Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Example Event

system:
  provider: Microsoft-Windows-MSDTC 2
  guid: '{5D9E0020-3761-4f36-90C8-38CE6511BD12}'
  event_source_name: MSDTC 2
  event_id: 4202
  version: 0
  level: 4
  task: 2
  opcode: 0
  keywords: 36028797018963968
  time_created: '2023-11-06T06:25:51.684453+00:00'
  event_record_id: 1448
  correlation: {}
  execution:
    process_id: 4912
    thread_id: 0
  channel: Application
  computer: WinDev2310Eval
  security:
    user_id: ''
event_data:
  param1: '0'
  param2: '0'
  param3: '0'
  param4: '0'
  param5: '0'
  param6: '0'
  param7: '1'
  param8: Mutual Authentication Required
  param9: NT AUTHORITY\NetworkService
  param10: '0'
  param11: '0'
  param12: '1'
message: ''

References

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Message

Failed to clean up the default DTC cluster resource setting. The default DTC cluster resource setting might be invalid. The error code returned: %1

Fields

Message

Contact = %1 was deleted successfully. Attempt to copy the new contact = %2 over it failed. The DTC configuration may be corrupted. The operation that failed must be retried. The error code returned: %3

Fields

Message

Failed to create DTC cluster resource. DTC cluster resource GUID specified = %1. The error code returned: %2

Fields

Message

Attempt to find the drive letter or Volume Guid corresponding to the cluster DTC's dependent disk resource has failed. If the dependent disk resource does not support Volume Guid information, please configure at least one dependent disk partition with a drive letter. The error code returned: %1

Fields

Message

Attempting to change the DTC cluster resource's log file path to %1 has failed. Please verify if log path is configured to a valid dependent disk partition. The error code returned: %2

Fields

Message

Application specified a cluster resource ID: %1, but no DTC cluster resource could be returned. Instead, the local DTC instance was returned

Fields

Message

Service: %1 is still running. Attempt to cleanup the service has failed

Fields

Message

Failed trying to get the state of the cluster node: %1.The error code returned: %2

Fields

Message

MSDTC started with the following settings:

 Security Configuration (OFF = 0 and ON = 1):
 Allow Remote Administrator = %1,
 Network Clients = %2,
 Transaction Manager Communication: 
 Allow Inbound Transactions = %3,
 Allow Outbound Transactions = %4,
 Transaction Internet Protocol (TIP) = %5,
  Enable XA Transactions = %6,
  Enable SNA LU 6.2 Transactions = %12,
  MSDTC Communications Security = %8,
 Account = %9,
  Firewall Exclusion Detected = %10

 Transaction Bridge Installed = %11
 Filtering Duplicate Events = %7

Fields

Message

Cluster API call failed with error code: %1. Cluster API function: %2 Arguments: %3

Fields

Message

Cluster API call failed with error code: {param1}. Cluster API function: {param2} Arguments: {param3}

Fields

Message

A caller has attempted to register an XA resource while XA transactions are disabled. Please review the MSDTC configuration settings.

Message

A caller has attempted to import a transaction from a remote system, but MSDTC is currently configured to disallow inbound transaction manager communication on machine '%1'. Please review the MS DTC configuration settings.

Fields

Message

A caller has attempted to export a transaction to a remote system, but MSDTC is currently configured to disallow outbound transaction manager communication on machine '%1'. Please review the MS DTC configuration settings.

Fields

Message

MSDTC encountered an error (HR=0x%1) while attempting to authenticate an incoming connection from system '%2'. The principal name is %3.

Fields

Message

MSDTC encountered an error (HR=0x%1) while attempting to establish a secure connection with system %2.

Fields

Message

MS DTC encountered an error while attempting to process a message from a connection with system '%1'. The incoming message should be from another MSDTC, but has not been authenticated as such. The principal name is '%2'.

Fields

Message

The MSDTC XA Transaction Manager called the xa_rollback function for XA resource manager '%1'. This call failed with an unexpected return code (%2): File=%3 Line=%4.

Fields

Message

The MSDTC XA Transaction Manager called the xa_commit function for XA resource manager '%1'. This call failed with an unexpected return code (%2): File=%3 Line=%4.

Fields

Message

The MSDTC XA Transaction Manager called the xa_open function for XA resource manager '%1'. This call failed with an unexpected return code (%2): File=%3 Line=%4.

Fields

Message

The MSDTC XA Transaction Manager called the 'GetXaSwitch' function in the XA resource manager DLL '%1'. The call to the 'GetXaSwitch' function failed with error %2: File=%3 Line=%4.

Fields

Message

The MSDTC XA Transaction Manager attempted to perform recovery with the XA resource manager DLL '%1'. The XA resource manager reported that recovery was unsuccessful (XA return code=%2).

Fields

Message

The MSDTC XA Transaction Manager called the xa_open function in the XA resource manager DLL '%1'. This call failed with a user exception: File=%2 Line=%3.

Fields

Message

The MSDTC XA Transaction Manager called the xa_close function in the XA resource manager DLL '%1'. This call failed with a user exception: File=%2 Line=%3.

Fields

Message

The MSDTC XA Transaction Manager called the xa_recover function in the XA resource manager DLL '%1'. This call failed with a user exception: File=%2 Line=%3.

Fields

Message

The MSDTC XA Transaction Manager called the xa_commit function in the XA resource manager DLL '%1'. This call failed with a user exception: File=%2 Line=%3.

Fields

Message

The MSDTC XA Transaction Manager called the xa_rollback function in the XA resource manager DLL '%1'. This call failed with a user exception: File=%2 Line=%3.

Fields

Message

The MSDTC XA Transaction Manager called the xa_prepare function in the XA resource manager DLL '%1'. This call failed with a user exception: File=%2 Line=%3.

Fields

Message

The MSDTC XA Transaction Manager called the GetXaSwitch function in the XA resource manager DLL '%1'. This call failed with a user exception: File=%2 Line=%3.

Fields

Message

The MSDTC XA Transaction Manager called the xa_prepare function for XA resource manager '%1'. This call failed with an unexpected return code (%2): File=%3 Line=%4.

Fields

Message

The MSDTC XA Transaction Manager called the xa_commit function with the TMONEPHASE flag set for the XA resource manager '%1'. The call to the xa_commit function failed with an unexpected return code (%2): File=%3 Line=%4.

Fields

Message

The MSDTC XA Transaction Manager attempted to locate the 'GetXaSwitch' function in the XA resource manager DLL. The 'GetXaSwitch' function is missing from the XA resource manager DLL %1 : Error=%2 File=%3 Line=%4.

Fields

Message

The MS DTC XA Transaction Manager called the xa_close function for XA resource manager '%1'. This call failed with an unexpected return code (%2): File=%3 Line=%4.

Fields