Microsoft-Windows-NlaSvc

52 events across 2 channels

Event ID	Title	Channel
4001	Entered State: Entered_State Interface Guid: Interface_Guid.	Diagnostic
4002	Transitioning to State: CurrentOrNextState Interface Guid: InterfaceGuid.	Diagnostic
4101	Received WMI Media Connect Notification for 'AdapterName' InterfaceGuid.	Diagnostic
4102	Received WMI Media Disconnect Notification for 'AdapterName' InterfaceGuid.	Diagnostic
4103	Route change has occurred for interface InterfaceGuid (MibNotificationType).	Diagnostic
4104	Address change has occurred for interface InterfaceGuid (MibNotificationType).	Diagnostic
4105	Quarantine state has changed	Diagnostic
4106	Received DHCP notification	Diagnostic
4201	Start link resolver	Diagnostic
4202	Stop link resolver	Diagnostic
4203	Start gateway resolution on interface InterfaceGuid for GatewayIpAddress.	Diagnostic
4204	Stop gateway resolution on interface NlnsState for MAC.	Diagnostic
4205	Gateway resolution failed on interface InterfaceGuid for GatewayIpAddress with …	Operational
4251	Plug-in data indicated from PluginName for entity EntityName (IndicatedRowCount …	Diagnostic
4261	DHCP has stabilized for InterfaceGuid (NlaState).	Diagnostic
4301	Start Intranet resolver	Diagnostic
4302	Stop Intranet resolver	Diagnostic
4311	Start DsGetDcName(DnsSuffix,Flags) for DnsSuffix.	Diagnostic
4312	Stop DsGetDcName(DnsSuffix,Flags) for DnsSuffix returned error ErrorCode …	Diagnostic
4313	DsGetDcName(DnsSuffix,Flags) for DnsSuffix failed with error ErrorCode.	Diagnostic
4321	Start DsGetDcName(Flags) for DS info.	Diagnostic
4322	Stop DsGetDcName(Flags) for DS info returned error ErrorCode …	Diagnostic
4323	DsGetDcName(Flags) for DS info failed with error ErrorCode.	Diagnostic
4331	Start DsGetDcName(Flags) for root domain GUID.	Diagnostic
4332	Stop DsGetDcName(Flags) for root domain GUID returned error ErrorCode …	Diagnostic
4333	DsGetDcName(Flags) for root domain GUID failed with error ErrorCode.	Operational
4341	Start LDAP authentication on interface Interface Name (Addresses) (Try Count …	Diagnostic
4342	Stop LDAP authentication on interface Interface Name (Addresses).	Diagnostic
4343	LDAP authentication on interface Interface Name (Addresses) failed with error …	Operational
4351	Start ldap_connect(Addresses) for DC=DcName (Try Number of Try Count tries).	Diagnostic
4352	Stop ldap_connect(Addresses) for DC=DcName (Try Number of Try Count tries).	Diagnostic
4353	ldap_connect(Addresses) for DC=DcName (Try Number of Try Count tries) failed …	Diagnostic
4354	Start ldap_bind(Addresses) for DC=DcName (Try Number of Try Count tries).	Diagnostic
4355	Stop ldap_bind(Addresses) for DC=DcName (Try Number of Try Count tries).	Diagnostic
4356	ldap_bind(Addresses) for DC=DcName (Try Number of Try Count tries) failed with …	Diagnostic
4401	Inserting identifying signature for interface InterfaceGuid.	Diagnostic
4402	Inserting identified signature for interface InterfaceGuid.	Diagnostic
4403	Removing identified signature for interface InterfaceGuid.	Diagnostic
4404	Inserting identified signature for interface InterfaceGuid.	Diagnostic
4405	Inserting identified signature for interface InterfaceGuid.	Diagnostic
4407	Adding interface 'AdapterName' InterfaceGuid.	Diagnostic
4408	Removing interface 'AdapterName' InterfaceGuid.	Diagnostic
4409	Adding interface 'AdapterName' InterfaceGuid.	Diagnostic
4410	Inserting identified signature for interface InterfaceGuid.	Diagnostic
4411	Inserting identified signature for interface InterfaceGuid.	Diagnostic
4451	Network on Reason is unlikely to be authentication-capable; authentication will …	Diagnostic
5001		Diagnostic
5002	Inserting identified signature for interface InterfaceGuid.	Diagnostic
6101	Perftrack cancel event for interface 'AdapterName' InterfaceGuid.	Diagnostic
6102	Perftrack cancel event for interface 'AdapterName' InterfaceGuid.	Diagnostic
6103	Perftrack cancel event for interface 'AdapterName' InterfaceGuid.	Diagnostic
6104	Perftrack cancel event for interface 'AdapterName' InterfaceGuid.	Diagnostic

Event ID 4001 — Entered State: Entered_State Interface Guid: Interface_Guid.

Provider: Microsoft-Windows-NlaSvc
Channel: Diagnostic
Task: WaitforIdentification
Opcode: Start

Description

Entered State: Entered_State Interface Guid: Interface_Guid.

Message #

Entered State: %2 Interface Guid: %1

Fields #

Name	Description
`Interface_Guid` GUID	—
`Entered_State` UInt8	—
`InterfaceGuid` GUID	—
`CurrentOrNextState` UInt8	—

Event ID 4002 — Transitioning to State: CurrentOrNextState Interface Guid: InterfaceGuid.

Provider: Microsoft-Windows-NlaSvc
Channel: Diagnostic
Task: WaitforIdentification
Opcode: Stop

Description

Transitioning to State: CurrentOrNextState Interface Guid: InterfaceGuid.

Message #

Transitioning to State: %2 Interface Guid: %1

Fields #

Name	Description
`InterfaceGuid` GUID	—
`CurrentOrNextState` UInt8	—

Event ID 4101 — Received WMI Media Connect Notification for 'AdapterName' InterfaceGuid.

Provider: Microsoft-Windows-NlaSvc
Channel: Diagnostic
Task: Trigger
Opcode: MediaConnect

Description

Received WMI Media Connect Notification for 'AdapterName' InterfaceGuid.

Message #

Received WMI Media Connect Notification for '%2' %1

Fields #

Name	Description
`InterfaceGuid` GUID	—
`AdapterName` UnicodeString	—

Event ID 4102 — Received WMI Media Disconnect Notification for 'AdapterName' InterfaceGuid.

Provider: Microsoft-Windows-NlaSvc
Channel: Diagnostic
Task: Trigger
Opcode: MediaDisconnect

Description

Received WMI Media Disconnect Notification for 'AdapterName' InterfaceGuid.

Message #

Received WMI Media Disconnect Notification for '%2' %1

Fields #

Name	Description
`InterfaceGuid` GUID	—
`AdapterName` UnicodeString	—

Event ID 4103 — Route change has occurred for interface InterfaceGuid (MibNotificationType).

Provider: Microsoft-Windows-NlaSvc
Channel: Diagnostic
Task: Trigger
Opcode: RouteChange

Description

Route change has occurred for interface InterfaceGuid (MibNotificationType).

Message #

Route change has occurred for interface %1 (%2)

Fields #

Name	Description
`InterfaceGuid` GUID	—
`MibNotificationType` UInt32	—

Event ID 4104 — Address change has occurred for interface InterfaceGuid (MibNotificationType).

Provider: Microsoft-Windows-NlaSvc
Channel: Diagnostic
Task: Trigger
Opcode: AddressChange

Description

Address change has occurred for interface InterfaceGuid (MibNotificationType).

Message #

Address change has occurred for interface %1 (%2)

Fields #

Name	Description
`InterfaceGuid` GUID	—
`MibNotificationType` UInt32	—

Event ID 4105 — Quarantine state has changed

Provider: Microsoft-Windows-NlaSvc
Channel: Diagnostic
Task: Trigger
Opcode: QuarantineStateChange

Description

Quarantine state has changed.

Message #

Quarantine state has changed

Event ID 4106 — Received DHCP notification

Provider: Microsoft-Windows-NlaSvc
Channel: Diagnostic
Task: Trigger
Opcode: DhcpNotification

Description

Received DHCP notification.

Message #

Received DHCP notification

Event ID 4201 — Start link resolver

Provider: Microsoft-Windows-NlaSvc
Channel: Diagnostic
Task: GatewayResolution
Opcode: Start

Description

Start link resolver.

Message #

Start link resolver

Event ID 4202 — Stop link resolver

Provider: Microsoft-Windows-NlaSvc
Channel: Diagnostic
Task: GatewayResolution
Opcode: Stop

Description

Stop link resolver.

Message #

Stop link resolver

Event ID 4203 — Start gateway resolution on interface InterfaceGuid for GatewayIpAddress.

Provider: Microsoft-Windows-NlaSvc
Channel: Diagnostic
Task: GatewayResolution
Opcode: Start

Description

Start gateway resolution on interface InterfaceGuid for GatewayIpAddress.

Message #

Start gateway resolution on interface %1 for %2

Fields #

Name	Description
`InterfaceGuid` GUID	—
`GatewayIpAddress` UnicodeString	—

Event ID 4204 — Stop gateway resolution on interface NlnsState for MAC.

Provider: Microsoft-Windows-NlaSvc
Channel: Diagnostic
Task: GatewayResolution
Opcode: Stop

Description

Stop gateway resolution on interface NlnsState for MAC. Error: InterfaceGuid NlnsState: GatewayIpAddress MAC: MacAddrLen.

Message #

Stop gateway resolution on interface %1 for %2. Error: %3 NlnsState: %4 MAC: %6

Fields #

Name	Description
`NlnsState` UInt32	—
`MAC`	2. Error.
`InterfaceGuid` GUID	—
`GatewayIpAddress` UnicodeString	—
`ErrorCode` UInt32	—
`MacAddrLen` UInt16	—
`MacAddr` Binary	—

Event ID 4205 — Gateway resolution failed on interface InterfaceGuid for GatewayIpAddress with error: ErrorCode.

Provider: Microsoft-Windows-NlaSvc
Channel: Operational
Level: Error
Task: GatewayResolution
Opcode: Failed

Description

Gateway resolution failed on interface InterfaceGuid for GatewayIpAddress with error: ErrorCode.

Message #

Gateway resolution failed on interface %1 for %2 with error: %3

Fields #

Name	Description
`InterfaceGuid` GUID	—
`GatewayIpAddress` UnicodeString	—
`ErrorCode` UInt32	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-NlaSvc",
    "guid": "63B530F8-29C9-4880-A5B4-B8179096E7B8",
    "event_source_name": "",
    "event_id": 4205,
    "version": 0,
    "level": 2,
    "task": 3,
    "opcode": 21,
    "keywords": 4611686018427387938,
    "time_created": "2026-03-15T05:30:49.223016+00:00",
    "event_record_id": 1,
    "correlation": {
      "ActivityID": "6FDE36A2-B353-0009-B736-DE6F53B3DC01"
    },
    "execution": {
      "process_id": 1992,
      "thread_id": 12780
    },
    "channel": "Microsoft-Windows-NlaSvc/Operational",
    "computer": "LAB-WIN11.ludus.domain",
    "security": {
      "user_id": "S-1-5-20"
    }
  },
  "event_data": {
    "InterfaceGuid": "8A1760B6-DC99-4B90-9C4A-029698E5AE27",
    "GatewayIpAddress": "10.2.10.1",
    "ErrorCode": 67
  },
  "message": ""
}

Event ID 4251 — Plug-in data indicated from PluginName for entity EntityName (IndicatedRowCount rows).

Provider: Microsoft-Windows-NlaSvc
Channel: Diagnostic
Task: Plugin
Opcode: DataIndication

Description

Plug-in data indicated from PluginName for entity EntityName (IndicatedRowCount rows).

Message #

Plug-in data indicated from %1 for entity %2 (%3 rows)
%5

Fields #

Name	Description
`PluginName` UnicodeString	—
`EntityName` UnicodeString	—
`IndicatedRowCount` UInt16	—
`RowsWithInterfacesIndicatedCount` UInt16	—
`RowInterfaceGuid` GUID	—

Event ID 4261 — DHCP has stabilized for InterfaceGuid (NlaState).

Provider: Microsoft-Windows-NlaSvc
Channel: Diagnostic
Task: Dhcp
Opcode: Stabilized

Description

DHCP has stabilized for InterfaceGuid (NlaState).

Message #

DHCP has stabilized for %1 (%2)

Fields #

Name	Description
`InterfaceGuid` GUID	—
`NlaState` UInt32	—

Event ID 4301 — Start Intranet resolver

Provider: Microsoft-Windows-NlaSvc
Channel: Diagnostic
Task: IntranetResolution
Opcode: Start

Description

Start Intranet resolver.

Message #

Start Intranet resolver

Event ID 4302 — Stop Intranet resolver

Provider: Microsoft-Windows-NlaSvc
Channel: Diagnostic
Task: IntranetResolution
Opcode: Stop

Description

Stop Intranet resolver.

Message #

Stop Intranet resolver

References #

Microsoft Learn https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/dfsr-diagnostics-shows-sharing-violations-events

Event ID 4311 — Start DsGetDcName(DnsSuffix,Flags) for DnsSuffix.

Provider: Microsoft-Windows-NlaSvc
Channel: Diagnostic
Task: DsGetDcName(DnsSuffix)
Opcode: Start

Description

Start DsGetDcName(DnsSuffix,Flags) for DnsSuffix.

Message #

Start DsGetDcName(%1,%2) for DnsSuffix

Fields #

Name	Description
`DnsSuffix` UnicodeString	—
`Flags` UInt32	—
`ErrorCode` UInt32	—
`RetrievedDomain` UnicodeString	—
`RetrievedForest` UnicodeString	—

Event ID 4312 — Stop DsGetDcName(DnsSuffix,Flags) for DnsSuffix returned error ErrorCode (domain=RetrievedDomain, forest=RetrievedForest).

Provider: Microsoft-Windows-NlaSvc
Channel: Diagnostic
Task: DsGetDcName(DnsSuffix)
Opcode: Stop

Description

Stop DsGetDcName(DnsSuffix,Flags) for DnsSuffix returned error ErrorCode (domain=RetrievedDomain, forest=RetrievedForest).

Message #

Stop DsGetDcName(%1,%2) for DnsSuffix returned error %3 (domain=%4, forest=%5)

Fields #

Name	Description
`DnsSuffix` UnicodeString	—
`Flags` UInt32	—
`ErrorCode` UInt32	—
`RetrievedDomain` UnicodeString	—
`RetrievedForest` UnicodeString	—

Event ID 4313 — DsGetDcName(DnsSuffix,Flags) for DnsSuffix failed with error ErrorCode.

Provider: Microsoft-Windows-NlaSvc
Channel: Diagnostic
Task: DsGetDcName(DnsSuffix)
Opcode: Failed

Description

DsGetDcName(DnsSuffix,Flags) for DnsSuffix failed with error ErrorCode.

Message #

DsGetDcName(%1,%2) for DnsSuffix failed with error %3

Fields #

Name	Description
`DnsSuffix` UnicodeString	—
`Flags` UInt32	—
`ErrorCode` UInt32	—
`RetrievedDomain` UnicodeString	—
`RetrievedForest` UnicodeString	—

Event ID 4321 — Start DsGetDcName(Flags) for DS info.

Provider: Microsoft-Windows-NlaSvc
Channel: Diagnostic
Task: DsGetDcName(Ds)
Opcode: Start

Description

Start DsGetDcName(Flags) for DS info.

Message #

Start DsGetDcName(%2) for DS info

Fields #

Name	Description
`DnsSuffix` UnicodeString	—
`Flags` UInt32	—
`ErrorCode` UInt32	—
`RetrievedDomain` UnicodeString	—
`RetrievedForest` UnicodeString	—

Event ID 4322 — Stop DsGetDcName(Flags) for DS info returned error ErrorCode (domain=RetrievedDomain, forest=RetrievedForest).

Provider: Microsoft-Windows-NlaSvc
Channel: Diagnostic
Task: DsGetDcName(Ds)
Opcode: Stop

Description

Stop DsGetDcName(Flags) for DS info returned error ErrorCode (domain=RetrievedDomain, forest=RetrievedForest).

Message #

Stop DsGetDcName(%2) for DS info returned error %3 (domain=%4, forest=%5)

Fields #

Name	Description
`DnsSuffix` UnicodeString	—
`Flags` UInt32	—
`ErrorCode` UInt32	—
`RetrievedDomain` UnicodeString	—
`RetrievedForest` UnicodeString	—

Event ID 4323 — DsGetDcName(Flags) for DS info failed with error ErrorCode.

Provider: Microsoft-Windows-NlaSvc
Channel: Diagnostic
Task: DsGetDcName(Ds)
Opcode: Failed

Description

DsGetDcName(Flags) for DS info failed with error ErrorCode.

Message #

DsGetDcName(%2) for DS info failed with error %3

Fields #

Name	Description
`DnsSuffix` UnicodeString	—
`Flags` UInt32	—
`ErrorCode` UInt32	—
`RetrievedDomain` UnicodeString	—
`RetrievedForest` UnicodeString	—

Event ID 4331 — Start DsGetDcName(Flags) for root domain GUID.

Provider: Microsoft-Windows-NlaSvc
Channel: Diagnostic
Task: DsGetDcName(RootDomainGuid)
Opcode: Start

Description

Start DsGetDcName(Flags) for root domain GUID.

Message #

Start DsGetDcName(%2) for root domain GUID

Fields #

Name	Description
`DnsSuffix` UnicodeString	—
`Flags` UInt32	—
`ErrorCode` UInt32	—
`RetrievedDomain` UnicodeString	—
`RetrievedForest` UnicodeString	—

Event ID 4332 — Stop DsGetDcName(Flags) for root domain GUID returned error ErrorCode (domain=RetrievedDomain, forest=RetrievedForest).

Provider: Microsoft-Windows-NlaSvc
Channel: Diagnostic
Task: DsGetDcName(RootDomainGuid)
Opcode: Stop

Description

Stop DsGetDcName(Flags) for root domain GUID returned error ErrorCode (domain=RetrievedDomain, forest=RetrievedForest).

Message #

Stop DsGetDcName(%2) for root domain GUID returned error %3 (domain=%4, forest=%5)

Fields #

Name	Description
`DnsSuffix` UnicodeString	—
`Flags` UInt32	—
`ErrorCode` UInt32	—
`RetrievedDomain` UnicodeString	—
`RetrievedForest` UnicodeString	—

Event ID 4333 — DsGetDcName(Flags) for root domain GUID failed with error ErrorCode.

Provider: Microsoft-Windows-NlaSvc
Channel: Operational
Task: DsGetDcName(RootDomainGuid)
Opcode: Failed

Description

DsGetDcName(Flags) for root domain GUID failed with error ErrorCode.

Message #

DsGetDcName(%2) for root domain GUID failed with error %3

Fields #

Name	Description
`DnsSuffix` UnicodeString	—
`Flags` UInt32	—
`ErrorCode` UInt32	—
`RetrievedDomain` UnicodeString	—
`RetrievedForest` UnicodeString	—

Event ID 4341 — Start LDAP authentication on interface Interface Name (Addresses) (Try Count tries).

Provider: Microsoft-Windows-NlaSvc
Channel: Diagnostic
Task: LdapAuthentication
Opcode: Start

Description

Start LDAP authentication on interface Interface Name (Addresses) (Try Count tries).

Message #

Start LDAP authentication on interface %1 (%2) (%3 tries)

Fields #

Name	Description
`Interface Name` UnicodeString	—
`Addresses` UnicodeString	—
`Try Count` UInt32	—
`ErrorCode` UInt32	—
`InterfaceName` UnicodeString	—
`TryCount` UInt32	—

Event ID 4342 — Stop LDAP authentication on interface Interface Name (Addresses).

Provider: Microsoft-Windows-NlaSvc
Channel: Diagnostic
Task: LdapAuthentication
Opcode: Stop

Description

Stop LDAP authentication on interface Interface Name (Addresses).

Message #

Stop LDAP authentication on interface %1 (%2)

Fields #

Name	Description
`Interface Name` UnicodeString	—
`Addresses` UnicodeString	—
`Try Count` UInt32	—
`ErrorCode` UInt32	—
`InterfaceName` UnicodeString	—
`TryCount` UInt32	—

Event ID 4343 — LDAP authentication on interface Interface Name (Addresses) failed with error ErrorCode.

Provider: Microsoft-Windows-NlaSvc
Channel: Operational
Task: LdapAuthentication
Opcode: Failed

Description

LDAP authentication on interface Interface Name (Addresses) failed with error ErrorCode.

Message #

LDAP authentication on interface %1 (%2) failed with error %4

Fields #

Name	Description
`Interface Name` UnicodeString	—
`Addresses` UnicodeString	—
`Try Count` UInt32	—
`ErrorCode` UInt32	—
`InterfaceName` UnicodeString	—
`TryCount` UInt32	—

Event ID 4351 — Start ldap_connect(Addresses) for DC=DcName (Try Number of Try Count tries).

Provider: Microsoft-Windows-NlaSvc
Channel: Diagnostic
Task: ldap_connect
Opcode: Start

Description

Start ldap_connect(Addresses) for DC=DcName (Try Number of Try Count tries).

Message #

Start ldap_connect(%1) for DC=%2 (%3 of %4 tries)

Fields #

Name	Description
`Addresses` UnicodeString	—
`DcName` UnicodeString	—
`Try Number` UInt32	—
`Try Count` UInt32	—
`ErrorCode` UInt32	—
`TryNumber` UInt32	—
`TryCount` UInt32	—

Event ID 4352 — Stop ldap_connect(Addresses) for DC=DcName (Try Number of Try Count tries).

Provider: Microsoft-Windows-NlaSvc
Channel: Diagnostic
Task: ldap_connect
Opcode: Stop

Description

Stop ldap_connect(Addresses) for DC=DcName (Try Number of Try Count tries).

Message #

Stop ldap_connect(%1) for DC=%2 (%3 of %4 tries)

Fields #

Name	Description
`Addresses` UnicodeString	—
`DcName` UnicodeString	—
`Try Number` UInt32	—
`Try Count` UInt32	—
`ErrorCode` UInt32	—
`TryNumber` UInt32	—
`TryCount` UInt32	—

Event ID 4353 — ldap_connect(Addresses) for DC=DcName (Try Number of Try Count tries) failed with ErrorCode.

Provider: Microsoft-Windows-NlaSvc
Channel: Diagnostic
Task: ldap_connect
Opcode: Failed

Description

ldap_connect(Addresses) for DC=DcName (Try Number of Try Count tries) failed with ErrorCode.

Message #

ldap_connect(%1) for DC=%2 (%3 of %4 tries) failed with %5

Fields #

Name	Description
`Addresses` UnicodeString	—
`DcName` UnicodeString	—
`Try Number` UInt32	—
`Try Count` UInt32	—
`ErrorCode` UInt32	—
`TryNumber` UInt32	—
`TryCount` UInt32	—

Event ID 4354 — Start ldap_bind(Addresses) for DC=DcName (Try Number of Try Count tries).

Provider: Microsoft-Windows-NlaSvc
Channel: Diagnostic
Task: ldap_bind
Opcode: Start

Description

Start ldap_bind(Addresses) for DC=DcName (Try Number of Try Count tries).

Message #

Start ldap_bind(%1) for DC=%2 (%3 of %4 tries)

Fields #

Name	Description
`Addresses` UnicodeString	—
`DcName` UnicodeString	—
`Try Number` UInt32	—
`Try Count` UInt32	—
`ErrorCode` UInt32	—
`TryNumber` UInt32	—
`TryCount` UInt32	—

Event ID 4355 — Stop ldap_bind(Addresses) for DC=DcName (Try Number of Try Count tries).

Provider: Microsoft-Windows-NlaSvc
Channel: Diagnostic
Task: ldap_bind
Opcode: Stop

Description

Stop ldap_bind(Addresses) for DC=DcName (Try Number of Try Count tries).

Message #

Stop ldap_bind(%1) for DC=%2 (%3 of %4 tries)

Fields #

Name	Description
`Addresses` UnicodeString	—
`DcName` UnicodeString	—
`Try Number` UInt32	—
`Try Count` UInt32	—
`ErrorCode` UInt32	—
`TryNumber` UInt32	—
`TryCount` UInt32	—

Event ID 4356 — ldap_bind(Addresses) for DC=DcName (Try Number of Try Count tries) failed with ErrorCode.

Provider: Microsoft-Windows-NlaSvc
Channel: Diagnostic
Task: ldap_bind
Opcode: Failed

Description

ldap_bind(Addresses) for DC=DcName (Try Number of Try Count tries) failed with ErrorCode.

Message #

ldap_bind(%1) for DC=%2 (%3 of %4 tries) failed with %5

Fields #

Name	Description
`Addresses` UnicodeString	—
`DcName` UnicodeString	—
`Try Number` UInt32	—
`Try Count` UInt32	—
`ErrorCode` UInt32	—
`TryNumber` UInt32	—
`TryCount` UInt32	—

Event ID 4401 — Inserting identifying signature for interface InterfaceGuid.

Provider: Microsoft-Windows-NlaSvc
Channel: Diagnostic
Task: Identifying

Description

Inserting identifying signature for interface InterfaceGuid.

Message #

Inserting identifying signature for interface %1 
Source=%4 Signature=%3

Fields #

Name	Description
`InterfaceGuid` GUID	—
`SignatureLength` UInt16	—
`Signature` Binary	—
`SignatureSource` UInt32	—

Event ID 4402 — Inserting identified signature for interface InterfaceGuid.

Provider: Microsoft-Windows-NlaSvc
Channel: Diagnostic
Task: Identified

Description

Inserting identified signature for interface InterfaceGuid.

Message #

Inserting identified signature for interface %1 
Source=%4 Signature=%3

Fields #

Name	Description
`InterfaceGuid` GUID	—
`SignatureLength` UInt16	—
`Signature` Binary	—
`SignatureSource` UInt32	—

Event ID 4403 — Removing identified signature for interface InterfaceGuid.

Provider: Microsoft-Windows-NlaSvc
Channel: Diagnostic
Task: Disconnect

Description

Removing identified signature for interface InterfaceGuid.

Message #

Removing identified signature for interface %1 
Source=%4 Signature=%3

Fields #

Name	Description
`InterfaceGuid` GUID	—
`SignatureLength` UInt16	—
`Signature` Binary	—
`SignatureSource` UInt32	—

Event ID 4404 — Inserting identified signature for interface InterfaceGuid.

Provider: Microsoft-Windows-NlaSvc
Channel: Diagnostic

Description

Inserting identified signature for interface InterfaceGuid.

Message #

Inserting identified signature for interface %1 

Source=%4 Signature=%3

Fields #

Name	Description
`InterfaceGuid` GUID	—
`SignatureLength` UInt16	—
`Signature` Binary	—
`SignatureSource` UInt32	—

Event ID 4405 — Inserting identified signature for interface InterfaceGuid.

Provider: Microsoft-Windows-NlaSvc
Channel: Diagnostic
Task: Identified

Description

Inserting identified signature for interface InterfaceGuid.

Message #

Inserting identified signature for interface %1 
Source=%4 Signature=%3

Fields #

Name	Description
`InterfaceGuid` GUID	—
`SignatureLength` UInt16	—
`Signature` Binary	—
`SignatureSource` UInt32	—

Event ID 4407 — Adding interface 'AdapterName' InterfaceGuid.

Provider: Microsoft-Windows-NlaSvc
Channel: Diagnostic
Task: Interface
Opcode: MediaConnect

Description

Adding interface 'AdapterName' InterfaceGuid.

Message #

Adding interface '%2' %1

Fields #

Name	Description
`InterfaceGuid` GUID	—
`AdapterName` UnicodeString	—

Event ID 4408 — Removing interface 'AdapterName' InterfaceGuid.

Provider: Microsoft-Windows-NlaSvc
Channel: Diagnostic
Task: Interface
Opcode: MediaDisconnect

Description

Removing interface 'AdapterName' InterfaceGuid.

Message #

Removing interface '%2' %1

Fields #

Name	Description
`InterfaceGuid` GUID	—
`AdapterName` UnicodeString	—

Event ID 4409 — Adding interface 'AdapterName' InterfaceGuid.

Provider: Microsoft-Windows-NlaSvc
Channel: Diagnostic

Description

Adding interface 'AdapterName' InterfaceGuid.

Message #

Adding interface '%2' %1

Fields #

Name	Description
`InterfaceGuid` GUID	—
`AdapterName` UnicodeString	—

Event ID 4410 — Inserting identified signature for interface InterfaceGuid.

Provider: Microsoft-Windows-NlaSvc
Channel: Diagnostic
Task: Identified

Description

Inserting identified signature for interface InterfaceGuid.

Message #

Inserting identified signature for interface %1 
Source=%4 Signature=%3

Fields #

Name	Description
`InterfaceGuid` GUID	—
`SignatureLength` UInt16	—
`Signature` Binary	—
`SignatureSource` UInt32	—

Event ID 4411 — Inserting identified signature for interface InterfaceGuid.

Provider: Microsoft-Windows-NlaSvc
Channel: Diagnostic

Description

Inserting identified signature for interface InterfaceGuid.

Message #

Inserting identified signature for interface %1 

Source=%4 Signature=%3

Fields #

Name	Description
`InterfaceGuid` GUID	—
`SignatureLength` UInt16	—
`Signature` Binary	—
`SignatureSource` UInt32	—

Event ID 4451 — Network on Reason is unlikely to be authentication-capable; authentication will continue in the background.

Provider: Microsoft-Windows-NlaSvc
Channel: Diagnostic
Task: LdapAuthentication

Description

Network on Reason is unlikely to be authentication-capable; authentication will continue in the background.

Message #

Network on %1 is unlikely to be authentication-capable; authentication will continue in the background. 
Reason: %2

Fields #

Name	Description
`Reason`	—
`InterfaceGuid` GUID	—
`AuthCapUnlikelyReason` UInt32	—
`SpeculativeTimeout` UInt32	—

Event ID 5001 —

Provider: Microsoft-Windows-NlaSvc
Channel: Diagnostic

Fields #

Name	Description
`InterfaceGuid` GUID	—
`NlaState` UInt32	—

Event ID 5002 — Inserting identified signature for interface InterfaceGuid.

Provider: Microsoft-Windows-NlaSvc
Channel: Diagnostic

Description

Inserting identified signature for interface InterfaceGuid.

Message #

Inserting identified signature for interface %1 

Source=%2 Characteristics=%3

Fields #

Name	Description
`InterfaceGuid` GUID	—
`SignatureSource` UInt32	—
`SignatureCharacteristics` UInt32	—

Event ID 6101 — Perftrack cancel event for interface 'AdapterName' InterfaceGuid.

Provider: Microsoft-Windows-NlaSvc
Channel: Diagnostic

Description

Perftrack cancel event for interface 'AdapterName' InterfaceGuid.

Message #

Perftrack cancel event for interface '%2' %1

Fields #

Name	Description
`InterfaceGuid` GUID	—
`AdapterName` UnicodeString	—

Event ID 6102 — Perftrack cancel event for interface 'AdapterName' InterfaceGuid.

Provider: Microsoft-Windows-NlaSvc
Channel: Diagnostic

Description

Perftrack cancel event for interface 'AdapterName' InterfaceGuid.

Message #

Perftrack cancel event for interface '%2' %1

Fields #

Name	Description
`InterfaceGuid` GUID	—
`AdapterName` UnicodeString	—

Event ID 6103 — Perftrack cancel event for interface 'AdapterName' InterfaceGuid.

Provider: Microsoft-Windows-NlaSvc
Channel: Diagnostic

Description

Perftrack cancel event for interface 'AdapterName' InterfaceGuid.

Message #

Perftrack cancel event for interface '%2' %1

Fields #

Name	Description
`InterfaceGuid` GUID	—
`AdapterName` UnicodeString	—

Event ID 6104 — Perftrack cancel event for interface 'AdapterName' InterfaceGuid.

Provider: Microsoft-Windows-NlaSvc
Channel: Diagnostic

Description

Perftrack cancel event for interface 'AdapterName' InterfaceGuid.

Message #

Perftrack cancel event for interface '%2' %1

Fields #

Name	Description
`InterfaceGuid` GUID	—
`AdapterName` UnicodeString	—