detection.wiki
Blog

Microsoft-Windows-MSDTC Client 2

37 events across 2 channels

Event IDTitleChannel
4097Operational
4098Operational
4099Operational
4100Operational
4101Operational
4102Operational
4103Operational
4104Operational
4104Application
4350Operational
4872Operational
4873Operational
4874Operational
4875Operational
4876Operational
4878Operational
4879Operational
4879Application
4881Operational
1073745921Failed to clean up the default DTC cluster resource setting.Operational
1073745922Contact = %1 was deleted successfully.Operational
1073745923Failed to create DTC cluster resource.Operational
1073745924Attempt to find the drive letter or Volume Guid corresponding to the cluster …Operational
1073745925Attempting to change the DTC cluster resource's log file path to %1 has failed.Operational
1073745926Application specified a cluster resource ID: %1, but no DTC cluster resource …Operational
1073745927Service: %1 is still running.Operational
1073745928Failed trying to get the state of the cluster node.Operational
1073746174Cluster API call failed with error code.Operational
1073746185Cluster API call failed with error code: {param1}.Operational
2147488520A caller has attempted to register an XA resource while XA transactions are …Operational
2147488521An XA transaction manager has attempted to open the MSDTC XA resource while XA …Operational
2147488522A caller has attempted to propagate a transaction to a remote system, but MSDTC …Operational
2147488523A caller has attempted to import a transaction from a remote system, but MSDTC …Operational
2147488524A caller has attempted to export a transaction to a remote system, but MSDTC is …Operational
2147488526MSDTC encountered an error (HR=0x%1) while attempting to authenticate an …Operational
2147488527MSDTC encountered an error (HR=0x%1) while attempting to establish a secure …Operational
2147488529A caller has attempted to connect to a remote MSDTC on machine '.Operational

Event ID 4097 —

Provider
Microsoft-Windows-MSDTC Client 2
Channel
Operational

Fields

NameDescription
param1

Event ID 4098 —

Provider
Microsoft-Windows-MSDTC Client 2
Channel
Operational

Fields

NameDescription
param1
param2
param3

Event ID 4099 —

Provider
Microsoft-Windows-MSDTC Client 2
Channel
Operational

Fields

NameDescription
param1
param2

Event ID 4100 —

Provider
Microsoft-Windows-MSDTC Client 2
Channel
Operational

Fields

NameDescription
param1

Event ID 4101 —

Provider
Microsoft-Windows-MSDTC Client 2
Channel
Operational

Fields

NameDescription
param1
param2
param3

Event ID 4102 —

Provider
Microsoft-Windows-MSDTC Client 2
Channel
Operational

Fields

NameDescription
param1

Event ID 4103 —

Provider
Microsoft-Windows-MSDTC Client 2
Channel
Operational

Fields

NameDescription
param1

Event ID 4104 —

Provider
Microsoft-Windows-MSDTC Client 2
Channel
Operational

Fields

NameDescription
param1
param2

Event ID 4104 —

Provider
Microsoft-Windows-MSDTC Client 2
Channel
Application
Level
2
Samples
1

Fields

NameDescription
param1
param2

Example Event

system:
  provider: Microsoft-Windows-MSDTC Client 2
  guid: '{155CB334-3D7F-4ff1-B107-DF8AFC3C0363}'
  event_source_name: MSDTC Client 2
  event_id: 4104
  version: 0
  level: 2
  task: 14
  opcode: 0
  keywords: 36028797018963968
  time_created: '2023-11-05T22:27:41.546510+00:00'
  event_record_id: 1466
  correlation: {}
  execution:
    process_id: 4608
    thread_id: 0
  channel: Application
  computer: WinDev2310Eval
  security:
    user_id: ''
event_data:
  param1: ''
  param2: '0x8007045B'
message: ''

References

Event ID 4350 —

Provider
Microsoft-Windows-MSDTC Client 2
Channel
Operational

Fields

NameDescription
param1
param2
param3

Event ID 4872 —

Provider
Microsoft-Windows-MSDTC Client 2
Channel
Operational

Event ID 4873 —

Provider
Microsoft-Windows-MSDTC Client 2
Channel
Operational

Event ID 4874 —

Provider
Microsoft-Windows-MSDTC Client 2
Channel
Operational

Fields

NameDescription
param1

Event ID 4875 —

Provider
Microsoft-Windows-MSDTC Client 2
Channel
Operational

Fields

NameDescription
param1

Event ID 4876 —

Provider
Microsoft-Windows-MSDTC Client 2
Channel
Operational

Fields

NameDescription
param1

Event ID 4878 —

Provider
Microsoft-Windows-MSDTC Client 2
Channel
Operational

Fields

NameDescription
param1
param2
param3

Event ID 4879 —

Provider
Microsoft-Windows-MSDTC Client 2
Channel
Operational

Fields

NameDescription
param1
param2

Event ID 4879 —

Provider
Microsoft-Windows-MSDTC Client 2
Channel
Application
Level
3
Samples
1

Fields

NameDescription
param1
param2

Example Event

system:
  provider: Microsoft-Windows-MSDTC Client 2
  guid: '{155CB334-3D7F-4ff1-B107-DF8AFC3C0363}'
  event_source_name: MSDTC Client 2
  event_id: 4879
  version: 0
  level: 3
  task: 3
  opcode: 0
  keywords: 36028797018963968
  time_created: '2023-10-25T22:53:19.706720+00:00'
  event_record_id: 1415
  correlation: {}
  execution:
    process_id: 932
    thread_id: 0
  channel: Application
  computer: WinDevEval
  security:
    user_id: ''
event_data:
  param1: '80000171'
  param2: WINDEVEVAL
message: ''

References

Event ID 4881 —

Provider
Microsoft-Windows-MSDTC Client 2
Channel
Operational

Fields

NameDescription
param1

Event ID 1073745921 — Failed to clean up the default DTC cluster resource setting.

Provider
Microsoft-Windows-MSDTC Client 2
Channel
Operational

Message

Failed to clean up the default DTC cluster resource setting. The default DTC cluster resource setting might be invalid. The error code returned: %1

Fields

NameDescription
param1

Event ID 1073745922 — Contact = %1 was deleted successfully.

Provider
Microsoft-Windows-MSDTC Client 2
Channel
Operational

Message

Contact = %1 was deleted successfully. Attempt to copy the new contact = %2 over it failed. The DTC configuration may be corrupted. The operation that failed must be retried. The error code returned: %3

Fields

NameDescription
param1
param2
param3

Event ID 1073745923 — Failed to create DTC cluster resource.

Provider
Microsoft-Windows-MSDTC Client 2
Channel
Operational

Message

Failed to create DTC cluster resource. DTC cluster resource GUID specified = %1. The error code returned: %2

Fields

NameDescription
param1
param2

Event ID 1073745924 — Attempt to find the drive letter or Volume Guid corresponding to the cluster DTC's dependent disk resource has failed.

Provider
Microsoft-Windows-MSDTC Client 2
Channel
Operational

Message

Attempt to find the drive letter or Volume Guid corresponding to the cluster DTC's dependent disk resource has failed. If the dependent disk resource does not support Volume Guid information, please configure at least one dependent disk partition with a drive letter. The error code returned: %1

Fields

NameDescription
param1

Event ID 1073745925 — Attempting to change the DTC cluster resource's log file path to %1 has failed.

Provider
Microsoft-Windows-MSDTC Client 2
Channel
Operational

Message

Attempting to change the DTC cluster resource's log file path to %1 has failed. Please verify if log path is configured to a valid dependent disk partition. The error code returned: %2

Fields

NameDescription
param1
param2
param3

Event ID 1073745926 — Application specified a cluster resource ID: %1, but no DTC cluster resource could be returned.

Provider
Microsoft-Windows-MSDTC Client 2
Channel
Operational

Message

Application specified a cluster resource ID: %1, but no DTC cluster resource could be returned. Instead, the local DTC instance was returned

Fields

NameDescription
param1

Event ID 1073745927 — Service: %1 is still running.

Provider
Microsoft-Windows-MSDTC Client 2
Channel
Operational

Message

Service: %1 is still running. Attempt to cleanup the service has failed

Fields

NameDescription
param1

Event ID 1073745928 — Failed trying to get the state of the cluster node.

Provider
Microsoft-Windows-MSDTC Client 2
Channel
Operational

Message

Failed trying to get the state of the cluster node: %1.The error code returned: %2

Fields

NameDescription
param1
param2

Event ID 1073746174 — Cluster API call failed with error code.

Provider
Microsoft-Windows-MSDTC Client 2
Channel
Operational

Message

Cluster API call failed with error code: %1. Cluster API function: %2 Arguments: %3

Fields

NameDescription
param1
param2
param3

Event ID 1073746185 — Cluster API call failed with error code: {param1}.

Provider
Microsoft-Windows-MSDTC Client 2
Channel
Operational

Message

Cluster API call failed with error code: {param1}. Cluster API function: {param2} Arguments: {param3}

Fields

NameDescription
param1
param2
param3

Event ID 2147488520 — A caller has attempted to register an XA resource while XA transactions are disabled.

Provider
Microsoft-Windows-MSDTC Client 2
Channel
Operational

Message

A caller has attempted to register an XA resource while XA transactions are disabled. Please review the MSDTC configuration settings.

Event ID 2147488521 — An XA transaction manager has attempted to open the MSDTC XA resource while XA transactions are disabled.

Provider
Microsoft-Windows-MSDTC Client 2
Channel
Operational

Message

An XA transaction manager has attempted to open the MSDTC XA resource while XA transactions are disabled. Please review the MSDTC configuration settings.

Event ID 2147488522 — A caller has attempted to propagate a transaction to a remote system, but MSDTC network DTC access is currently disabled on machine '.

Provider
Microsoft-Windows-MSDTC Client 2
Channel
Operational

Message

A caller has attempted to propagate a transaction to a remote system, but MSDTC network DTC access is currently disabled on machine '%1'. Please review the MS DTC configuration settings.

Fields

NameDescription
param1

Event ID 2147488523 — A caller has attempted to import a transaction from a remote system, but MSDTC is currently configured to disallow inbound transaction manager comm...

Provider
Microsoft-Windows-MSDTC Client 2
Channel
Operational

Message

A caller has attempted to import a transaction from a remote system, but MSDTC is currently configured to disallow inbound transaction manager communication on machine '%1'. Please review the MS DTC configuration settings.

Fields

NameDescription
param1

Event ID 2147488524 — A caller has attempted to export a transaction to a remote system, but MSDTC is currently configured to disallow outbound transaction manager commu...

Provider
Microsoft-Windows-MSDTC Client 2
Channel
Operational

Message

A caller has attempted to export a transaction to a remote system, but MSDTC is currently configured to disallow outbound transaction manager communication on machine '%1'. Please review the MS DTC configuration settings.

Fields

NameDescription
param1

Event ID 2147488526 — MSDTC encountered an error (HR=0x%1) while attempting to authenticate an incoming connection from system '%2'.

Provider
Microsoft-Windows-MSDTC Client 2
Channel
Operational

Message

MSDTC encountered an error (HR=0x%1) while attempting to authenticate an incoming connection from system '%2'. The principal name is %3.

Fields

NameDescription
param1
param2
param3

Event ID 2147488527 — MSDTC encountered an error (HR=0x%1) while attempting to establish a secure connection with system %2.

Provider
Microsoft-Windows-MSDTC Client 2
Channel
Operational

Message

MSDTC encountered an error (HR=0x%1) while attempting to establish a secure connection with system %2.

Fields

NameDescription
param1
param2

Event ID 2147488529 — A caller has attempted to connect to a remote MSDTC on machine '.

Provider
Microsoft-Windows-MSDTC Client 2
Channel
Operational

Message

A caller has attempted to connect to a remote MSDTC on machine '%1'.  The attempt failed because the remote machine is configured to disallow remote clients.

Fields

NameDescription
param1