Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-MSDTC 2",
    "guid": "{5D9E0020-3761-4f36-90C8-38CE6511BD12}",
    "event_source_name": "MSDTC 2",
    "event_id": 4202,
    "version": 0,
    "level": 4,
    "task": 2,
    "opcode": 0,
    "keywords": 36028797018963968,
    "time_created": "2023-11-06T06:25:51.684453+00:00",
    "event_record_id": 1448,
    "correlation": {},
    "execution": {
      "process_id": 4912,
      "thread_id": 0
    },
    "channel": "Application",
    "computer": "WinDev2310Eval",
    "security": {
      "user_id": ""
    }
  },
  "event_data": {
    "param1": "0",
    "param2": "0",
    "param3": "0",
    "param4": "0",
    "param5": "0",
    "param6": "0",
    "param7": "1",
    "param8": "Mutual Authentication Required",
    "param9": "NT AUTHORITY\\NetworkService",
    "param10": "0",
    "param11": "0",
    "param12": "1"
  },
  "message": ""
}

References #

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Description

Failed to clean up the default DTC cluster resource setting. The default DTC cluster resource setting might be invalid. The error code returned: param1.

Message #

Failed to clean up the default DTC cluster resource setting. The default DTC cluster resource setting might be invalid. The error code returned: %1

Fields #

Description

Contact = was deleted successfully. Attempt to copy the new contact = over it failed. The DTC configuration may be corrupted. The operation that failed must be retried. The error code returned.

Message #

Contact = %1 was deleted successfully. Attempt to copy the new contact = %2 over it failed. The DTC configuration may be corrupted. The operation that failed must be retried. The error code returned: %3

Fields #

Description

Failed to create DTC cluster resource. DTC cluster resource GUID specified = param1. The error code returned: param2.

Message #

Failed to create DTC cluster resource. DTC cluster resource GUID specified = %1. The error code returned: %2

Fields #

Message #

Attempt to find the drive letter or Volume Guid corresponding to the cluster DTC's dependent disk resource has failed. If the dependent disk resource does not support Volume Guid information, please configure at least one dependent disk partition with a drive letter. The error code returned: %1

Fields #

Description

Attempting to change the DTC cluster resource's log file path to param1 has failed. Please verify if log path is configured to a valid dependent disk partition. The error code returned: param2.

Message #

Attempting to change the DTC cluster resource's log file path to %1 has failed. Please verify if log path is configured to a valid dependent disk partition. The error code returned: %2

Fields #

Description

Application specified a cluster resource ID: param1, but no DTC cluster resource could be returned. Instead, the local DTC instance was returned.

Message #

Application specified a cluster resource ID: %1, but no DTC cluster resource could be returned. Instead, the local DTC instance was returned

Fields #

Description

Service: Service is still running. Attempt to cleanup the service has failed.

Message #

Service: %1 is still running. Attempt to cleanup the service has failed

Fields #

Description

Failed trying to get the state of the cluster node: param1.The error code returned: param2.

Message #

Failed trying to get the state of the cluster node: %1.The error code returned: %2

Fields #

Description

MSDTC started with the following settings.

Message #

MSDTC started with the following settings:

 Security Configuration (OFF = 0 and ON = 1):
 Allow Remote Administrator = %1,
 Network Clients = %2,
 Transaction Manager Communication: 
 Allow Inbound Transactions = %3,
 Allow Outbound Transactions = %4,
 Transaction Internet Protocol (TIP) = %5,
  Enable XA Transactions = %6,
  Enable SNA LU 6.2 Transactions = %12,
  MSDTC Communications Security = %8,
 Account = %9,
  Firewall Exclusion Detected = %10

 Transaction Bridge Installed = %11
 Filtering Duplicate Events = %7

Fields #

Description

Cluster API call failed with error code: param1. Cluster API function: ClusterAPIFunction Arguments: Arguments.

Message #

Cluster API call failed with error code: %1. Cluster API function: %2 Arguments: %3

Fields #

Description

Cluster API call failed with error code: {param1}. Cluster API function: {param2} Arguments: {param3}.

Message #

Cluster API call failed with error code: {param1}. Cluster API function: {param2} Arguments: {param3}

Fields #

Description

A caller has attempted to register an XA resource while XA transactions are disabled. Please review the MSDTC configuration settings.

Message #

A caller has attempted to register an XA resource while XA transactions are disabled. Please review the MSDTC configuration settings.

Message #

A caller has attempted to import a transaction from a remote system, but MSDTC is currently configured to disallow inbound transaction manager communication on machine '%1'. Please review the MS DTC configuration settings.

Fields #

Message #

A caller has attempted to export a transaction to a remote system, but MSDTC is currently configured to disallow outbound transaction manager communication on machine '%1'. Please review the MS DTC configuration settings.

Fields #

Description

MSDTC encountered an error (HR=0xparam1) while attempting to authenticate an incoming connection from system 'param2'. The principal name is param3.

Message #

MSDTC encountered an error (HR=0x%1) while attempting to authenticate an incoming connection from system '%2'. The principal name is %3.

Fields #

Description

MSDTC encountered an error (HR=0xparam1) while attempting to establish a secure connection with system param2.

Message #

MSDTC encountered an error (HR=0x%1) while attempting to establish a secure connection with system %2.

Fields #

Message #

MS DTC encountered an error while attempting to process a message from a connection with system '%1'. The incoming message should be from another MSDTC, but has not been authenticated as such. The principal name is '%2'.

Fields #

Description

The MSDTC XA Transaction Manager called the xa_rollback function for XA resource manager 'param1'. This call failed with an unexpected return code (param2): File=param3 Line=param4.

Message #

The MSDTC XA Transaction Manager called the xa_rollback function for XA resource manager '%1'. This call failed with an unexpected return code (%2): File=%3 Line=%4.

Fields #

Description

The MSDTC XA Transaction Manager called the xa_commit function for XA resource manager 'param1'. This call failed with an unexpected return code (param2): File=param3 Line=param4.

Message #

The MSDTC XA Transaction Manager called the xa_commit function for XA resource manager '%1'. This call failed with an unexpected return code (%2): File=%3 Line=%4.

Fields #

Description

The MSDTC XA Transaction Manager called the xa_open function for XA resource manager 'param1'. This call failed with an unexpected return code (param2): File=param3 Line=param4.

Message #

The MSDTC XA Transaction Manager called the xa_open function for XA resource manager '%1'. This call failed with an unexpected return code (%2): File=%3 Line=%4.

Fields #

Description

The MSDTC XA Transaction Manager called the 'GetXaSwitch' function in the XA resource manager DLL 'param1'. The call to the 'GetXaSwitch' function failed with error param2: File=param3 Line=param4.

Message #

The MSDTC XA Transaction Manager called the 'GetXaSwitch' function in the XA resource manager DLL '%1'. The call to the 'GetXaSwitch' function failed with error %2: File=%3 Line=%4.

Fields #

Description

The MSDTC XA Transaction Manager attempted to perform recovery with the XA resource manager DLL 'param1'. The XA resource manager reported that recovery was unsuccessful (XA return code=param2).

Message #

The MSDTC XA Transaction Manager attempted to perform recovery with the XA resource manager DLL '%1'. The XA resource manager reported that recovery was unsuccessful (XA return code=%2).

Fields #

Description

The MSDTC XA Transaction Manager called the xa_open function in the XA resource manager DLL 'param1'. This call failed with a user exception: File=param2 Line=param3.

Message #

The MSDTC XA Transaction Manager called the xa_open function in the XA resource manager DLL '%1'. This call failed with a user exception: File=%2 Line=%3.

Fields #

Description

The MSDTC XA Transaction Manager called the xa_close function in the XA resource manager DLL 'param1'. This call failed with a user exception: File=param2 Line=param3.

Message #

The MSDTC XA Transaction Manager called the xa_close function in the XA resource manager DLL '%1'. This call failed with a user exception: File=%2 Line=%3.

Fields #

Description

The MSDTC XA Transaction Manager called the xa_recover function in the XA resource manager DLL 'param1'. This call failed with a user exception: File=param2 Line=param3.

Message #

The MSDTC XA Transaction Manager called the xa_recover function in the XA resource manager DLL '%1'. This call failed with a user exception: File=%2 Line=%3.

Fields #

Description

The MSDTC XA Transaction Manager called the xa_commit function in the XA resource manager DLL 'param1'. This call failed with a user exception: File=param2 Line=param3.

Message #

The MSDTC XA Transaction Manager called the xa_commit function in the XA resource manager DLL '%1'. This call failed with a user exception: File=%2 Line=%3.

Fields #

Description

The MSDTC XA Transaction Manager called the xa_rollback function in the XA resource manager DLL 'param1'. This call failed with a user exception: File=param2 Line=param3.

Message #

The MSDTC XA Transaction Manager called the xa_rollback function in the XA resource manager DLL '%1'. This call failed with a user exception: File=%2 Line=%3.

Fields #

Description

The MSDTC XA Transaction Manager called the xa_prepare function in the XA resource manager DLL 'param1'. This call failed with a user exception: File=param2 Line=param3.

Message #

The MSDTC XA Transaction Manager called the xa_prepare function in the XA resource manager DLL '%1'. This call failed with a user exception: File=%2 Line=%3.

Fields #

Description

The MSDTC XA Transaction Manager called the GetXaSwitch function in the XA resource manager DLL 'param1'. This call failed with a user exception: File=param2 Line=param3.

Message #

The MSDTC XA Transaction Manager called the GetXaSwitch function in the XA resource manager DLL '%1'. This call failed with a user exception: File=%2 Line=%3.

Fields #

Description

The MSDTC XA Transaction Manager called the xa_prepare function for XA resource manager 'param1'. This call failed with an unexpected return code (param2): File=param3 Line=param4.

Message #

The MSDTC XA Transaction Manager called the xa_prepare function for XA resource manager '%1'. This call failed with an unexpected return code (%2): File=%3 Line=%4.

Fields #

Message #

The MSDTC XA Transaction Manager called the xa_commit function with the TMONEPHASE flag set for the XA resource manager '%1'. The call to the xa_commit function failed with an unexpected return code (%2): File=%3 Line=%4.

Fields #

Message #

The MSDTC XA Transaction Manager attempted to locate the 'GetXaSwitch' function in the XA resource manager DLL. The 'GetXaSwitch' function is missing from the XA resource manager DLL %1 : Error=%2 File=%3 Line=%4.

Fields #

Description

The MS DTC XA Transaction Manager called the xa_close function for XA resource manager 'param1'. This call failed with an unexpected return code (param2): File=param3 Line=param4.

Message #

The MS DTC XA Transaction Manager called the xa_close function for XA resource manager '%1'. This call failed with an unexpected return code (%2): File=%3 Line=%4.

Fields #