application
Level: Informational

Description

Performance counters for the () service were loaded successfully. The Record Data in the data section contains the new index values assigned to this service.

Message #

Performance counters for the %1 (%2) service were loaded successfully. The Record Data in the data section contains the new index values assigned to this service.

Fields #

Name	Description
`EventXML.param1`	—
`EventXML.param2`	—
`EventXML.binaryDataSize`	—
`EventXML.binaryData`	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-LoadPerf",
    "guid": "122EE297-BB47-41AE-B265-1CA8D1886D40",
    "event_source_name": "",
    "event_id": 1000,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2022-04-07T16:59:11.051894+00:00",
    "event_record_id": 207,
    "correlation": {},
    "execution": {
      "process_id": 4204,
      "thread_id": 4208
    },
    "channel": "Application",
    "computer": "WIN-FPV0DSIC9O6.lab.local",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "user_data": {
    "EventXML": {
      "param1": "WmiApRpl",
      "param2": "WmiApRpl",
      "binaryDataSize": 16,
      "binaryData": "7igAAJQpAADvKAAAlSkAAA=="
    }
  },
  "message": "Performance counters for the WmiApRpl!s! (WmiApRpl!s!) service were loaded successfully. The Record Data in the data section contains the new index values assigned to this service."
}

References #

Example event sourced from https://github.com/Yamato-Security/hayabusa-sample-evtx

Event ID 1001 — Performance counters for the WmiApRpl!

Provider: Microsoft-Windows-LoadPerf
Channel: Application
Level: Informational

Description

Performance counters for the () service were removed successfully. The Record Data contains the new values of the system Last Counter and Last Help registry entries.

Message #

Performance counters for the %1 (%2) service were removed successfully. The Record Data contains the new values of the system Last Counter and Last Help registry entries.

Fields #

Name	Description
`EventXML.param1`	—
`EventXML.param2`	—
`EventXML.binaryDataSize`	—
`EventXML.binaryData`	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-LoadPerf",
    "guid": "122EE297-BB47-41AE-B265-1CA8D1886D40",
    "event_source_name": "",
    "event_id": 1001,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2022-04-07T16:59:10.681381+00:00",
    "event_record_id": 206,
    "correlation": {},
    "execution": {
      "process_id": 4204,
      "thread_id": 4208
    },
    "channel": "Application",
    "computer": "WIN-FPV0DSIC9O6.lab.local",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "user_data": {
    "EventXML": {
      "param1": "WmiApRpl",
      "param2": "WmiApRpl",
      "binaryDataSize": 12,
      "binaryData": "7CgAAO0oAADSBQAA"
    }
  },
  "message": "Performance counters for the WmiApRpl!s! (WmiApRpl!s!) service were removed successfully. The Record Data contains the new values of the system Last Counter and Last Help registry entries."
}

References #

Example event sourced from https://github.com/Yamato-Security/hayabusa-sample-evtx

Event ID 1002 — Performance counters for the http://schemas.

Provider: Microsoft-Windows-LoadPerf
Channel: Application
Level: Informational

Description

Performance counters for the () service are already in the registry, no need to reinstall. This only happens when you install the same counter twice. The second time install will generate this event.

Message #

Performance counters for the %1 (%2) service are already in the registry, no need to reinstall. This only happens when you install the same counter twice. The second time install will generate this event.

Fields #

Name	Description
`EventXML.xmlns:auto-ns2`	—
`EventXML.param1`	—
`EventXML.param2`	—
`EventXML.binaryDataSize`	—
`EventXML.binaryData`	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-LoadPerf",
    "guid": "122EE297-BB47-41AE-B265-1CA8D1886D40",
    "event_source_name": "",
    "event_id": 1002,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2013-10-23T18:31:55.566626+00:00",
    "event_record_id": 266,
    "correlation": {},
    "execution": {
      "process_id": 836,
      "thread_id": 3012
    },
    "channel": "Application",
    "computer": "IE8Win7",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "user_data": {
    "EventXML": {
      "xmlns:auto-ns2": "http://schemas.microsoft.com/win/2004/08/events",
      "param1": ".NET CLR Networking 4.0.0.0",
      "param2": ".NET CLR Networking 4.0.0.0",
      "binaryDataSize": 4,
      "binaryData": "whIAAA=="
    }
  },
  "message": "Performance counters for the http://schemas.microsoft.com/win/2004/08/events!s! (.NET CLR Networking 4.0.0.0!s!) service are already in the registry, no need to reinstall. This only happens when you install the same counter twice. The second time install will generate this event."
}

References #

Example event sourced from https://github.com/Yamato-Security/hayabusa-sample-evtx

Event ID 2001 — No MOF file param2 was created for the param1 service.

Provider: Microsoft-Windows-LoadPerf
Channel: Application

Message #

No MOF file %2 was created for the %1 service. Before the performance counters of this service can be collected by WMI, a MOF file will need to be created and loaded manually. Contact the vendor of this service for additional information.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—

Event ID 2002 — The MOF file created for the param1 service could not be loaded.

Provider: Microsoft-Windows-LoadPerf
Channel: Application

Message #

The MOF file created for the %1 service could not be loaded. The record data contains the error code returned by the MOF Compiler. Before the performance counters of this service can be collected by WMI, the MOF file will need to be loaded manually. Contact the vendor of this service for additional information.

Fields #

Name	Description
`param1` UnicodeString	—

Event ID 2003 — The MOF file created for the param1 service cannot be deleted as requested.

Provider: Microsoft-Windows-LoadPerf
Channel: Application

Description

The MOF file created for the param1 service cannot be deleted as requested. The automatic recovery function requires the MOF file.

Message #

The MOF file created for the %1 service cannot be deleted as requested. The automatic recovery function requires the MOF file.

Fields #

Name	Description
`param1` UnicodeString	—

Event ID 2004 — The Performance registry value param1 string is corrupted.

Provider: Microsoft-Windows-LoadPerf
Channel: Application

Description

The Performance registry value param1 string is corrupted. Skip string \"param2\".

Message #

The Performance registry value %1 string is corrupted. Skip string \"%2\".

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`Size` UInt32	—
`BinaryData` Binary	—

Event ID 2005 — No COUNTER/HELP definition for Language param1.

Provider: Microsoft-Windows-LoadPerf
Channel: Application

Description

No COUNTER/HELP definition for Language param1.

Message #

No COUNTER/HELP definition for Language %1.

Fields #

Name	Description
`param1` UnicodeString	—
`Size` UInt32	—
`BinaryData` Binary	—

Event ID 2006 — The LastCounter and LastHelp values of the performance registry are corrupted and need to be updated.

Provider: Microsoft-Windows-LoadPerf
Channel: Application

Message #

The LastCounter and LastHelp values of the performance registry are corrupted and need to be updated. The first and second DWORDs in the Data Section contain the original LastCounter and LastHelp values, respectively, while the third and fourth DWORDs in the Data Section contain the updated new values.

Event ID 2007 — Cannot repair performance counters for param1 service.

Provider: Microsoft-Windows-LoadPerf
Channel: Application

Description

Cannot repair performance counters for param1 service. Reinstall the performance counters manually using the LODCTR tool.

Message #

Cannot repair performance counters for %1 service. Reinstall the performance counters manually using the LODCTR tool.

Fields #

Name	Description
`param1` UnicodeString	—
`Size` UInt32	—
`BinaryData` Binary	—

Event ID 3000 — The performance strings in the registry do not match the index values stored in Performance registry key.

Provider: Microsoft-Windows-LoadPerf
Channel: Application

Message #

The performance strings in the registry do not match the index values stored in Performance registry key. The first DWORD in the Data section contains the last index value from performance registry key and the second DWORD in the Data section contains the index of the last string.

Event ID 3001 — The performance counter name string value in the registry is not formatted correctly.

Provider: Microsoft-Windows-LoadPerf
Channel: Application

Message #

The performance counter name string value in the registry is not formatted correctly. The malformed string is %1. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Fields #

Name	Description
`param1` UnicodeString	—
`Size` UInt32	—
`BinaryData` Binary	—

Event ID 3002 — The performance counter explain text string value in the registry is not formatted correctly.

Provider: Microsoft-Windows-LoadPerf
Channel: Application

Message #

The performance counter explain text string value in the registry is not formatted correctly. The malformed string is %1. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Fields #

Name	Description
`param1` UnicodeString	—
`Size` UInt32	—
`BinaryData` Binary	—

Event ID 3003 — Unable to install counter strings because the param1 key could not be opened or accessed.

Provider: Microsoft-Windows-LoadPerf
Channel: Application

Description

Unable to install counter strings because the param1 key could not be opened or accessed. The first DWORD in the Data section contains the Win32 error code.

Message #

Unable to install counter strings because the %1 key could not be opened or accessed. The first DWORD in the Data section contains the Win32 error code.

Fields #

Name	Description
`param1` UnicodeString	—
`Size` UInt32	—
`BinaryData` Binary	—

Event ID 3004 — Unable to read the param1 registry value.

Provider: Microsoft-Windows-LoadPerf
Channel: Application

Description

Unable to read the param1 registry value. The first DWORD in the Data section contains the Win32 error code.

Message #

Unable to read the %1 registry value. The first DWORD in the Data section contains the Win32 error code.

Fields #

Name	Description
`param1` UnicodeString	—
`Size` UInt32	—
`BinaryData` Binary	—

Event ID 3005 — Unable to open the registry key for the performance counter strings defined for the param1 language ID.

Provider: Microsoft-Windows-LoadPerf
Channel: Application

Description

Unable to open the registry key for the performance counter strings defined for the param1 language ID. The first DWORD in the Data section contains the Win32 error code.

Message #

Unable to open the registry key for the performance counter strings defined for the %1 language ID. The first DWORD in the Data section contains the Win32 error code.

Fields #

Name	Description
`param1` UnicodeString	—
`Size` UInt32	—
`BinaryData` Binary	—

Event ID 3006 — Unable to read the performance counter strings defined for the param1 language ID.

Provider: Microsoft-Windows-LoadPerf
Channel: Application

Description

Unable to read the performance counter strings defined for the param1 language ID. The first DWORD in the Data section contains the Win32 error code.

Message #

Unable to read the performance counter strings defined for the %1 language ID. The first DWORD in the Data section contains the Win32 error code.

Fields #

Name	Description
`param1` UnicodeString	—
`Size` UInt32	—
`BinaryData` Binary	—

Event ID 3007 — Unable to read the performance counter explain text strings defined for the param1 language ID.

Provider: Microsoft-Windows-LoadPerf
Channel: Application

Description

Unable to read the performance counter explain text strings defined for the param1 language ID. The first DWORD in the Data section contains the Win32 error code.

Message #

Unable to read the performance counter explain text strings defined for the %1 language ID. The first DWORD in the Data section contains the Win32 error code.

Fields #

Name	Description
`param1` UnicodeString	—
`Size` UInt32	—
`BinaryData` Binary	—

Event ID 3008 — Unable to allocate a required memory buffer.

Provider: Microsoft-Windows-LoadPerf
Channel: Application

Description

Unable to allocate a required memory buffer.

Message #

Unable to allocate a required memory buffer.

Event ID 3009 — Installing the performance counter strings for service param1 (param2) failed.

Provider: Microsoft-Windows-LoadPerf
Channel: Application

Description

Installing the performance counter strings for service param1 (param2) failed. The first DWORD in the Data section contains the error code.

Message #

Installing the performance counter strings for service %1 (%2) failed. The first DWORD in the Data section contains the error code.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`Size` UInt32	—
`BinaryData` Binary	—

Event ID 3011 — Unloading the performance counter strings for service param1 (param2) failed.

Provider: Microsoft-Windows-LoadPerf
Channel: Application

Description

Unloading the performance counter strings for service param1 (param2) failed. The first DWORD in the Data section contains the error code.

Message #

Unloading the performance counter strings for service %1 (%2) failed. The first DWORD in the Data section contains the error code.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`Size` UInt32	—
`BinaryData` Binary	—

Event ID 3012 — The performance strings in the Performance registry value is corrupted when process param1 extension counter provider.

Provider: Microsoft-Windows-LoadPerf
Channel: Application

Message #

The performance strings in the Performance registry value is corrupted when process %1 extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Fields #

Name	Description
`param1` UnicodeString	—
`Size` UInt32	—
`BinaryData` Binary	—

Event ID 3013 — Unable to update the performance counter strings defined for the param1 language ID.

Provider: Microsoft-Windows-LoadPerf
Channel: Application

Description

Unable to update the performance counter strings defined for the param1 language ID. The first DWORD in the Data section contains the error code.

Message #

Unable to update the performance counter strings defined for the %1 language ID. The first DWORD in the Data section contains the error code.

Fields #

Name	Description
`param1` UnicodeString	—
`Size` UInt32	—
`BinaryData` Binary	—

Event ID 3014 — Unable to update the performance counter explain text strings of the param1 language ID.

Provider: Microsoft-Windows-LoadPerf
Channel: Application

Description

Unable to update the performance counter explain text strings of the param1 language ID. The first DWORD in the Data section contains the error code.

Message #

Unable to update the performance counter explain text strings of the %1 language ID. The first DWORD in the Data section contains the error code.

Fields #

Name	Description
`param1` UnicodeString	—
`Size` UInt32	—
`BinaryData` Binary	—

Event ID 3015 — Index for param1 is corrupted.

Provider: Microsoft-Windows-LoadPerf
Channel: Application

Description

Index for param1 is corrupted. The first DWORD in the Data section contains the index value.

Message #

Index for %1 is corrupted. The first DWORD in the Data section contains the index value.

Fields #

Name	Description
`param1` UnicodeString	—
`Size` UInt32	—
`BinaryData` Binary	—

Event ID 3016 — Cannot update param1 value of param2 key.

Provider: Microsoft-Windows-LoadPerf
Channel: Application

Description

Cannot update param1 value of param2 key. The first DWORD in the Data section contains the error code and the second DWORD contains the updated value.

Message #

Cannot update %1 value of %2 key. The first DWORD in the Data section contains the error code and the second DWORD contains the updated value.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`Size` UInt32	—
`BinaryData` Binary	—

Event ID 3017 — Cannot update param1 value of param2 key.

Provider: Microsoft-Windows-LoadPerf
Channel: Application

Description

Cannot update param1 value of param2 key. The first DWORD in the Data section contains the error code.

Message #

Cannot update %1 value of %2 key. The first DWORD in the Data section contains the error code.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`Size` UInt32	—
`BinaryData` Binary	—

Event ID 3018 — param1 index range of service param2 is corrupted.

Provider: Microsoft-Windows-LoadPerf
Channel: Application

Description

param1 index range of service param2 is corrupted. The first DWORD in the Data section contains the first index value used and the second DWORD in the Data section contains last index value used.

Message #

%1 index range of service %2 is corrupted. The first DWORD in the Data section contains the first index value used and the second DWORD in the Data section contains last index value used.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`Size` UInt32	—
`BinaryData` Binary	—

Event ID 1073742824 — Performance counters for the {param1} ({param2}) service were loaded successfully.

Provider: Microsoft-Windows-LoadPerf
Channel: Application

Description

Performance counters for the {param1} ({param2}) service were loaded successfully. The Record Data in the data section contains the new index values assigned to this service.

Message #

Performance counters for the {param1} ({param2}) service were loaded successfully. The Record Data in the data section contains the new index values assigned to this service.

Fields #

Name	Description
`param1`	—
`param2`	—

Event ID 1073742825 — Performance counters for the {param1} ({param2}) service were removed successfully.

Provider: Microsoft-Windows-LoadPerf
Channel: Application

Description

Performance counters for the {param1} ({param2}) service were removed successfully. The Record Data contains the new values of the system Last Counter and Last Help registry entries.

Message #

Performance counters for the {param1} ({param2}) service were removed successfully. The Record Data contains the new values of the system Last Counter and Last Help registry entries.

Fields #

Name	Description
`param1`	—
`param2`	—

Event ID 1073742826 — Performance counters for the {param1} ({param2}) service are already in the registry; no need to reinstall.

Provider: Microsoft-Windows-LoadPerf
Channel: Application

Message #

Performance counters for the {param1} ({param2}) service are already in the registry; no need to reinstall. This only happens when you install the same counter twice. The second time install will generate this event.

Fields #

Name	Description
`param1`	—
`param2`	—

Event ID 2147485649 — No MOF file {param2} was created for the {param1} service.

Provider: Microsoft-Windows-LoadPerf
Channel: Application

Message #

No MOF file {param2} was created for the {param1} service. Before the performance counters of this service can be collected by WMI; a MOF file will need to be created and loaded manually. Contact the vendor of this service for additional information.

Fields #

Name	Description
`param2`	—
`param1`	—

Event ID 2147485650 — The MOF file created for the {param1} service could not be loaded.

Provider: Microsoft-Windows-LoadPerf
Channel: Application

Message #

The MOF file created for the {param1} service could not be loaded. The record data contains the error code returned by the MOF Compiler. Before the performance counters of this service can be collected by WMI; the MOF file will need to be loaded manually. Contact the vendor of this service for additional information.

Fields #

Name	Description
`param1`	—

Event ID 2147485651 — The MOF file created for the {param1} service cannot be deleted as requested.

Provider: Microsoft-Windows-LoadPerf
Channel: Application

Description

The MOF file created for the {param1} service cannot be deleted as requested. The automatic recovery function requires the MOF file.

Message #

The MOF file created for the {param1} service cannot be deleted as requested. The automatic recovery function requires the MOF file.

Fields #

Name	Description
`param1`	—

Event ID 2147485652 — The Performance registry value {param1} string is corrupted.

Provider: Microsoft-Windows-LoadPerf
Channel: Application

Description

The Performance registry value {param1} string is corrupted. Skip string \'{param2}\'.

Message #

The Performance registry value {param1} string is corrupted. Skip string \'{param2}\'.

Fields #

Name	Description
`param1`	—
`param2`	—

Event ID 2147485653 — No COUNTER/HELP definition for Language {param1}.

Provider: Microsoft-Windows-LoadPerf
Channel: Application

Description

No COUNTER/HELP definition for Language {param1}.

Message #

No COUNTER/HELP definition for Language {param1}.

Fields #

Name	Description
`param1`	—

Event ID 2147485655 — Cannot repair performance counters for {param1} service.

Provider: Microsoft-Windows-LoadPerf
Channel: Application

Description

Cannot repair performance counters for {param1} service. Reinstall the performance counters manually using the LODCTR tool.

Message #

Cannot repair performance counters for {param1} service. Reinstall the performance counters manually using the LODCTR tool.

Fields #

Name	Description
`param1`	—

Event ID 3221228473 — The performance counter name string value in the registry is not formatted correctly.

Provider: Microsoft-Windows-LoadPerf
Channel: Application

Message #

The performance counter name string value in the registry is not formatted correctly. The malformed string is {param1}. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Fields #

Name	Description
`param1`	—

Event ID 3221228474 — The performance counter explain text string value in the registry is not formatted correctly.

Provider: Microsoft-Windows-LoadPerf
Channel: Application

Message #

The performance counter explain text string value in the registry is not formatted correctly. The malformed string is {param1}. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Fields #

Name	Description
`param1`	—

Event ID 3221228475 — Unable to install counter strings because the {param1} key could not be opened or accessed.

Provider: Microsoft-Windows-LoadPerf
Channel: Application

Description

Unable to install counter strings because the {param1} key could not be opened or accessed. The first DWORD in the Data section contains the Win32 error code.

Message #

Unable to install counter strings because the {param1} key could not be opened or accessed. The first DWORD in the Data section contains the Win32 error code.

Fields #

Name	Description
`param1`	—

Event ID 3221228476 — Unable to read the {param1} registry value.

Provider: Microsoft-Windows-LoadPerf
Channel: Application

Description

Unable to read the {param1} registry value. The first DWORD in the Data section contains the Win32 error code.

Message #

Unable to read the {param1} registry value. The first DWORD in the Data section contains the Win32 error code.

Fields #

Name	Description
`param1`	—

Event ID 3221228477 — Unable to open the registry key for the performance counter strings defined for the {param1} language ID.

Provider: Microsoft-Windows-LoadPerf
Channel: Application

Description

Unable to open the registry key for the performance counter strings defined for the {param1} language ID. The first DWORD in the Data section contains the Win32 error code.

Message #

Unable to open the registry key for the performance counter strings defined for the {param1} language ID. The first DWORD in the Data section contains the Win32 error code.

Fields #

Name	Description
`param1`	—

Event ID 3221228478 — Unable to read the performance counter strings defined for the {param1} language ID.

Provider: Microsoft-Windows-LoadPerf
Channel: Application

Description

Unable to read the performance counter strings defined for the {param1} language ID. The first DWORD in the Data section contains the Win32 error code.

Message #

Unable to read the performance counter strings defined for the {param1} language ID. The first DWORD in the Data section contains the Win32 error code.

Fields #

Name	Description
`param1`	—

Event ID 3221228479 — Unable to read the performance counter explain text strings defined for the {param1} language ID.

Provider: Microsoft-Windows-LoadPerf
Channel: Application

Description

Unable to read the performance counter explain text strings defined for the {param1} language ID. The first DWORD in the Data section contains the Win32 error code.

Message #

Unable to read the performance counter explain text strings defined for the {param1} language ID. The first DWORD in the Data section contains the Win32 error code.

Fields #

Name	Description
`param1`	—

Event ID 3221228481 — Installing the performance counter strings for service {param1} ({param2}) failed.

Provider: Microsoft-Windows-LoadPerf
Channel: Application

Description

Installing the performance counter strings for service {param1} ({param2}) failed. The first DWORD in the Data section contains the error code.

Message #

Installing the performance counter strings for service {param1} ({param2}) failed. The first DWORD in the Data section contains the error code.

Fields #

Name	Description
`param1`	—
`param2`	—

Event ID 3221228483 — Unloading the performance counter strings for service {param1} ({param2}) failed.

Provider: Microsoft-Windows-LoadPerf
Channel: Application

Description

Unloading the performance counter strings for service {param1} ({param2}) failed. The first DWORD in the Data section contains the error code.

Message #

Unloading the performance counter strings for service {param1} ({param2}) failed. The first DWORD in the Data section contains the error code.

Fields #

Name	Description
`param1`	—
`param2`	—

Event ID 3221228484 — The performance strings in the Performance registry value is corrupted when process {param1} extension counter provider.

Provider: Microsoft-Windows-LoadPerf
Channel: Application

Message #

The performance strings in the Performance registry value is corrupted when process {param1} extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section; LastCounter value is the second DWORD in the Data section; and LastHelp value is the third DWORD in the Data section.

Fields #

Name	Description
`param1`	—

Event ID 3221228485 — Unable to update the performance counter strings defined for the {param1} language ID.

Provider: Microsoft-Windows-LoadPerf
Channel: Application

Description

Unable to update the performance counter strings defined for the {param1} language ID. The first DWORD in the Data section contains the error code.

Message #

Unable to update the performance counter strings defined for the {param1} language ID. The first DWORD in the Data section contains the error code.

Fields #

Name	Description
`param1`	—

Event ID 3221228486 — Unable to update the performance counter explain text strings of the {param1} language ID.

Provider: Microsoft-Windows-LoadPerf
Channel: Application

Description

Unable to update the performance counter explain text strings of the {param1} language ID. The first DWORD in the Data section contains the error code.

Message #

Unable to update the performance counter explain text strings of the {param1} language ID. The first DWORD in the Data section contains the error code.

Fields #

Name	Description
`param1`	—

Event ID 3221228487 — Index for {param1} is corrupted.

Provider: Microsoft-Windows-LoadPerf
Channel: Application

Description

Index for {param1} is corrupted. The first DWORD in the Data section contains the index value.

Message #

Index for {param1} is corrupted. The first DWORD in the Data section contains the index value.

Fields #

Name	Description
`param1`	—

Event ID 3221228488 — Cannot update {param1} value of {param2} key.

Provider: Microsoft-Windows-LoadPerf
Channel: Application

Description

Cannot update {param1} value of {param2} key. The first DWORD in the Data section contains the error code and the second DWORD contains the updated value.

Message #

Cannot update {param1} value of {param2} key. The first DWORD in the Data section contains the error code and the second DWORD contains the updated value.

Fields #

Name	Description
`param1`	—
`param2`	—

Event ID 3221228489 — Cannot update {param1} value of {param2} key.

Provider: Microsoft-Windows-LoadPerf
Channel: Application

Description

Cannot update {param1} value of {param2} key. The first DWORD in the Data section contains the error code.

Message #

Cannot update {param1} value of {param2} key. The first DWORD in the Data section contains the error code.

Fields #

Name	Description
`param1`	—
`param2`	—

Event ID 3221228490 — {param1} index range of service {param2} is corrupted.

Provider: Microsoft-Windows-LoadPerf
Channel: Application

Description

{param1} index range of service {param2} is corrupted. The first DWORD in the Data section contains the first index value used and the second DWORD in the Data section contains last index value used.

Message #

{param1} index range of service {param2} is corrupted. The first DWORD in the Data section contains the first index value used and the second DWORD in the Data section contains last index value used.

Fields #

Name	Description
`param1`	—
`param2`	—