Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-MSDTC Client 2",
    "guid": "{155CB334-3D7F-4ff1-B107-DF8AFC3C0363}",
    "event_source_name": "MSDTC Client 2",
    "event_id": 4104,
    "version": 0,
    "level": 2,
    "task": 14,
    "opcode": 0,
    "keywords": 36028797018963968,
    "time_created": "2023-11-05T22:27:41.546510+00:00",
    "event_record_id": 1466,
    "correlation": {},
    "execution": {
      "process_id": 4608,
      "thread_id": 0
    },
    "channel": "Application",
    "computer": "WinDev2310Eval",
    "security": {
      "user_id": ""
    }
  },
  "event_data": {
    "param1": "",
    "param2": "0x8007045B"
  },
  "message": ""
}

References #

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Fields #

Fields #

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-MSDTC Client 2",
    "guid": "{155CB334-3D7F-4ff1-B107-DF8AFC3C0363}",
    "event_source_name": "MSDTC Client 2",
    "event_id": 4350,
    "version": 0,
    "level": 3,
    "task": 14,
    "opcode": 0,
    "keywords": 36028797018963968,
    "time_created": "2026-03-13T20:23:52.178949+00:00",
    "event_record_id": 3710,
    "correlation": {},
    "execution": {
      "process_id": 0,
      "thread_id": 0
    },
    "channel": "Application",
    "computer": "LAB-DC01.ludus.domain",
    "security": {
      "user_id": ""
    }
  },
  "event_data": {
    "param1": "0x800706D9",
    "param2": "OpenClusterEx",
    "param3": "lpszClusterName: (null)"
  },
  "message": ""
}

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-MSDTC Client 2",
    "guid": "{155CB334-3D7F-4ff1-B107-DF8AFC3C0363}",
    "event_source_name": "MSDTC Client 2",
    "event_id": 4879,
    "version": 0,
    "level": 3,
    "task": 3,
    "opcode": 0,
    "keywords": 36028797018963968,
    "time_created": "2023-10-25T22:53:19.706720+00:00",
    "event_record_id": 1415,
    "correlation": {},
    "execution": {
      "process_id": 932,
      "thread_id": 0
    },
    "channel": "Application",
    "computer": "WinDevEval",
    "security": {
      "user_id": ""
    }
  },
  "event_data": {
    "param1": "80000171",
    "param2": "WINDEVEVAL"
  },
  "message": ""
}

References #

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Fields #

Fields #

Description

Failed to clean up the default DTC cluster resource setting. The default DTC cluster resource setting might be invalid. The error code returned: param1.

Message #

Failed to clean up the default DTC cluster resource setting. The default DTC cluster resource setting might be invalid. The error code returned: %1

Fields #

Description

Contact = was deleted successfully. Attempt to copy the new contact = over it failed. The DTC configuration may be corrupted. The operation that failed must be retried. The error code returned.

Message #

Contact = %1 was deleted successfully. Attempt to copy the new contact = %2 over it failed. The DTC configuration may be corrupted. The operation that failed must be retried. The error code returned: %3

Fields #

Description

Failed to create DTC cluster resource. DTC cluster resource GUID specified = param1. The error code returned: param2.

Message #

Failed to create DTC cluster resource. DTC cluster resource GUID specified = %1. The error code returned: %2

Fields #

Message #

Attempt to find the drive letter or Volume Guid corresponding to the cluster DTC's dependent disk resource has failed. If the dependent disk resource does not support Volume Guid information, please configure at least one dependent disk partition with a drive letter. The error code returned: %1

Fields #

Description

Attempting to change the DTC cluster resource's log file path to param1 has failed. Please verify if log path is configured to a valid dependent disk partition. The error code returned: param2.

Message #

Attempting to change the DTC cluster resource's log file path to %1 has failed. Please verify if log path is configured to a valid dependent disk partition. The error code returned: %2

Fields #

Description

Application specified a cluster resource ID: param1, but no DTC cluster resource could be returned. Instead, the local DTC instance was returned.

Message #

Application specified a cluster resource ID: %1, but no DTC cluster resource could be returned. Instead, the local DTC instance was returned

Fields #

Description

Service: Service is still running. Attempt to cleanup the service has failed.

Message #

Service: %1 is still running. Attempt to cleanup the service has failed

Fields #

Description

Failed trying to get the state of the cluster node: param1.The error code returned: param2.

Message #

Failed trying to get the state of the cluster node: %1.The error code returned: %2

Fields #

Description

Cluster API call failed with error code: param1. Cluster API function: ClusterAPIFunction Arguments: Arguments.

Message #

Cluster API call failed with error code: %1. Cluster API function: %2 Arguments: %3

Fields #

Description

Cluster API call failed with error code: {param1}. Cluster API function: {param2} Arguments: {param3}.

Message #

Cluster API call failed with error code: {param1}. Cluster API function: {param2} Arguments: {param3}

Fields #

Description

A caller has attempted to register an XA resource while XA transactions are disabled. Please review the MSDTC configuration settings.

Message #

A caller has attempted to register an XA resource while XA transactions are disabled. Please review the MSDTC configuration settings.

Description

An XA transaction manager has attempted to open the MSDTC XA resource while XA transactions are disabled. Please review the MSDTC configuration settings.

Message #

An XA transaction manager has attempted to open the MSDTC XA resource while XA transactions are disabled. Please review the MSDTC configuration settings.

Description

A caller has attempted to propagate a transaction to a remote system, but MSDTC network DTC access is currently disabled on machine 'param1'. Please review the MS DTC configuration settings.

Message #

A caller has attempted to propagate a transaction to a remote system, but MSDTC network DTC access is currently disabled on machine '%1'. Please review the MS DTC configuration settings.

Fields #

Message #

A caller has attempted to import a transaction from a remote system, but MSDTC is currently configured to disallow inbound transaction manager communication on machine '%1'. Please review the MS DTC configuration settings.

Fields #

Message #

A caller has attempted to export a transaction to a remote system, but MSDTC is currently configured to disallow outbound transaction manager communication on machine '%1'. Please review the MS DTC configuration settings.

Fields #

Description

MSDTC encountered an error (HR=0xparam1) while attempting to authenticate an incoming connection from system 'param2'. The principal name is param3.

Message #

MSDTC encountered an error (HR=0x%1) while attempting to authenticate an incoming connection from system '%2'. The principal name is %3.

Fields #

Description

MSDTC encountered an error (HR=0xparam1) while attempting to establish a secure connection with system param2.

Message #

MSDTC encountered an error (HR=0x%1) while attempting to establish a secure connection with system %2.

Fields #

Description

A caller has attempted to connect to a remote MSDTC on machine 'param1'. The attempt failed because the remote machine is configured to disallow remote clients.

Message #

A caller has attempted to connect to a remote MSDTC on machine '%1'.  The attempt failed because the remote machine is configured to disallow remote clients.

Fields #