Microsoft Windows DHCP 데이터 수집
이 문서:
- 배포 아키텍처와 설치 단계 및 Microsoft Windows DHCP 이벤트용 Google Security Operations 파서에서 지원하는 로그를 생성하는 데 필요한 구성을 설명합니다. Google Security Operations 데이터 수집에 대한 개요는 Google Security Operations에 데이터 수집을 참조하세요.
- 파서에서 원래 로그의 필드를 Google Security Operations 통합 데이터 모델 필드에 매핑하는 방식에 대한 정보가 포함됩니다.
이 문서의 정보는 WINDOWS_DHCP 수집 라벨이 있는 파서에 적용됩니다. 수집 라벨은 원시 로그 데이터를 구조화된 UDM 형식으로 정규화하는 파서를 식별합니다.
시작하기 전에
권장 배포 아키텍처 검토
이 다이어그램에서는 Microsoft Windows DHCP 이벤트를 수집하여 Google Security Operations로 전송하는 배포 아키텍처에서 권장되는 기본 구성요소를 나타냅니다. 이 정보를 사용 중인 환경과 비교하여 이러한 구성요소가 설치되어 있는지 확인합니다. 각 고객 배포는 이 표현과 다르며 더 복잡할 수 있습니다. 다음은 필수 항목입니다.
- DHCP 서버 역할이 있는 Microsoft Windows 서버
- UTC 시간대로 구성된 모든 시스템
- NXLog는 클러스터링된 Microsoft Windows 서버에 설치되어 운영, 관리자, 필터 알림 채널에 대한 로그를 수집하고 전달합니다.
Google Security Operations 전달자는 중앙 Microsoft Windows 또는 Linux 서버에 설치됩니다.
지원되는 기기 및 버전 검토
Google Security Operations 파서는 다음 Microsoft Windows Server 버전과 프로토콜에서 생성된 로그를 지원합니다. Microsoft Windows Server는 Foundation, Essentials, Standard, Datacenter 버전으로 출시됩니다. 각 버전에서 생성된 로그의 이벤트 스키마는 다르지 않습니다.
서버 버전 | 프로토콜 지원 |
---|---|
Microsoft Windows Server 2019 | DHCPv4 |
Microsoft Windows Server 2016 | DHCPv4 |
Microsoft Windows Server 2012 | DHCPv4 |
Google Security Operations 파서는 NXLog Enterprise Edition 또는 Community Edition에서 수집한 로그를 지원합니다.
지원되는 로그 유형 검토
Google Security Operations 파서는 Microsoft Windows DHCP 서버에서 생성된 다음 로그 유형을 지원합니다. 이러한 로그 유형에 대한 자세한 내용은 Microsoft Windows DHCP 서버 문서를 참조하세요. 영어 텍스트로 생성된 로그를 지원하며 영어가 아닌 언어로 생성된 로그에서는 지원되지 않습니다.
유형 | 데이터 형식 | 설명 |
---|---|---|
감사 로깅 | CSV | 시작 및 종료, 임대 활동 포함 |
운영 이벤트 | Microsoft Windows 이벤트 형식 | DHCP 구성 로깅을 제공합니다. |
관리자 이벤트 | Microsoft Windows 이벤트 형식 | DHCP 서버 관리 이벤트 로깅을 제공합니다. |
알림 이벤트 필터링 | Microsoft Windows 이벤트 형식 | DHCP 서버 링크 레이어 기반 필터링 이벤트 로깅을 제공합니다. |
BindPlane 에이전트 구성
BindPlane 에이전트를 사용하여 Windows DHCP 로그를 수집합니다.
설치 후 BindPlane Agent 서비스가 Windows 서비스 목록에 observerIQ
서비스로 표시됩니다.
Windows DHCP 서버를 설치하고 구성합니다. Windows DHCP 서버 설치에 대한 자세한 내용은 동적 호스트 구성 프로토콜(DHCP) 개요를 참조하세요.
Windows 서버에서 실행 중인 수집기에 BindPlane 에이전트를 설치합니다. BindPlane 에이전트 설치에 대한 자세한 내용은 BindPlane 에이전트 설치 안내를 참조하세요.
다음 콘텐츠로 BindPlane 에이전트의 구성 파일을 만듭니다.
receivers: dhcplog/dhcp_server_operational: channel: Microsoft-Windows-Dhcp-Server/Operational dhcplog/dhcp_server_notification: channel: Microsoft-Windows-Dhcp-Server/FilterNotifications processors: batch: exporters: chronicle/dhcp: endpoint: https://malachiteingestion-pa.googleapis.com creds: '{ "type": "service_account", "project_id": "malachite-projectname", "private_key_id": `PRIVATE_KEY_ID`, "private_key": `PRIVATE_KEY`, "client_email":"`SERVICE_ACCOUNT_NAME`@malachite-`PROJECT_ID`.iam.gserviceaccount.com", "client_id": `CLIENT_ID`, "auth_uri": "https://accounts.google.com/o/oauth2/auth", "token_uri": "https://oauth2.googleapis.com/token", "auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs", "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/`SERVICSERVICE_ACCOUNT_NAME`%40malachite-`PROJECT_ID`.iam.gserviceaccount.com", "universe_domain": "googleapis.com" }' log_type: 'WINDOWS_DHCP' override_log_type: false raw_log_field: body customer_id: 'dddddddd-dddd-dddd-dddd-dddddddddddd' service: pipelines: logs/dhcp: receivers: - dhcplog/dhcp_server_operational - dhcplog/dhcp_server_notification processors: [batch] exporters: [chronicle/dhcp]
PRIVATE_KEY_ID
,PRIVATE_KEY
,SERVICSERVICE_ACCOUNT_NAME
,PROJECT_ID
,CLIENT_ID
,CUSTOMER_ID
를 Google Cloud Platform에서 다운로드할 수 있는 서비스 계정 JSON 파일의 각 값으로 바꿉니다. 서비스 계정 키에 대한 자세한 내용은 서비스 계정 키 만들기 및 삭제 문서를 참조하세요.observerIQ 에이전트 서비스를 시작하려면 서비스 > 확장 > observerIQ 서비스 > 시작을 선택합니다.
Microsoft Windows DHCP 서버 구성
- Microsoft Windows DHCP 서버를 설치하고 구성합니다. 자세한 내용은 Microsoft Windows 문서를 참조하세요.
- UTC 시간대로 시스템을 구성합니다.
- 각 Microsoft Windows DHCP 서버에 NXLog를 설치합니다. Microsoft Windows DHCP용 NXLog 구성에 대한 정보를 포함한 NXLog 문서를 따릅니다.
각 NXLog 인스턴스에 대한 구성 파일을 만듭니다. im_file 및 im_mscreationlog 모듈을 사용합니다.
im_file 입력 모듈 사용에 대한 자세한 내용은 DHCP 관리 콘솔로 구성을 참조하세요.
im_msvistalog 모듈 사용에 대한 자세한 내용은 Microsoft Windows 2008/Vista 이상(im_msviewslog)의 이벤트 로그를 참조하세요.
다음은 NXLog 구성의 예입니다. 32비트 NXLog 에이전트를 사용하여 64비트 Microsoft Windows에서 로그를 수집하는 방법에 대한 이 안내를 따릅니다.
<hostname>
및<port>
값을 대상 중앙 Microsoft Windows 서버에 대한 정보로 바꿉니다. 자세한 내용은 om_tcp 모듈에 대한 NXLog 문서를 참조하세요.<Input audit_logs_csv> 섹션 파일 속성의 로그 파일 경로를 DHCP 감사 로그가 포함된 파일의 위치로 변경합니다. im_file 입력 모듈에 대한 NXLog 문서를 참조하세요.
define ROOT C:\Program Files\nxlog define WINDHCP_OUTPUT_DESTINATION_ADDRESS HOSTNAME define WINDHCP_OUTPUT_DESTINATION_PORT PORT Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log <Extension _json> Module xm_json </Extension> <Input dhcp_server_eventlog> Module im_msvistalog <QueryXML> <QueryList> <Query Id="0" Path="System"> <Select Path="System">*[System[Provider[@Name='Microsoft-Windows-DHCP-Server']]]</Select> </Query> <Query Id="0"> <Select Path="DhcpAdminEvents">*</Select> <Select Path="Microsoft-Windows-Dhcp-Server/FilterNotifications">*</Select> <Select Path="Microsoft-Windows-Dhcp-Server/Operational">*</Select> </Query> </QueryList> </QueryXML> Exec $EventTime = integer($EventTime) / 1000; Exec $EventReceivedTime = integer($EventReceivedTime) / 1000; Exec to_json(); </Input> <Input audit_logs_csv> Module im_file File "LOG_FILE_PATH" # Use quotation marks. For example: "c:\dhcp\-*.log" SavePos TRUE InputType LineBased Exec $Message = $raw_event; </Input> <Output out_chronicle_forwarder> Module om_tcp Host %WINDHCP_OUTPUT_DESTINATION_ADDRESS% Port %WINDHCP_OUTPUT_DESTINATION_PORT% </Output> <Route dhcp_events_to_chronicle_forwarder> Path dhcp_server_eventlog,audit_logs_csv => out_chronicle_forwarder </Route>
NXLog 서비스를 시작합니다.
중앙 Microsoft Windows 또는 Linux 서버 구성
전달자 설치 및 구성에 대한 자세한 내용은 Linux에서 전달자 설치 및 구성 또는 Microsoft Windows에서 전달자 설치 및 구성을 참조하세요.
- UTC 시간대로 시스템을 구성합니다.
- 중앙 Microsoft Windows 또는 Linux 서버에 Google Security Operations 전달자를 설치합니다.
Google Security Operations 전달자를 구성하여 로그를 Google Security Operations에 전송합니다. 다음은 전달자 구성의 예입니다.
- syslog: common: enabled: true data_type: WINDOWS_DHCP batch_n_seconds: 10 batch_n_bytes: 1048576 tcp_address: 0.0.0.0:10518 connection_timeout_sec: 60
필드 매핑 참조: 기기 로그 필드에서 UDM 필드로
이 섹션에서는 파서가 통합 로그 모델을 통합 데이터 모델(UDM) 필드에 매핑하는 방법을 설명합니다.
감사 로그
원본 로그 필드 | UDM 필드 |
---|---|
ID | security_result.rule_name is set to "EventID: %{EventID}" The dhcp.type is set according to the EventID: For EventIDs 10, 11, 20, 21, value is set to ACK. For EventID 12, value is set to RELEASE. For EventIDs 13, 14, 15, 22 the value is set to NAK. For EventIDs 16, 23 value is set to WIN_DELETED. For EventIDs 17, 18 value is set to WIN_EXPIRED. |
Date | metadata.event_timestamp |
Time | metadata.event_timestamp |
Description | metadata.description |
IP Address | principal.ip
If the syslog header contains an IP address, it is mapped to "principal.ip", else if the syslog header contains a hostname, it is mapped to "principal.hostname". |
Host Name | network.dhcp.client_hostname |
MAC Address | If the event_type is NETWORK_DHCP, then network.dhcp.chaddr is set. Otherwise, target.mac is set. |
User Name | principal.user.userid |
TransactionID | network.dhcp.transaction_id |
QResult | Value is mapped to the security_result.action If value is 0:NoQuarantine, set to ALLOW If value is 1:Quarantine, set to QUARANTINE If value is 2:Drop Packet, set to BLOCK If value is 3:Probation, set to ALLOW If value is 6:No Quarantine Information, set to UNKNOWN_ACTION |
Dhcid | network.dhcp.client_identifier |
운영, 관리, 필터 알림 이벤트 전반의 공통 필드
원본 로그 필드 | UDM 필드 |
---|---|
EventTime | metadata.event_timestamp |
Channel | If the Category field not empty, then metadata.product_event_type set to
"%{Category} [%{EventID}]" If the Category field is empty, then metadata.product_event_type set to "%{Channel} [%{EventID}]" |
SourceName | metadata.vendor = "Microsoft" metadata.product_name = "Windows DHCP Server" |
Hostname | principal.hostname |
EventID | security_result.rule_name |
Severity | security_result.severity Original values mapped to UDM field values as follows:
|
UserID | principal.user.windows_sid |
ExecutionProcessID | principal.process.pid |
ProcessID | principal.process.pid |
운영 이벤트
원본 로그 필드 | UDM 필드 |
---|---|
PhysicalAddress | principal.mac |
ClientName | principal.user.userid |
HWType | dhcp.htype |
OptionName | dhcp.option.code |
Message | metadata.description |
Category | metadata.product_event_type |
ReservationName | target.resource.name The value stored is different depending on the EventID of the original event. |
RelationshipName | target.resource.name The value stored is different depending on the EventID of the original event. |
IP_ScopeName | target.resource.name The value stored is different depending on the EventID of the original event. |
PolicyName | target.resource.name The value stored is different depending on the EventID of the original event. |
IP_Name | target.resource.name The value stored is different depending on the EventID of the original event. |
Server2Name | target.hostname |
Server | Depending on the value, stored in target.ip or target.hostname. |
알림 이벤트 필터링
원본 로그 필드 | UDM 필드 |
---|---|
MACAddress | principal.mac |
Message | metadata.description |
관리자 이벤트
원본 로그 필드 | UDM 필드 |
---|---|
operation | security_result.description |
FQDNName | target.hostname |
Message | metadata.description |
Category | metadata.product_event_type |
Server | target.ip / target.hostname |
RelationName | target.resource.name. The value stored is different depending on the EventID of the original event. |
PartnerServer | target.hostname |
IP_Name | target.resource.name The value stored is different depending on the EventID of the original event. |
IpAddress | target.ip |
필드 매핑 참조: 이벤트 ID에서 UDM 이벤트 유형으로
이 섹션에서는 파서가 이벤트 ID를 UDM event_types에 매핑하는 방법을 설명합니다.
이벤트 ID | 이벤트 텍스트 | UDM 이벤트 유형 | 설명 |
---|---|---|---|
0 | The log was started. | GENERIC_EVENT | |
1 | The log was stopped. | GENERIC_EVENT | |
2 | The log was temporarily paused due to low disk space. | GENERIC_EVENT | |
10 | A new IP address was leased to a client. | NETWORK_DHCP | |
11 | A lease was renewed by a client. | NETWORK_DHCP | |
12 | A lease was released by a client. | NETWORK_DHCP | |
13 | An IP address was found to be in use on the network. | NETWORK_DHCP | |
14 | A lease request could not be satisfied because the scope's address pool was exhausted. | NETWORK_DHCP | |
15 | A lease was denied. | NETWORK_DHCP | |
16 | A lease was deleted. | NETWORK_DHCP | |
17 | A lease was expired and DNS records for an expired leases have not been deleted. | NETWORK_DHCP | |
18 | A lease was expired and DNS records were deleted. | NETWORK_DHCP | |
20 | A BOOTP address was leased to a client. | NETWORK_DHCP | |
21 | A dynamic BOOTP address was leased to a client. | NETWORK_DHCP | |
22 | A BOOTP request could not be satisfied because the scope's address pool for BOOTP was exhausted. | NETWORK_DHCP | |
23 | A BOOTP IP address was deleted after checking to see it was not in use. | NETWORK_DHCP | |
24 | IP address cleanup operation has began. | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
25 | IP address cleanup statistics. | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
30 | DNS update request to the named DNS server. | GENERIC_EVENT | |
31 | DNS update failed. | GENERIC_EVENT | The UDM field is_alert is set to true. |
32 | DNS update successful. | GENERIC_EVENT | |
33 | Packet dropped due to NAP policy. | GENERIC_EVENT | The UDM field is_alert is set to true. |
34 | DNS update request failed.as the DNS update request queue limit exceeded. | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
35 | DNS update request failed. | GENERIC_EVENT | The UDM field is_alert is set to true. |
36 | Packet dropped because the server is in failover standby role or the hash of the client ID does not match. | GENERIC_EVENT | |
50 | Unreachable domain | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
51 | Authorization succeeded | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
53 | Cached Authorization | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
54 | Authorization failed | GENERIC_EVENT | The UDM field is_alert is set to true. |
55 | Authorization (servicing) | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
56 | Authorization failure, stopped servicing | GENERIC_EVENT | The UDM field is_alert is set to true. |
57 | Server found in domain | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
58 | Server could not find domain | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
59 | Network failure | GENERIC_EVENT | The UDM field is_alert is set to true. |
60 | No DC is DS Enabled | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
61 | Server found that belongs to DS domain | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
62 | Another server found | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
63 | Restarting rogue detection | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
64 | No DHCP enabled interfaces | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
70 | Scope: %1 for IPv4 is Configured by %2. | SETTING_CREATION | |
71 | Scope: %1 for IPv4 is Modified by %2 | SETTING_MODIFICATION | |
72 | Scope: %1 for IPv4 is Deleted by %2 | SETTING_DELETION | |
73 | Scope: %1 for IPv4 is Activated by %2 | SETTING_MODIFICATION | |
74 | Scope: %1 for IPv4 is DeActivated by %2 | SETTING_MODIFICATION | |
75 | Scope: %1 for IPv4 is Updated with Lease Duration: %2 seconds by %3. The previous configured Lease Duration was: %4 seconds | SETTING_MODIFICATION | |
76 | Scope: %1 for IPv4 is Updated with Option Settings: %2 by %3 | SETTING_MODIFICATION | |
77 | Scope: %1 for IPv4 is Enabled for DNS Dynamic updates by %2 | SETTING_MODIFICATION | |
78 | Scope: %1 for IPv4 is Disabled for DNS Dynamic updates by %2 | SETTING_MODIFICATION | |
79 | Scope: %1 for IPv4 is Updated with DNS Settings by %2: to dynamically update DNS A and PTR records on request by the DHCP Clients | SETTING_MODIFICATION | |
80 | Scope: %1 for IPv4 is Updated with DNS Settings by %2: to always dynamically update DNS A and PTR records | SETTING_MODIFICATION | |
81 | Scope: %1 for IPv4 is Enabled for DNS Settings by %2: to discard DNS A and PTR records when lease is deleted | SETTING_MODIFICATION | |
82 | Scope: %1 for IPv4 is Disabled for DNS Settings by %2: to discard DNS A and PTR records when lease is deleted | SETTING_MODIFICATION | |
83 | Scope: %1 for IPv4 is Enabled for DNS Settings by %2: to dynamically update DNS A and PTR records for DHCP Clients that do not request updates | SETTING_MODIFICATION | |
84 | Scope: %1 for IPv4 is Disabled for DNS Settings by %2: to dynamically update DNS A and PTR records for DHCP Clients that do not request updates | SETTING_MODIFICATION | |
85 | Policy based assignment has been disabled for scope %1 | SETTING_MODIFICATION | |
86 | Policy based assignment has been enabled for scope %1 | SETTING_MODIFICATION | |
87 | Name Protection setting is Enabled on Scope: %1 for IPv4 by %2 | SETTING_MODIFICATION | |
88 | Name Protection setting is Disabled on Scope: %1 for IPv4 by %2 | SETTING_MODIFICATION | |
89 | Scope: %1 for IPv4 is Updated with support type: %2 by %3 | SETTING_MODIFICATION | |
90 | NAP Enforcement is Enabled on Scope: %1 for IPv4 by %2 | SETTING_MODIFICATION | |
91 | NAP Enforcement is Disabled on Scope: %1 for IPv4 by %2 | SETTING_MODIFICATION | |
92 | NAP Profile is configured on Scope: %1 for IPv4 with the following NAP Profile: %2 by %3 | SETTING_CREATION | |
93 | NAP Profile is Updated on Scope: %1 for IPv4 with the following NAP Profile: %2 by %3. The previous configured NAP Profile was: %4 | SETTING_MODIFICATION | |
94 | The following NAP Profile: %1 is deleted on Scope: %2 by %4 | SETTING_DELETION | |
95 | Scope: %1 for Multicast IPv4 is Configured by %2 | SETTING_CREATION | |
96 | Scope: %1 for Multicast IPv4 is Deleted by %2 | SETTING_DELETION | |
97 | Scope: %1 for IPv4 is Added in Superscope: %2 by %3 | SETTING_CREATION | |
98 | SuperScope: %1 for IPv4 is Configured by %2 | SETTING_CREATION | |
99 | SuperScope: %1 for IPv4 is Deleted by %2 | SETTING_DELETION | |
100 | Scope: %1 within SuperScope: %2 for IPv4 is Activated by %3 | SETTING_MODIFICATION | |
101 | Scope: %1 within SuperScope: %2 for IPv4 is DeActivated by %3 | SETTING_MODIFICATION | |
102 | Scope: %1 for IPv4 is Removed in Superscope: %2 by %3. However, the Scope exists outside the Superscope | SETTING_DELETION | |
103 | Scope: %1 for IPv4 is Deleted in Superscope: %2 as well as Deleted permanently by %3 | SETTING_DELETION | |
104 | Delay Time: %1 milliseconds for the OFFER message sent by Secondary Servers is Updated on Scope: %2 for IPv4 by %4. The previous configured Delay Time was: %3 milliseconds | SETTING_MODIFICATION | |
105 | Server level option %1 for IPv4 has been updated by %2 | SETTING_MODIFICATION | |
106 | Reservation: %1 for IPv4 is Configured under Scope %2 by %3 | SETTING_CREATION | |
107 | Reservation: %1 for IPv4 is Deleted under Scope %2 by %3 | SETTING_DELETION | |
108 | Reservation: %1 for IPv4 under Scope: %2 is Enabled for DNS Dynamic updates by %3 | SETTING_MODIFICATION | |
109 | Reservation: %1 for IPv4 under Scope: %2 is Disabled for DNS Dynamic updates by %3 | SETTING_MODIFICATION | |
110 | Reservation: %1 for IPv4 under Scope: %2 is Updated with DNS Settings by %3: to dynamically update DNS A and PTR records on request by the DHCP Clients | SETTING_MODIFICATION | |
111 | Reservation: %1 for IPv4 under Scope: %2 is Updated with DNS Settings by %3: to always dynamically update DNS A and PTR records | SETTING_MODIFICATION | |
112 | Reservation: %1 for IPv4 under Scope: %2 is Enabled for DNS Settings by %3: to discard DNS A and PTR records when lease is deleted | SETTING_MODIFICATION | |
113 | Reservation: %1 for IPv4 under Scope: %2 is Disabled for DNS Settings by %3: to discard DNS A and PTR records when lease is deleted | SETTING_MODIFICATION | |
114 | Reservation: %1 for IPv4 under Scope: %2 is Enabled for DNS Settings by %3: to dynamically update DNS A and PTR records for DHCP Clients that do not request updates | SETTING_MODIFICATION | |
115 | Reservation: %1 for IPv4 under Scope: %2 is Disabled for DNS Settings by %3: to dynamically update DNS A and PTR records for DHCP Clients that do not request updates | SETTING_MODIFICATION | |
116 | Reservation: %1 for IPv4 under Scope: %2 is Updated with Option Setting: %3 by %4 | SETTING_MODIFICATION | |
117 | Policy based assignment has been disabled at server level | SETTING_MODIFICATION | |
118 | Policy based assignment has been enabled at server level | SETTING_MODIFICATION | |
119 | Added exclusion IP Address range %1 in the Address Pool for IPv4 under Scope: %2 by %3 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
120 | Deleted exclusion IP Address range %1 in the Address Pool for IPv4 under Scope: %2 by %3 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
121 | Link Layer based filtering is Enabled in the Allow List of the IPv4 by %1 | SETTING_MODIFICATION | |
122 | Link Layer based filtering is Disabled in the Allow List of the IPv4 by %1 | SETTING_MODIFICATION | |
123 | Filter for physical address: %1, hardware type: %3 added to the IPv4 Allow List by %2 | SETTING_CREATION | |
124 | Filter for physical address: %1, hardware type: %3 removed from the IPv4 Allow List by %2 | SETTING_DELETION | |
125 | Link Layer based filtering is Enabled in the Deny List of the IPv4 by %1 | SETTING_MODIFICATION | |
126 | Link Layer based filtering is Disabled in the Deny List of the IPv4 by %1 | SETTING_MODIFICATION | |
127 | Filter for physical address: %1, hardware type: %3 added to the IPv4 Deny List by %2 | SETTING_CREATION | |
128 | Filter for physical address: %1, hardware type: %3 removed from the IPv4 Deny List by %2 | SETTING_DELETION | |
129 | Scope: %1 for IPv6 is Configured by %2 | SETTING_CREATION | |
130 | Scope: %1 for IPv6 is Deleted by %2 | SETTING_DELETION | |
131 | Scope: %1 for IPv6 is Activated by %2 | SETTING_MODIFICATION | |
132 | Scope: %1 for IPv6 is DeActivated by %2 | SETTING_MODIFICATION | |
133 | Scope: %1 for IPv6 is Updated with Lease Preferred Lifetime: %2 by %3. The previous configured Lease Preferred Lifetime was: %4 | SETTING_MODIFICATION | |
134 | Scope: %1 for IPv6 is Updated with Lease Valid Lifetime: %2 by %3. The previous configured Lease Valid Lifetime was: %4 | SETTING_MODIFICATION | |
135 | Scope: %1 for IPv6 is Updated with Option Setting: %2 by %3 | SETTING_MODIFICATION | |
136 | Scope: %1 for IPv6 is Enabled for DNS Dynamic updates by %2 | SETTING_MODIFICATION | |
137 | Scope: %1 for IPv6 is Disabled for DNS Dynamic updates by %2 | SETTING_MODIFICATION | |
138 | Scope: %1 for IPv6 is Updated with DNS Settings by %2: to dynamically update DNS AAAA and PTR records on request by the DHCP Clients | SETTING_MODIFICATION | |
139 | Scope: %1 for IPv6 is Updated with DNS Settings by %2: to always dynamically update DNS AAAA and PTR records | SETTING_MODIFICATION | |
140 | Scope: %1 for IPv6 is Enabled for DNS Settings by %2: to discard DNS AAAA and PTR records when lease is deleted | SETTING_MODIFICATION | |
141 | Scope: %1 for IPv6 is Disabled for DNS Settings by %2: to discard DNS AAAA and PTR records when lease is deleted. | SETTING_MODIFICATION | |
142 | Name Protection setting is Enabled on Scope: %1 for IPv6 by %2 | SETTING_MODIFICATION | |
143 | Name Protection setting is Disabled on Scope: %1 for IPv6 by %2 | SETTING_MODIFICATION | |
145 | Reservation: %1 for IPv6 is Configured under Scope %2 by %3 | SETTING_CREATION | |
147 | Reservation: %1 for IPv6 is Deleted under Scope %2 by %3 | SETTING_DELETION | |
148 | Reservation: %1 for IPv6 under Scope: %2 is Enabled for DNS Dynamic updates by %3 | SETTING_MODIFICATION | |
149 | Reservation: %1 for IPv6 under Scope: %2 is Disabled for DNS Dynamic updates by %3 | SETTING_MODIFICATION | |
150 | Reservation: %1 for IPv6 under Scope: %2 is Updated with DNS Settings by %3: to dynamically update DNS AAAA and PTR records on request by the DHCP Clients | SETTING_MODIFICATION | |
151 | Reservation: %1 for IPv6 under Scope: %2 is Updated with DNS Settings by %3: to always dynamically update DNS AAAA and PTR records | SETTING_MODIFICATION | |
152 | Reservation: %1 for IPv6 under Scope: %2 is Enabled for DNS Settings by %3: to discard DNS AAAA and PTR records when lease is deleted | SETTING_MODIFICATION | |
153 | Reservation: %1 for IPv6 under Scope: %2 is Disabled for DNS Settings by %3: to discard DNS AAAA and PTR records when lease is deleted | SETTING_MODIFICATION | |
154 | Reservation: %1 for IPv6 under Scope: %2 is Updated with Option Setting: %3 by %4 | SETTING_MODIFICATION | |
155 | Added exclusion IP Address range %1 in the Address Pool for IPv6 under Scope: %2 by %3 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
156 | Deleted exclusion IP Address range %1 in the Address Pool for IPv6 under Scope: %2 by %3 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
157 | Scope: %1 for IPv6 is Modified by %2 | SETTING_MODIFICATION | |
158 | DHCPv6 Stateless client inventory has been enabled for the scope %1 | SETTING_MODIFICATION | |
159 | DHCPv6 Stateless client inventory has been disabled for the scope %1 | SETTING_MODIFICATION | |
160 | DHCPv6 Stateless client inventory has been enabled for the server | SETTING_MODIFICATION | |
161 | DHCPv6 Stateless client inventory has been disabled for the server | SETTING_MODIFICATION | |
162 | Purge time interval for DHCPv6 stateless client inventory for scope %1 has been set to %2 hours | SETTING_MODIFICATION | |
163 | Purge time interval for DHCPv6 stateless client inventory for server has been set to %1 hours | SETTING_MODIFICATION | |
164 | Scope: %1 for IPv4 is Enabled for DNS Settings by %2: to disable dynamic updates for DNS PTR records | SETTING_MODIFICATION | |
165 | Scope: %1 for IPv4 is Disabled for DNS Settings by %2: to disable dynamic updates for DNS PTR records | SETTING_MODIFICATION | |
166 | Server level option %1 for IPv6 has been updated by %2 | SETTING_MODIFICATION | |
167 | Server level option %1 for IPv4 has been removed by %2 | SETTING_DELETION | |
168 | Option setting: %2 has been removed from IPv4 scope: %1 by %3 | SETTING_DELETION | |
169 | Option setting: %3 has been removed from the reservation: %1 in IPv4 scope: %2 by %4 | SETTING_DELETION | |
170 | Server level option %1 for IPv6 has been removed by %2 | SETTING_DELETION | |
171 | Option setting: %2 has been removed from IPv6 scope: %1 by %3 | SETTING_DELETION | |
172 | Option setting: %3 has been removed from the reservation: %1 in IPv6 scope: %2 by %4 | SETTING_DELETION | |
1000 | The DHCP service received the unknown option %1, with a length of %2. The raw option data is given below | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1001 | The DHCP service failed to register with Service Controller. The following error occurred: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
1002 | The DHCP service failed to initialize its global parameters. The following error occurred: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
1003 | The DHCP service failed to initialize its registry parameters. The following error occurred: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
1004 | The DHCP service failed to initialize the database. The following error occurred: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
1005 | The DHCP service failed to initialize Winsock startup. The following error occurred: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
1006 | The DHCP service failed to start as a RPC server. The following error occurred : %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
1007 | The DHCP service failed to initialize Winsock data. The following error occurred: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
1008 | The DHCP service is shutting down due to the following error: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
1009 | The DHCP service encountered the following error while cleaning up the pending client records: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
1010 | The DHCP service encountered the following error while cleaning up the database: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
1011 | The DHCP service issued a NACK (negative acknowledgement message) to the client, %2, for the address, %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1012 | The DHCP client, %2, declined the address %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1013 | The DHCP Client, %2, released the address %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1016 | The DHCP service encountered the following error when backing up the database: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
1017 | The DHCP service encountered the following error when backing up the registry configuration: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
1018 | The DHCP service failed to restore the database. The following error occurred: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
1019 | The DHCP service failed to restore the DHCP registry configuration. The following error occurred: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
1020 | Scope, %1, is %2 percent full with only %3 IP addresses remaining | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1021 | The DHCP service could not load the JET database library successfully | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1022 | The DHCP service could not use the database. If this service was started for the first time after the upgrade from NT 3.51 or earlier, you need to run the utility, upg351db.exe, on the DHCP database to convert it to the new JET database format. Restart the DHCP service after you have upgraded the database | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1023 | The DHCP service will now terminate because the existing database needs conversion to Windows 2000 format. The conversion via the jetconv process, has initiated. Do not reboot or stop the jetconv process. The conversion may take up to 10 minutes depending on the size of the database. Terminate DHCP now by clicking OK. This is required for the database conversion to succeed. NOTE: The DHCP service will be restarted automatically when the conversion is completed. To check conversion status, look at the Application event log for the jetconv process | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1024 | The DHCP service has initialized and is ready | SERVICE_START | |
1025 | The DHCP service was unable to read the BOOTP file table from the registry. The DHCP service will be unable to respond to BOOTP requests that specify the boot file name | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1026 | The DHCP service was unable to read the global BOOTP file name from the registry | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1027 | The audit log file cannot be appended | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1028 | The DHCP service failed to initialize the audit log. The following error occurred: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
1029 | The DHCP service was unable to ping for a new IP address. The address was leased to the client | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1030 | The audit log file could not be backed up. The following error occurred: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
1031 | The installed server callout .dll file has caused an exception. The exception was: %1. The server has ignored this exception. All further exceptions will be ignored | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1032 | The installed server callout .dll file has caused an exception. The exception was: %1. The server has ignored this exception and the .dll file could not be loaded | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1033 | The DHCP service has successfully loaded one or more callout DLLs | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1034 | The DHCP service has failed to load one or more callout DLLs. The following error occurred: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
1035 | The DHCP service was unable to create or lookup the DHCP Users local group on this computer. The error code is in the data | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
1036 | The DHCP server was unable to create or lookup the DHCP Administrators local group on this computer. The error code is in the data | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
1037 | The DHCP service has started to clean up the database | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1038 | The DHCP service has cleaned up the database for unicast IP addresses -- %1 leases have been recovered and %2 records have been removed from the database | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1039 | The DHCP service has cleaned up the database for multicast IP addresses -- %1 leases have expired (been marked for deletion) and %2 records have been removed from the database | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1040 | The DHCP service successfully restored the database | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1041 | The DHCP service is not servicing any DHCPv4 clients because none of the active network interfaces have statically configured IPv4 addresses, or there are no active interfaces | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1042 | The DHCP/BINL service running on this machine has detected a server on the network. If the server does not belong to any domain, the domain is listed as empty. The IP address of the server is listed in parentheses. %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1043 | The DHCP/BINL service on the local machine has determined that it is authorized to start. It is servicing clients now | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1044 | The DHCP/BINL service on the local machine, belonging to the Windows Administrative domain %2, has determined that it is authorized to start. It is servicing clients now | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1045 | The DHCP/BINL service on the local machine has determined that it is not authorized to start. It has stopped servicing clients. The following are some possible reasons for this: This machine belongs to a workgroup and has encountered another DHCP Server (belonging to a Windows Administrative Domain) servicing the same network. An unexpected network error occurred | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
1046 | The DHCP/BINL service on the local machine, belonging to the Windows Administrative domain %2, has determined that it is not authorized to start. It has stopped servicing clients. The following are some possible reasons for this: This machine is part of a directory service enterprise and is not authorized in the same domain. (See help on the DHCP Service Management Tool for additional information). This machine cannot reach its directory service enterprise and it has encountered another DHCP service on the network belonging to a directory service enterprise on which the local machine is not authorized. Some unexpected network error occurred. | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
1047 | The DHCP/BINL service on the local machine has determined that it is authorized to start. It is servicing clients now. The DHCP/BINL service has determined that the machine was recently upgraded. If the machine is intended to belong to a directory service enterprise, the DHCP service must be authorized in the directory service for it to start servicing clients. (See help on DHCP Service Management Tool for authorizing the server) | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1048 | The DHCP/BINL Service on the local machine, belonging to Windows Domain %2, has determined that it is authorized to start. It is servicing clients now. It has determined that the computer was recently upgraded. It has also determined that either there is no directory service enterprise for the domain or that the computer is not authorized in the directory service. All DHCP services that belong to a directory service enterprise should be authorized in the directory service to service clients. (See help on the DHCP Service Management Tool for authorizing a DHCP service in the directory service) | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1049 | The DHCP/BINL service on the local machine encountered an error while trying to find the domain of the local machine. The error was: %3 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
1050 | The DHCP/BINL service on the local machine encountered a network error. The error was: %3 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
1051 | The DHCP/BINL service has determined that it is not authorized to service clients on this network for the Windows domain: %2. All DHCP services that belong to a directory service enterprise must be authorized in the directory service to service clients. (See help on the DHCP Service Management Tool for authorizing a DHCP server in the directory service) | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1052 | The DHCP/BINL service on this workgroup server has encountered another server with IP Address, %1, belonging to the domain %2 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1053 | The DHCP/BINL service has encountered another server on this network with IP Address, %1, belonging to the domain: %2 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1054 | The DHCP/BINL service on this computer is shutting down. See the previous event log messages for reasons | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1055 | The DHCP service was unable to impersonate the credentials necessary for DNS registrations: %1. The local system credentials is being used | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1056 | The DHCP service has detected that it is running on a DC and has no credentials configured for use with Dynamic DNS registrations initiated by the DHCP service. This is not a recommended security configuration. Credentials for Dynamic DNS registrations may be configured using the command line "netsh dhcp server set dnscredentials" or via the DHCP Administrative tool | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1057 | The DHCP service was unable to convert the temporary database to ESE format: %1. | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1058 | The DHCP service failed to initialize its configuration parameters. The following error occurred: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
1059 | The DHCP service failed to see a directory server for authorization | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
1060 | The DHCP service was unable to access path specified for the audit log | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1061 | The DHCP service was unable to access path specified for the database backups | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1062 | The DHCP service was unable to access path specified for the database | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1063 | There are no IP addresses available for lease in the scope or superscope "%1" | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1064 | There are no IP addresses available for BOOTP clients in the scope or superscope "%1" | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1065 | There were some orphaned entries deleted in the configuration due to the deletion of a class or an option definition. Please recheck the server configuration | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1144 | This computer has at least one dynamically assigned IP address. For reliable DHCP Server operation, you should use only static IP addresses | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1338 | The number of pending DHCPOFFER messages for delayed transmission to the client has exceeded the server's capacity of 1000 pending messages. The DHCP server will drop all subsequent DHCPDISCOVER messages for which the DHCPOFFER message response needs to be delayed as per the server configuration. The DHCP server will continue to process DHCPDISCOVER messages for which the DHCPOFFER message responses do not need to be delayed. The DHCP server will resume processing all DHCPDISCOVER messages once the number of pending DHCPOFFER messages for delayed transmission to the client is below the server's capacity | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1339 | The number pending DHCPOFFER messages for delayed transmission to the client is now below the server's capacity of 1000. The DHCP server will now resume processing all DHCPDISCOVER messages | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1340 | The DNS registration for DHCPv4 Client IP address %1 , FQDN %2 and DHCID %3 has been denied as there is probably an existing client with same FQDN already registered with DNS | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1341 | There are no IP addresses available for lease in IP address range(s) of the policy %1 in scope %2 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1342 | IP address range of scope %1 is out of IP addresses | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1343 | Ip address range(s) for the scope %1 policy %2 is %3 percent full with only %4 IP addresses available | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1344 | The DNS IP Address %1 is not a valid DNS Server Address | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1376 | IP address range of scope %1 is %2 percent full with only %3 IP addresses available | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1377 | SuperScope, %1, is %2 percent full with only %3 IP addresses remaining. This superscope has the following scopes %4 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
10000 | DHCPv6 confirmation has been declined because the address was not appropriate to the link or DHCPv6 renew request has a Zero lifetime for Client Address %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
10001 | Renew, rebind or confirm received for IPv6 addresses %1 for which there are no active lease available | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
10002 | DHCPv6 service received the unknown option %1, with a length of %2. The raw option data is given below | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
10003 | There are no IPv6 addresses available to lease in the scope serving the network with Prefix %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
10004 | The DHCPv6 client, %2, declined the address %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
10005 | DHCPv6 Scope serving the network with prefix %1, is %2 percent full with only %3 IP addresses remaining | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
10006 | A DHCPV6 client %1 has been deleted from DHCPV6 database. | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
10007 | A DHCPV6 message that was in the queue for more than 30 seconds has been dropped because it is too old to process | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
10008 | An invalid DHCPV6 message has been dropped | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
10009 | A DHCPV6 message that was not meant for this server has been dropped | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
10010 | DHCV6 message has been dropped because it was received on a Uni-cast address and unicast support is disabled on the server | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
10011 | DHCPV6 audit log file cannot be appended, Error Code returned %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
10012 | A DHCPV6 message has been dropped because the server is not authorized to process the message | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
10013 | The DHCPv6 service failed to initialize the audit log. The following error occurred: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
10014 | DHCPv6 audit log file could not be backed up. Error code %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
10015 | AThe DHCPv6 service was unable to access path specified for the audit log | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
10016 | The DHCPv6 service failed to initialize Winsock startup. The following error occurred %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
10017 | The DHCPv6 service has detected that it is running on a DC and has no credentials configured for use with Dynamic DNS registrations initiated by the DHCPv6 service. This is not a recommended security configuration | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
10018 | The DHCPv6 Server failed to receive a notification of interface list changes. Some of the interfaces will not be enabled in the DHCPv6 service | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
10019 | The DHCPv6 service failed to initialize its configuration parameters. The following error occurred: %1. | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
10020 | This computer has at least one dynamically assigned IPv6 address.For reliable DHCPv6 server operation, you should use only static IPv6 addresses | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
10021 | DHCPv6 service failed to initialize the database. The following error occurred: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
10022 | The DHCPv6 service has initialized and is ready to serve | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
10023 | DHCPv6 Server is unable to bind to UDP port number %1 as it is used by another application. This port must be made available to DHCPv6 Server to start servicing the clients | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
10024 | ERROR_LAST_DHCPV6_SERVER_ERROR | GENERIC_EVENT | The UDM field is_alert is set to true. |
10025 | The DNS registration for DHCPv6 Client IPv6 address %1 , FQDN %2 and DHCID %3 has been denied as there is probably an existing client with same FQDN already registered with DNS. | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20090 | DHCP Server is unable to bind to UDP port number %1 as it is used by another application. This port must be made available to DHCP Server to start servicing the clients | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20096 | DHCP Services were denied to machine with hardware address %1, hardware type %4 and FQDN/Hostname %2 because it matched entry %3 in the Deny List | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20097 | DHCP Services were denied to machine with hardware address %1, hardware type %3 and FQDN/Hostname %2 because it did not match any entry in the Allow List | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20098 | No DHCP clients are being served, as the Allow list is empty and the server was configured to provide DHCP services, to clients whose hardware addresses are present in the Allow List | GENERIC_EVENT | |
20099 | DHCP Services were denied to machine with hardware address %1, hardware type %4 and unspecified FQDN/Hostname%2 because it matched entry %3 in the Deny List | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20100 | DHCP Services were denied to machine with hardware address %1, hardware type %3 and unspecified FQDN/Hostname%2 because it did not match any entry in the Allow List | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20162 | Scavenger started purging stateless entries | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20220 | Policy %2 for server is %1 | SETTING_CREATION | |
20221 | Policy %2 for scope %3 is %1 | SETTING_CREATION | |
20222 | The conditions for server policy %3 have been set to %1. The conditions are grouped by logical operator %2 | SETTING_MODIFICATION | |
20223 | The conditions for scope %4 policy %3 have been set to %1. The conditions are grouped by logical operator %2 | SETTING_MODIFICATION | |
20224 | A new server wide IPv4 policy %1 was created. The processing order of the policy is %2 | SETTING_CREATION | |
20225 | A new scope policy %1 was created in scope %3. The processing order of the policy is %2 | SETTING_CREATION | |
20226 | Policy %1 was deleted from server | SETTING_DELETION | |
20227 | Policy %1 was deleted from scope %2 | SETTING_DELETION | |
20228 | The IP address range from %1 was set for the scope %3 policy %2 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20229 | The IP address range from %1 was removed from the scope %3 policy %2 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20230 | The value %2 was set for the option %1 for the server policy %3 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20231 | The value %2 was set for the option %1 for the scope %4 policy %3 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20232 | The value %2 was removed from the option %1 for the server policy %3 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20233 | The value %2 was removed from the option %1 for the scope %4 policy %3 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20234 | Server policy %2 has been renamed to %1 | SETTING_MODIFICATION | |
20235 | Scope %3 policy %2 has been renamed to %1 | SETTING_MODIFICATION | |
20236 | Description of server policy %2 was set to %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20237 | Description of scope %3 policy %2 was set to %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20238 | Processing order of server policy %3 was changed to %1 from %2 | SETTING_MODIFICATION | |
20239 | Processing order of scope %4 policy %3 was changed to %1 from %2 | SETTING_MODIFICATION | |
20240 | A failover relationship has been created between servers %1 and %2 with the following configuration parameters: name: %3, mode: load balance, maximum client lead time: %4 seconds, load balance percentage on this server: %5, auto state switchover interval: %6 seconds | SETTING_CREATION | |
20241 | A failover relationship has been created between servers %1 and %2 with the following configuration parameters: name: %3, mode: hot standby, maximum client lead time: %4 seconds, reserve address percentage on standby server: %5, auto state switchover interval: %6 seconds, standby server: %7 | SETTING_CREATION | |
20242 | Failover relationship %1 between %2 and %3 has been deleted | SETTING_DELETION | |
20243 | Scope %1 has been added to the failover relationship %2 with server %3 | SETTING_MODIFICATION | |
20244 | Scope %1 has been removed from the failover relationship %2 with server %3 | SETTING_MODIFICATION | |
20245 | The failover configuration parameter MCLT for failover relationship %1 with server %2 has been changed from %3 seconds to %4 seconds | SETTING_MODIFICATION | |
20246 | The failover configuration parameter auto switch over interval for failover relationship %1 with server %2 has been changed from %3 seconds to %4 seconds | SETTING_MODIFICATION | |
20247 | The failover configuration parameter reserve address percentage for failover relationship %1 with server %2 has been changed from %3 to %4 | SETTING_MODIFICATION | |
20248 | The failover configuration parameter load balance percentage for failover relationship %1 with server %2 has been changed from %3 to %4 on this server | SETTING_MODIFICATION | |
20249 | The failover configuration parameter mode for failover relationship %1 with server %2 has been changed from hot standby to load balance | SETTING_MODIFICATION | |
20250 | The failover configuration parameter mode for failover relationship %1 with server %2 has been changed from load balance to hot standby | SETTING_MODIFICATION | |
20251 | The failover state of server: %1 for failover relationship: %2 changed from: %3 to %4 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20252 | The failover state of server: %1 for failover relationship: %2 changed from: %3 to %4 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20253 | The server detected that it is out of time synchronization with partner server: %1 for failover relationship: %2. The time is out of sync by: %3 seconds | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20254 | Server has established contact with failover partner server %1 for relationship %2 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20255 | Server has lost contact with failover partner server %1 for relationship %2 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
20256 | Failover protocol message BINDING-UPDATE from server %1 for failover relationship %2 was rejected because message digest failed to compare | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20257 | Failover protocol message BINDING-UPDATE from server %1 for failover relationship %2 was rejected because message digest was not configured | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20258 | Failover protocol message BINDING-UPDATE from server %1 for failover relationship %2 is rejected because message digest was not present | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20259 | The failover state of server: %1 for failover relationship: %2 changed to : %3 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20260 | The failover state of server: %1 for failover relationship: %2 changed to: %3 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20261 | Failover protocol message BINDING-ACK from server %1 for failover relationship %2 was rejected because message digest failed to compare | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20262 | Failover protocol message BINDING-ACK from server %1 for failover relationship %2 was rejected because message digest was not configured | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20263 | Failover protocol message BINDING-ACK from server %1 for failover relationship %2 is rejected because message digest was not present | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20264 | Failover protocol message CONNECT from server %1 for failover relationship %2 was rejected because message digest failed to compare | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20265 | Failover protocol message CONNECT from server %1 for failover relationship %2 was rejected because message digest was not configured | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20266 | Failover protocol message CONNECT from server %1 for failover relationship %2 is rejected because message digest was not present | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20267 | Failover protocol message CONNECTACK from server %1 for failover relationship %2 was rejected because message digest failed to compare | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20268 | Failover protocol message CONNECTACK from server %1 for failover relationship %2 was rejected because message digest was not configured | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20269 | Failover protocol message CONNECTACK from server %1 for failover relationship %2 is rejected because message digest was not present | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20270 | Failover protocol message UPDREQALL from server %1 for failover relationship %2 was rejected because message digest failed to compare | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20271 | Failover protocol message UPDREQALL from server %1 for failover relationship %2 was rejected because message digest was not configured | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20272 | Failover protocol message UPDREQALL from server %1 for failover relationship %2 is rejected because message digest was not present | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20273 | Failover protocol message UPDDONE from server %1 for failover relationship %2 was rejected because message digest failed to compare | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20274 | Failover protocol message UPDDONE from server %1 for failover relationship %2 was rejected because message digest was not configured | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20275 | Failover protocol message UPDDONE from server %1 for failover relationship %2 is rejected because message digest was not present | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20276 | Failover protocol message UPDREQ from server %1 for failover relationship %2 was rejected because message digest failed to compare | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
20277 | Failover protocol message UPDREQ from server %1 for failover relationship %2 was rejected because message digest was not configured | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20278 | Failover protocol message UPDREQ from server %1 for failover relationship %2 is rejected because message digest was not present | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20279 | Failover protocol message STATE from server %1 for failover relationship %2 was rejected because message digest failed to compare | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20280 | Failover protocol message STATE from server %1 for failover relationship %2 was rejected because message digest was not configured | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20281 | Failover protocol message STATE from server %1 for failover relationship %2 is rejected because message digest was not present | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20282 | Failover protocol message CONTACT from server %1 for failover relationship %2 was rejected because message digest failed to compare | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20283 | Failover protocol message CONTACT from server %1 for failover relationship %2 was rejected because message digest was not configured | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20284 | Failover protocol message CONTACT from server %1 for failover relationship %2 is rejected because message digest was not present | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20285 | An invalid cryptographic algorithm %1 was specified for failover message authentication in FailoverCryptoAlgorithm under registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DHCPServer\Parameters\Failover. The operation is halted | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20286 | BINDING UPDATE message for IP address %1 could not be replicated to the partner server %2 of failover relation %3 as the internal BINDING UPDATE queue is full | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20287 | DHCP client request from %1 was dropped since the applicable IP address ranges in scope/superscope %2 are out of available IP addresses. This could be because of IP address ranges of a policy being out of available IP addresses | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20288 | This DHCP server %1 has transitioned to a PARTNER DOWN state for the failover relationship %2 and the MCLT period of %3 seconds has expired. The server has taken over the free IP address pool of the partner server %4 for all scopes which are part of the failover relationship | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
20289 | A BINDING-UPDATE message with transaction id: %1 was sent for IP address: %2 with binding status: %3 to partner server: %4 for failover relationship: %5 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20290 | A BINDING-UPDATE message with transaction id: %1 was received for IP address: %2 with binding status: %3 from partner server: %4 for failover relationship: %5 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20291 | A BINDING-ACK message with transaction id: %1 was sent for IP address: %2 with reject reason: (%3) to partner server: %4 for failover relationship: %5 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20292 | A BINDING-ACK message with transaction id: %1 was received for IP address: %2 with reject reason: (%3 ) from partner server: %4 for failover relationship: %5 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20311 | The shared secret for failover relationship %2 with server %1 has been changed | SETTING_MODIFICATION | |
20312 | Message authentication for failover relationship %2 with server %1 has been enabled | SETTING_MODIFICATION | |
20313 | Message authentication for failover relationship %2 with server %1 has been disabled | SETTING_MODIFICATION | |
20315 | DNSSuffix of scope %3 policy %2 was set to %1 | SETTING_MODIFICATION | |
20316 | DNSSuffix of server policy %2 was set to %1 | SETTING_MODIFICATION | |
20317 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | ||
20318 | Forward record registration for IPv4 address %1 and FQDN %2 failed with error %3 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
20319 | Forward record registration for IPv4 address %1 and FQDN %2 failed with error %3 (%4). | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
20320 | PTR record registration for IPv4 address %1 and FQDN %2 failed with error %3. This is likely to be because the reverse lookup zone for this record does not exist on the DNS server | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
20321 | PTR record registration for IPv4 address %1 and FQDN %2 failed with error %3 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
20322 | PTR record registration for IPv4 address %1 and FQDN %2 failed with error %3 (%4). | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
20323 | Forward record registration for IPv6 address %1 and FQDN %2 failed with error %3. This is likely to be because the forward lookup zone for this record does not exist on the DNS server | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
20324 | Forward record registration for IPv6 address %1 and FQDN %2 failed with error %3 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
20325 | Forward record registration for IPv6 address %1 and FQDN %2 failed with error %3 (%4) | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
20326 | PTR record registration for IPv6 address %1 and FQDN %2 failed with error %3. This is likely to be because the reverse lookup zone for this record does not exist on the DNS server | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
20327 | PTR record registration for IPv6 address %1 and FQDN %2 failed with error %3 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
20328 | PTR record registration for IPv6 address %1 and FQDN %2 failed with error %3 (%4) | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |