Microsoft-Windows-SmbServer
79 events across 4 channels
Event ID 1 — Smb2 Request Negotiate
Description
Smb2 Request Negotiate.
Message #
Event ID 2 — Smb2 Request Session Setup
Description
Smb2 Request Session Setup.
Message #
Event ID 3 — Smb2 Request Logoff
Description
Smb2 Request Logoff.
Message #
Event ID 4 — Smb2 Request Tree Connect
Description
Smb2 Request Tree Connect.
Message #
Event ID 5 — Smb2 Request Tree Disconnect
Description
Smb2 Request Tree Disconnect.
Message #
Event ID 6 — Smb2 Request Echo
Description
Smb2 Request Echo.
Message #
Event ID 7 — Smb2 Request Cancel
Description
Smb2 Request Cancel.
Message #
Event ID 8 — Smb2 Request Create
Description
Smb2 Request Create.
Message #
Event ID 9 — Smb2 Request Close
Description
Smb2 Request Close.
Message #
Event ID 10 — Smb2 Request Flush
Description
Smb2 Request Flush.
Message #
Event ID 11 — Smb2 Request Read
Description
Smb2 Request Read.
Message #
Event ID 12 — Smb2 Request Write
Description
Smb2 Request Write.
Message #
Event ID 13 — Smb2 Request Break Oplock
Description
Smb2 Request Break Oplock.
Message #
Event ID 14 — Smb2 Request Notify Break Lease
Description
Smb2 Request Notify Break Lease.
Message #
Event ID 15 — Smb2 Request Acknowledge Break Lease
Description
Smb2 Request Acknowledge Break Lease.
Message #
Event ID 16 — Smb2 Request Lock
Description
Smb2 Request Lock.
Message #
Event ID 17 — Smb2 Request Ioctl
Description
Smb2 Request Ioctl.
Message #
Event ID 18 — Smb2 Request Query Directory
Description
Smb2 Request Query Directory.
Message #
Event ID 19 — Smb2 Request Change Notify
Description
Smb2 Request Change Notify.
Message #
Event ID 20 — Smb2 Request Query Info
Description
Smb2 Request Query Info.
Message #
Event ID 21 — Smb2 Request Set Info
Description
Smb2 Request Set Info.
Message #
Event ID 101 — Smb2 Response Negotiate
Description
Smb2 Response Negotiate.
Message #
Event ID 102 — Smb2 Response Session Setup
Description
Smb2 Response Session Setup.
Message #
Event ID 103 — Smb2 Response Logoff
Description
Smb2 Response Logoff.
Message #
Event ID 104 — Smb2 Response Tree Connect
Description
Smb2 Response Tree Connect.
Message #
Event ID 105 — Smb2 Response Tree Disconnect
Description
Smb2 Response Tree Disconnect.
Message #
Event ID 106 — Smb2 Response Echo
Description
Smb2 Response Echo.
Message #
Event ID 108 — Smb2 Response Create
Description
Smb2 Response Create.
Message #
Event ID 109 — Smb2 Response Close
Description
Smb2 Response Close.
Message #
Event ID 110 — Smb2 Response Flush
Description
Smb2 Response Flush.
Message #
Event ID 111 — Smb2 Response Read
Description
Smb2 Response Read.
Message #
Event ID 112 — Smb2 Response Write
Description
Smb2 Response Write.
Message #
Event ID 113 — Smb2 Response Break Oplock
Description
Smb2 Response Break Oplock.
Message #
Event ID 115 — Smb2 Response Acknowledge Break Lease
Description
Smb2 Response Acknowledge Break Lease.
Message #
Event ID 116 — Smb2 Response Lock
Description
Smb2 Response Lock.
Message #
Event ID 117 — Smb2 Response Ioctl
Description
Smb2 Response Ioctl.
Message #
Event ID 118 — Smb2 Response Query Directory
Description
Smb2 Response Query Directory.
Message #
Event ID 119 — Smb2 Response Change Notify
Description
Smb2 Response Change Notify.
Message #
Event ID 120 — Smb2 Response Query Info
Description
Smb2 Response Query Info.
Message #
Event ID 121 — Smb2 Response Set Info
Description
Smb2 Response Set Info.
Message #
Event ID 122 — Smb2 Response Error
Description
Smb2 Response Error.
Message #
Event ID 200 — Smb2 Work Item Component Transition
Description
Smb2 Work Item Component Transition.
Message #
Event ID 201 — Smb2 Work Item allocated
Description
Smb2 Work Item allocated.
Message #
Event ID 202 — Smb2 Work Item released
Description
Smb2 Work Item released.
Message #
Event ID 500 — Smb2 Connection accepted
Description
Smb2 Connection accepted.
Message #
Event ID 501 — Smb2 Connection Disconnected by Peer
Description
Smb2 Connection Disconnected by Peer.
Message #
Event ID 502 — Smb2 Connection Terminated
Description
Smb2 Connection Terminated.
Message #
Event ID 550 — Smb2 Session Allocated
Description
Smb2 Session Allocated.
Message #
Event ID 551 — Smb2 Session Authentication Failure
Description
Smb2 Session Authentication Failure.
Message #
Event ID 552 — Smb2 Session Authentication Success
Description
Smb2 Session Authentication Success.
Message #
Event ID 553 — Smb2 Session Bound to Connection
Description
Smb2 Session Bound to Connection.
Message #
Event ID 554 — Smb2 Session Terminated
Description
Smb2 Session Terminated.
Message #
Event ID 600 — Smb2 TreeConnect Allocated
Description
Smb2 TreeConnect Allocated.
Message #
Event ID 601 — Smb2 TreeConnect Disconnected
Description
Smb2 TreeConnect Disconnected.
Message #
Event ID 602 — Smb2 TreeConnect Terminated
Description
Smb2 TreeConnect Terminated.
Message #
Event ID 603 — Smb2 TreeConnect Failed due to Cluster Endpoint Initializing
Description
Smb2 TreeConnect Failed due to Cluster Endpoint Initializing.
Message #
Event ID 650 — Smb2 Open established
Description
Smb2 Open established.
Message #
Event ID 651 — Smb2 Open Disconnected - Preserved
Description
Smb2 Open Disconnected - Preserved.
Message #
Event ID 652 — Smb2 Open Reconnected
Description
Smb2 Open Reconnected.
Message #
Event ID 653 — Smb2 Open Suspended - Preserved
Description
Smb2 Open Suspended - Preserved.
Message #
Event ID 654 — Smb2 Open Closed
Description
Smb2 Open Closed.
Message #
Event ID 655 — Smb2 Open Timed Out
Description
Smb2 Open Timed Out.
Message #
Event ID 656 — Smb2 Open Terminated
Description
Smb2 Open Terminated.
Message #
Event ID 657 — Smb2 Open Clustered Client Failover Closed
Description
Smb2 Open Clustered Client Failover Closed.
Message #
Event ID 658 — File handle for file {ShareName}\{FileName} was invalidated by user {UserName} from computer {ComputerName}.
Event ID 700 — Smb2 Share Added
Description
Smb2 Share Added.
Message #
Event ID 701 — Smb2 Share Modified
Description
Smb2 Share Modified.
Message #
Event ID 702 — Smb2 Share Deleted
Description
Smb2 Share Deleted.
Message #
Event ID 1000 — S4U2Self authentication failure - The client could not be reauthenticated with S4U2Self to obtain claims.
Description
S4U2Self authentication failure - The client could not be reauthenticated with S4U2Self to obtain claims. This may be expected if the account is not a domain account.
Message #
Event ID 1001 — SRV Disabled - The SMB1 negotiate request fails due to SMB1 is disabled.
Description
SRV Disabled - The SMB1 negotiate request fails due to SMB1 is disabled.
Message #
Event ID 1002 — RKF failure - SRV2 failed to get acknowledgement from Resume Key filter for persistent handle request.
Description
RKF failure - SRV2 failed to get acknowledgement from Resume Key filter for persistent handle request.
Message #
Event ID 1003 — The server received an unencrypted message from client {ClientName}.
Event ID 1004 — The server received a incorrectly signed message from client {ClientName}.
Event ID 1005 — The server failed to validate negotiation from client {ClientName}.
Event ID 1800 — CA failure - Failed to set continuously available property on a new or existing file share as the file share is not a cluster share.
Description
CA failure - Failed to set continuously available property on a new or existing file share as the file share is not a cluster share.
Message #
Event ID 1801 — CA failure - Failed to set continuously available property on a new or existing file share as Resume Key filter is not started.
Description
CA failure - Failed to set continuously available property on a new or existing file share as Resume Key filter is not started.
Message #
Event ID 1802 — The server failed to reserve the next ID region in the cluster registry.
Description
The server failed to reserve the next ID region in the cluster registry.