detection.wiki

Microsoft-Windows-SMBWitnessService

72 events across 2 channels

Event IDTitleChannel
1Witness Service initialization failed with ErrorCode.Admin
1Operational
2Witness Service protocol security callback failure (Error = ErrorCode, …Admin
2Operational
3Witness Service received a registration request from Witness Client (ClientName) …Admin
3Operational
4Witness Service successfully registered request from Witness Client (ClientName) …Admin
4Operational
5Witness Service registration request from Witness Client (ClientName) for …Admin
5Operational
6Witness Service is queuing notifications for Clients clients.Admin
6Operational
7Witness Service completed queuing notifications for Clients clients.Admin
7Operational
8Witness Service resource notification to Witness Client (ClientName) failed with …Admin
8Operational
9Witness Service sent NumResources resource events to Witness Client …Admin
9Operational
10Witness Service received a move client request for client (ClientName).Admin
10Operational
11Witness Service successfully sent a move request to client (ClientName).Admin
11Operational
12Witness Service ignored the move client request for client (ClientName).Admin
12Operational
13Witness Service ignored the move client request for client (ClientName).Admin
13Operational
14Witness Service reported a failure (ErrorCode) to move client (ClientName).Admin
14Operational
15Witness Service received witness unregister request from Witness Client …Admin
15Operational
16Witness Service removed registration for Witness Client (ClientName).Admin
16Operational
17Witness Service shutdown failed with error (ErrorCode).Admin
17Operational
18Witness Service successfully sent the list of Witness Servers to Client …Admin
18Operational
19Witness Service is retrying to process the list of Witness Servers to Client …Admin
19Operational
20Witness Service failed to process the list of Witness Servers for Client …Admin
20Operational
21Witness Service failed to move client (ClientName).Admin
21Operational
22Witness Service failed to move client (ClientName).Admin
22Operational
23Witness Service failed to move client (ClientName) to destination node …Admin
23Operational
24Witness Service received a registration request from Witness Client (ClientName) …Admin
24Operational
25Witness Service successfully registered request from Witness Client (ClientName) …Admin
25Operational
26Witness Service registration request from Witness Client (ClientName) for …Admin
26Operational
27Witness Service received witness unregister request from Witness Client …Admin
27Operational
28Witness Service is queuing share move notifications for Clients clients.Admin
28Operational
29Witness Service completed queuing share move notifications for Clients clients.Admin
29Operational
30Witness Service share move notification to Witness Client (ClientName) failed …Admin
30Operational
31Witness Service sent NumResources share move events to Witness Client …Admin
31Operational
32Witness Service is queuing IP notifications for Clients clients.Admin
32Operational
33Witness Service completed queuing IP notifications for Clients clients.Admin
33Operational
34Witness Service IP notification to Witness Client (ClientName) failed with error …Admin
34Operational
35Witness Service sent NumResources IP events to Witness Client (ClientName).Admin
35Operational
36Witness Service is requesting to move an SMB client that is optimized to connect …Admin
36Operational

Event ID 1 — Witness Service initialization failed with ErrorCode.

Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service initialization failed with ErrorCode.

Message #

Witness Service initialization failed with %1

Fields #

NameDescription
ErrorCode UInt32

Event ID 1 —

Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service initialization failed with.

Fields #

NameDescription
ErrorCode UInt32

Event ID 2 — Witness Service protocol security callback failure (Error = ErrorCode, Authentication Level = AuthenticationLevel, Authentication Service = AuthenticationService).

Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service protocol security callback failure (Error = ErrorCode, Authentication Level = AuthenticationLevel, Authentication Service = AuthenticationService).

Message #

Witness Service protocol security callback failure (Error = %3, Authentication Level = %1, Authentication Service = %2)

Fields #

NameDescription
AuthenticationLevel UInt32
AuthenticationService UInt32
ErrorCode UInt32

Event ID 2 —

Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service protocol security callback failure (Error = , Authentication Level = , Authentication Service = ).

Fields #

NameDescription
AuthenticationLevel UInt32
AuthenticationService UInt32
ErrorCode UInt32

Event ID 3 — Witness Service received a registration request from Witness Client (ClientName) for NetName \\NetName.

Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service received a registration request from Witness Client (ClientName) for NetName \\NetName.

Message #

Witness Service received a registration request from Witness Client (%1) for NetName \\%2

Fields #

NameDescription
ClientName UnicodeString
NetName UnicodeString

Event ID 3 —

Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service received a registration request from Witness Client () for NetName \\.

Fields #

NameDescription
ClientName UnicodeString
NetName UnicodeString

Event ID 4 — Witness Service successfully registered request from Witness Client (ClientName) for NetName \\NetName.

Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service successfully registered request from Witness Client (ClientName) for NetName \\NetName.

Message #

Witness Service successfully registered request from Witness Client (%1) for NetName \\%2

Fields #

NameDescription
ClientName UnicodeString
NetName UnicodeString

Event ID 4 —

Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service successfully registered request from Witness Client () for NetName \\.

Fields #

NameDescription
ClientName UnicodeString
NetName UnicodeString

Event ID 5 — Witness Service registration request from Witness Client (ClientName) for NetName \\NetName failed with error (ErrorCode).

Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service registration request from Witness Client (ClientName) for NetName \\NetName failed with error (ErrorCode).

Message #

Witness Service registration request from Witness Client (%1) for NetName \\%2 failed with error (%3)

Fields #

NameDescription
ClientName UnicodeString
NetName UnicodeString
ErrorCode Int32

Event ID 5 —

Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service registration request from Witness Client () for NetName \\ failed with error ().

Fields #

NameDescription
ClientName UnicodeString
NetName UnicodeString
ErrorCode Int32

Event ID 6 — Witness Service is queuing notifications for Clients clients.

Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service is queuing notifications for Clients clients.

Message #

Witness Service is queuing notifications for %1 clients

Fields #

NameDescription
Clients UInt64

Event ID 6 —

Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service is queuing notifications for clients.

Fields #

NameDescription
Clients UInt64

Event ID 7 — Witness Service completed queuing notifications for Clients clients.

Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service completed queuing notifications for Clients clients.

Message #

Witness Service completed queuing notifications for %1 clients

Fields #

NameDescription
Clients UInt64

Event ID 7 —

Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service completed queuing notifications for clients.

Fields #

NameDescription
Clients UInt64

Event ID 8 — Witness Service resource notification to Witness Client (ClientName) failed with error (ErrorCode).

Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service resource notification to Witness Client (ClientName) failed with error (ErrorCode).

Message #

Witness Service resource notification to Witness Client (%1) failed with error (%2)

Fields #

NameDescription
ClientName UnicodeString
ErrorCode UInt32

Event ID 8 —

Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service resource notification to Witness Client () failed with error ().

Fields #

NameDescription
ClientName UnicodeString
ErrorCode UInt32

Event ID 9 — Witness Service sent NumResources resource events to Witness Client (ClientName).

Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service sent NumResources resource events to Witness Client (ClientName).

Message #

Witness Service sent %1 resource events to Witness Client (%2)

Fields #

NameDescription
NumResources Int32
ClientName UnicodeString

Event ID 9 —

Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service sent resource events to Witness Client ().

Fields #

NameDescription
NumResources Int32
ClientName UnicodeString

Event ID 10 — Witness Service received a move client request for client (ClientName).

Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service received a move client request for client (ClientName).

Message #

Witness Service received a move client request for client (%1)

Fields #

NameDescription
ClientName UnicodeString

Event ID 10 —

Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service received a move client request for client ().

Fields #

NameDescription
ClientName UnicodeString

Event ID 11 — Witness Service successfully sent a move request to client (ClientName).

Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service successfully sent a move request to client (ClientName).

Message #

Witness Service successfully sent a move request to client (%1)

Fields #

NameDescription
ClientName UnicodeString

Event ID 11 —

Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service successfully sent a move request to client ().

Fields #

NameDescription
ClientName UnicodeString

Event ID 12 — Witness Service ignored the move client request for client (ClientName).

Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service ignored the move client request for client (ClientName). Client is not registered with current Witness Service.

Message #

Witness Service ignored the move client request for client (%1). Client is not registered with current Witness Service

Fields #

NameDescription
ClientName UnicodeString

Event ID 12 —

Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service ignored the move client request for client (). Client is not registered with current Witness Service.

Fields #

NameDescription
ClientName UnicodeString

Event ID 13 — Witness Service ignored the move client request for client (ClientName).

Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service ignored the move client request for client (ClientName). Destination server (ServerName) is unavailable.

Message #

Witness Service ignored the move client request for client (%1). Destination server (%2) is unavailable

Fields #

NameDescription
ClientName UnicodeString
ServerName UnicodeString

Event ID 13 —

Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service ignored the move client request for client (). Destination server () is unavailable.

Fields #

NameDescription
ClientName UnicodeString
ServerName UnicodeString

Event ID 14 — Witness Service reported a failure (ErrorCode) to move client (ClientName).

Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service reported a failure (ErrorCode) to move client (ClientName).

Message #

Witness Service reported a failure (%1) to move client (%2)

Fields #

NameDescription
ErrorCode UInt32
ClientName UnicodeString

Event ID 14 —

Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service reported a failure () to move client ().

Fields #

NameDescription
ErrorCode UInt32
ClientName UnicodeString

Event ID 15 — Witness Service received witness unregister request from Witness Client (ClientName) for NetName \\NetName.

Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service received witness unregister request from Witness Client (ClientName) for NetName \\NetName.

Message #

Witness Service received witness unregister request from Witness Client (%1) for NetName \\%2

Fields #

NameDescription
ClientName UnicodeString
NetName UnicodeString

Event ID 15 —

Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service received witness unregister request from Witness Client () for NetName \\.

Fields #

NameDescription
ClientName UnicodeString
NetName UnicodeString

Event ID 16 — Witness Service removed registration for Witness Client (ClientName).

Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service removed registration for Witness Client (ClientName).

Message #

Witness Service removed registration for Witness Client (%1)

Fields #

NameDescription
ClientName UnicodeString

Event ID 16 —

Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service removed registration for Witness Client ().

Fields #

NameDescription
ClientName UnicodeString

Event ID 17 — Witness Service shutdown failed with error (ErrorCode).

Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service shutdown failed with error (ErrorCode).

Message #

Witness Service shutdown failed with error (%1)

Fields #

NameDescription
ErrorCode UInt32

Event ID 17 —

Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service shutdown failed with error ().

Fields #

NameDescription
ErrorCode UInt32

Event ID 18 — Witness Service successfully sent the list of Witness Servers to Client (ClientName).

Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service successfully sent the list of Witness Servers to Client (ClientName).

Message #

Witness Service successfully sent the list of Witness Servers to Client (%1)

Fields #

NameDescription
ClientName UnicodeString

Event ID 18 —

Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service successfully sent the list of Witness Servers to Client ().

Fields #

NameDescription
ClientName UnicodeString

Event ID 19 — Witness Service is retrying to process the list of Witness Servers to Client (ClientName).

Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service is retrying to process the list of Witness Servers to Client (ClientName).

Message #

Witness Service is retrying to process the list of Witness Servers to Client (%1)

Fields #

NameDescription
ClientName UnicodeString

Event ID 19 —

Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service is retrying to process the list of Witness Servers to Client ().

Fields #

NameDescription
ClientName UnicodeString

Event ID 20 — Witness Service failed to process the list of Witness Servers for Client (ClientName) with error (ErrorCode).

Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service failed to process the list of Witness Servers for Client (ClientName) with error (ErrorCode).

Message #

Witness Service failed to process the list of Witness Servers for Client (%1) with error (%2)

Fields #

NameDescription
ClientName UnicodeString
ErrorCode UInt32

Event ID 20 —

Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service failed to process the list of Witness Servers for Client () with error ().

Fields #

NameDescription
ClientName UnicodeString
ErrorCode UInt32

Event ID 21 — Witness Service failed to move client (ClientName).

Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service failed to move client (ClientName). Client name is invalid.

Message #

Witness Service failed to move client (%1). Client name is invalid

Fields #

NameDescription
ClientName UnicodeString

Event ID 21 —

Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service failed to move client (). Client name is invalid.

Fields #

NameDescription
ClientName UnicodeString

Event ID 22 — Witness Service failed to move client (ClientName).

Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service failed to move client (ClientName). Destination node (DestinationNode) is invalid.

Message #

Witness Service failed to move client (%1). Destination node (%2) is invalid

Fields #

NameDescription
ClientName UnicodeString
DestinationNode UnicodeString

Event ID 22 —

Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service failed to move client (). Destination node () is invalid.

Fields #

NameDescription
ClientName UnicodeString
DestinationNode UnicodeString

Event ID 23 — Witness Service failed to move client (ClientName) to destination node (DestinationNode).

Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service failed to move client (ClientName) to destination node (DestinationNode). NetName (NetName) is invalid.

Message #

Witness Service failed to move client (%1) to destination node (%2). NetName (%3) is invalid

Fields #

NameDescription
ClientName UnicodeString
DestinationNode UnicodeString
NetName UnicodeString

Event ID 23 —

Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service failed to move client () to destination node (). NetName () is invalid.

Fields #

NameDescription
ClientName UnicodeString
DestinationNode UnicodeString
NetName UnicodeString

Event ID 24 — Witness Service received a registration request from Witness Client (ClientName) for \\NetName\ShareName.

Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service received a registration request from Witness Client (ClientName) for \\NetName\ShareName.

Message #

Witness Service received a registration request from Witness Client (%1) for \\%2\%3

Fields #

NameDescription
ClientName UnicodeString
NetName UnicodeString
ShareName UnicodeString

Event ID 24 —

Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service received a registration request from Witness Client () for \\\.

Fields #

NameDescription
ClientName UnicodeString
NetName UnicodeString
ShareName UnicodeString

Event ID 25 — Witness Service successfully registered request from Witness Client (ClientName) for \\NetName\ShareName.

Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service successfully registered request from Witness Client (ClientName) for \\NetName\ShareName.

Message #

Witness Service successfully registered request from Witness Client (%1) for \\%2\%3

Fields #

NameDescription
ClientName UnicodeString
NetName UnicodeString
ShareName UnicodeString

Event ID 25 —

Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service successfully registered request from Witness Client () for \\\.

Fields #

NameDescription
ClientName UnicodeString
NetName UnicodeString
ShareName UnicodeString

Event ID 26 — Witness Service registration request from Witness Client (ClientName) for \\NetName\ShareName failed with error (ErrorCode).

Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service registration request from Witness Client (ClientName) for \\NetName\ShareName failed with error (ErrorCode).

Message #

Witness Service registration request from Witness Client (%1) for \\%2\%3 failed with error (%4)

Fields #

NameDescription
ClientName UnicodeString
NetName UnicodeString
ShareName UnicodeString
ErrorCode Int32

Event ID 26 —

Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service registration request from Witness Client () for \\\ failed with error ().

Fields #

NameDescription
ClientName UnicodeString
NetName UnicodeString
ShareName UnicodeString
ErrorCode Int32

Event ID 27 — Witness Service received witness unregister request from Witness Client (ClientName) for \\NetName\ShareName.

Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service received witness unregister request from Witness Client (ClientName) for \\NetName\ShareName.

Message #

Witness Service received witness unregister request from Witness Client (%1) for \\%2\%3

Fields #

NameDescription
ClientName UnicodeString
NetName UnicodeString
ShareName UnicodeString

Event ID 27 —

Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service received witness unregister request from Witness Client () for \\\.

Fields #

NameDescription
ClientName UnicodeString
NetName UnicodeString
ShareName UnicodeString

Event ID 28 — Witness Service is queuing share move notifications for Clients clients.

Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service is queuing share move notifications for Clients clients.

Message #

Witness Service is queuing share move notifications for %1 clients

Fields #

NameDescription
Clients UInt64

Event ID 28 —

Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service is queuing share move notifications for clients.

Fields #

NameDescription
Clients UInt64

Event ID 29 — Witness Service completed queuing share move notifications for Clients clients.

Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service completed queuing share move notifications for Clients clients.

Message #

Witness Service completed queuing share move notifications for %1 clients

Fields #

NameDescription
Clients UInt64

Event ID 29 —

Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service completed queuing share move notifications for clients.

Fields #

NameDescription
Clients UInt64

Event ID 30 — Witness Service share move notification to Witness Client (ClientName) failed with error (ErrorCode).

Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service share move notification to Witness Client (ClientName) failed with error (ErrorCode).

Message #

Witness Service share move notification to Witness Client (%1) failed with error (%2)

Fields #

NameDescription
ClientName UnicodeString
ErrorCode UInt32

Event ID 30 —

Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service share move notification to Witness Client () failed with error ().

Fields #

NameDescription
ClientName UnicodeString
ErrorCode UInt32

Event ID 31 — Witness Service sent NumResources share move events to Witness Client (ClientName).

Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service sent NumResources share move events to Witness Client (ClientName).

Message #

Witness Service sent %1 share move events to Witness Client (%2)

Fields #

NameDescription
NumResources Int32
ClientName UnicodeString

Event ID 31 —

Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service sent share move events to Witness Client ().

Fields #

NameDescription
NumResources Int32
ClientName UnicodeString

Event ID 32 — Witness Service is queuing IP notifications for Clients clients.

Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service is queuing IP notifications for Clients clients.

Message #

Witness Service is queuing IP notifications for %1 clients

Fields #

NameDescription
Clients UInt64

Event ID 32 —

Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service is queuing IP notifications for clients.

Fields #

NameDescription
Clients UInt64

Event ID 33 — Witness Service completed queuing IP notifications for Clients clients.

Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service completed queuing IP notifications for Clients clients.

Message #

Witness Service completed queuing IP notifications for %1 clients

Fields #

NameDescription
Clients UInt64

Event ID 33 —

Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service completed queuing IP notifications for clients.

Fields #

NameDescription
Clients UInt64

Event ID 34 — Witness Service IP notification to Witness Client (ClientName) failed with error (ErrorCode).

Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service IP notification to Witness Client (ClientName) failed with error (ErrorCode).

Message #

Witness Service IP notification to Witness Client (%1) failed with error (%2)

Fields #

NameDescription
ClientName UnicodeString
ErrorCode UInt32

Event ID 34 —

Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service IP notification to Witness Client () failed with error ().

Fields #

NameDescription
ClientName UnicodeString
ErrorCode UInt32

Event ID 35 — Witness Service sent NumResources IP events to Witness Client (ClientName).

Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service sent NumResources IP events to Witness Client (ClientName).

Message #

Witness Service sent %1 IP events to Witness Client (%2)

Fields #

NameDescription
NumResources Int32
ClientName UnicodeString

Event ID 35 —

Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service sent IP events to Witness Client ().

Fields #

NameDescription
NumResources Int32
ClientName UnicodeString

Event ID 36 — Witness Service is requesting to move an SMB client that is optimized to connect to a specific SMB server for one or more file shares.

Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Message #

Witness Service is requesting to move an SMB client (%1) that is optimized to connect to a specific SMB server for one or more file shares. After requested move completes, the SMB client will attempt to move to the optimal SMB server for (%2)

Fields #

NameDescription
ClientName UnicodeString
ShareName UnicodeString

Event ID 36 —

Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Fields #

NameDescription
ClientName UnicodeString
ShareName UnicodeString