收集 Microsoft Windows DHCP 数据
此文档:
- 描述部署架构和安装步骤,以及 生成受 Google Security Operations 支持的日志的必需配置 Microsoft Windows DHCP 事件的解析器。如需简要了解 Google Security Operations 数据注入, 请参阅将数据注入到 Google Security Operations 中。
- 包含有关解析器如何将原始日志中的字段映射到 Google Security Operations Unified Data Model 字段的信息。
本文档中的信息适用于具有 WINDOWS_DHCP 注入标签的解析器。注入标签标识哪个解析器将原始日志数据标准化为结构化 UDM 格式。
准备工作
查看推荐的部署架构
此图显示了部署中建议的基础组件 收集 Microsoft Windows DHCP 事件并将其发送到 Google Security Operations,将此信息与您的环境进行比较,以确保已安装这些组件。每个客户部署都与此表示法不同,并且可能更复杂。以下是必须满足的条件:
- 具有 DHCP 服务器角色的 Microsoft Windows 服务器。
- 使用世界协调时间 (UTC) 时区配置的所有系统。
- NXLog 安装在聚簇 Microsoft Windows 服务器上,用于收集和转发操作、管理和过滤通知渠道的日志。
安装在中央 Microsoft Windows 或 Linux 服务器上的 Google 安全运营转发器。
查看支持的设备和版本
Google 安全运维解析器支持由以下 Microsoft Windows Server 版本和协议生成的日志。Microsoft Windows Server 按以下版本发布:Foundation、Essentials、Standard 和 Datacenter。每个版本生成的日志事件架构没有区别。
服务器版本 | 支持的协议 |
---|---|
Microsoft Windows Server 2019 | DHCPv4 |
Microsoft Windows Server 2016 | DHCPv4 |
Microsoft Windows Server 2012 | DHCPv4 |
Google Security Operations 解析器支持 NXLog Enterprise Edition 或 Community Edition 收集的日志。
查看支持的日志类型
Google Security Operations 解析器支持 Microsoft Windows DHCP 生成的以下日志类型 服务器。如需详细了解这些日志类型,请参阅 Microsoft Windows DHCP 服务器文档。它支持使用英语文本生成的日志,不支持使用非英语生成的日志。
类型 | 数据格式 | 说明 |
---|---|---|
审核日志记录 | CSV | 包括启动、关停以及租用活动。 |
操作事件 | Microsoft Windows 事件格式 | 提供 DHCP 配置日志记录。 |
管理事件 | Microsoft Windows 事件格式 | 提供 DHCP 服务器管理事件日志记录。 |
过滤通知事件 | Microsoft Windows 事件格式 | 提供基于 DHCP 服务器链路层的过滤事件日志记录。 |
配置 BindPlane 代理
使用 BindPlane 代理收集 Windows DHCP 日志。安装后,BindPlane 代理服务会在 Windows 服务列表中显示为 observerIQ
服务。
安装并配置 Windows DHCP 服务器。如需详细了解如何安装 Windows DHCP 服务器,请参阅动态主机配置协议 (DHCP) 概览。
在 Windows 服务器上运行的收集器上安装 BindPlane 代理。如需详细了解如何安装 BindPlane 代理, 请参阅 BindPlane 代理安装说明。
为 BindPlane 代理创建一个配置文件,其中包含以下内容。
receivers: dhcplog/dhcp_server_operational: channel: Microsoft-Windows-Dhcp-Server/Operational dhcplog/dhcp_server_notification: channel: Microsoft-Windows-Dhcp-Server/FilterNotifications processors: batch: exporters: chronicle/dhcp: endpoint: https://malachiteingestion-pa.googleapis.com creds: '{ "type": "service_account", "project_id": "malachite-projectname", "private_key_id": `PRIVATE_KEY_ID`, "private_key": `PRIVATE_KEY`, "client_email":"`SERVICE_ACCOUNT_NAME`@malachite-`PROJECT_ID`.iam.gserviceaccount.com", "client_id": `CLIENT_ID`, "auth_uri": "https://accounts.google.com/o/oauth2/auth", "token_uri": "https://oauth2.googleapis.com/token", "auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs", "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/`SERVICSERVICE_ACCOUNT_NAME`%40malachite-`PROJECT_ID`.iam.gserviceaccount.com", "universe_domain": "googleapis.com" }' log_type: 'WINDOWS_DHCP' override_log_type: false raw_log_field: body customer_id: 'dddddddd-dddd-dddd-dddd-dddddddddddd' service: pipelines: logs/dhcp: receivers: - dhcplog/dhcp_server_operational - dhcplog/dhcp_server_notification processors: [batch] exporters: [chronicle/dhcp]
将
PRIVATE_KEY_ID
、PRIVATE_KEY
、SERVICSERVICE_ACCOUNT_NAME
、PROJECT_ID
、CLIENT_ID
和CUSTOMER_ID
替换为服务账号 JSON 文件中的相应值,您可以从 Google Cloud 平台下载该文件。如需详细了解服务账号密钥,请参阅“创建和删除服务账号密钥”文档。如需启动 observerIQ 代理服务,请依次选择 Services > Extended > observerIQ Service > start。
配置 Microsoft Windows DHCP 服务器
- 安装并配置 Microsoft Windows DHCP 服务器。如需了解详情,请参阅 Microsoft Windows 文档。
- 使用世界协调时间 (UTC) 时区配置系统。
- 在每台 Microsoft Windows DHCP 服务器上安装 NXLog。遵循 NXLog 文档,包括有关配置适用于 Microsoft Windows DHCP 的 NXLog 的信息。
为每个 NXLog 实例创建一个配置文件。使用 im_file 和 im_msvistalog 模块。
如需了解如何使用 im_file 输入模块,请参阅使用 DHCP 管理控制台进行配置。
如需了解如何使用 im_msvistalog 模块,请参阅 Microsoft Windows 2008/Vista 及更高版本的事件日志 (im_msvistalog)。
以下是 NXLog 配置示例。按照使用 32 位 NXLog 代理从 64 位 Microsoft Windows 收集日志的指南操作。
将
<hostname>
和<port>
值替换为目标中央 Microsoft Windows 服务器的信息。如需了解详情,请参阅有关 om_tcp 模块的 NXLog 文档。将文件属性的 <Input audit_logs_csv> 部分下的日志文件路径更改为 DHCP 审核日志所在文件的位置。请参阅有关 im_file 输入模块的 NXLog 文档。
define ROOT C:\Program Files\nxlog define WINDHCP_OUTPUT_DESTINATION_ADDRESS HOSTNAME define WINDHCP_OUTPUT_DESTINATION_PORT PORT Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log <Extension _json> Module xm_json </Extension> <Input dhcp_server_eventlog> Module im_msvistalog <QueryXML> <QueryList> <Query Id="0" Path="System"> <Select Path="System">*[System[Provider[@Name='Microsoft-Windows-DHCP-Server']]]</Select> </Query> <Query Id="0"> <Select Path="DhcpAdminEvents">*</Select> <Select Path="Microsoft-Windows-Dhcp-Server/FilterNotifications">*</Select> <Select Path="Microsoft-Windows-Dhcp-Server/Operational">*</Select> </Query> </QueryList> </QueryXML> Exec $EventTime = integer($EventTime) / 1000; Exec $EventReceivedTime = integer($EventReceivedTime) / 1000; Exec to_json(); </Input> <Input audit_logs_csv> Module im_file File "LOG_FILE_PATH" # Use quotation marks. For example: "c:\dhcp\-*.log" SavePos TRUE InputType LineBased Exec $Message = $raw_event; </Input> <Output out_chronicle_forwarder> Module om_tcp Host %WINDHCP_OUTPUT_DESTINATION_ADDRESS% Port %WINDHCP_OUTPUT_DESTINATION_PORT% </Output> <Route dhcp_events_to_chronicle_forwarder> Path dhcp_server_eventlog,audit_logs_csv => out_chronicle_forwarder </Route>
启动 NXLog 服务。
配置中央 Microsoft Windows 或 Linux 服务器
如需了解如何安装和配置转发器,请参阅在 Linux 上安装和配置转发器或在 Microsoft Windows 上安装和配置转发器。
- 使用世界协调时间 (UTC) 时区配置系统。
- 在中央 Microsoft Windows 或 Linux 服务器上安装 Google Security Operations 转发器。
配置 Google Security Operations 转发器,以将日志发送到 Google Security Operations。以下是转发器配置示例。
- syslog: common: enabled: true data_type: WINDOWS_DHCP batch_n_seconds: 10 batch_n_bytes: 1048576 tcp_address: 0.0.0.0:10518 connection_timeout_sec: 60
字段映射参考信息:设备日志字段到 UDM 字段
本部分介绍解析器如何将原始日志字段映射到 Unified Data Model (UDM) 字段。
审核日志
原始日志字段 | UDM 字段 |
---|---|
ID | security_result.rule_name is set to "EventID: %{EventID}" The dhcp.type is set according to the EventID: For EventIDs 10, 11, 20, 21, value is set to ACK. For EventID 12, value is set to RELEASE. For EventIDs 13, 14, 15, 22 the value is set to NAK. For EventIDs 16, 23 value is set to WIN_DELETED. For EventIDs 17, 18 value is set to WIN_EXPIRED. |
Date | metadata.event_timestamp |
Time | metadata.event_timestamp |
Description | metadata.description |
IP Address | principal.ip
If the syslog header contains an IP address, it is mapped to "principal.ip", else if the syslog header contains a hostname, it is mapped to "principal.hostname". |
Host Name | network.dhcp.client_hostname |
MAC Address | If the event_type is NETWORK_DHCP, then network.dhcp.chaddr is set. Otherwise, target.mac is set. |
User Name | principal.user.userid |
TransactionID | network.dhcp.transaction_id |
QResult | Value is mapped to the security_result.action If value is 0:NoQuarantine, set to ALLOW If value is 1:Quarantine, set to QUARANTINE If value is 2:Drop Packet, set to BLOCK If value is 3:Probation, set to ALLOW If value is 6:No Quarantine Information, set to UNKNOWN_ACTION |
Dhcid | network.dhcp.client_identifier |
操作、管理和过滤通知事件的通用字段
原始日志字段 | UDM 字段 |
---|---|
EventTime | metadata.event_timestamp |
Channel | If the Category field not empty, then metadata.product_event_type set to
"%{Category} [%{EventID}]" If the Category field is empty, then metadata.product_event_type set to "%{Channel} [%{EventID}]" |
SourceName | metadata.vendor = "Microsoft" metadata.product_name = "Windows DHCP Server" |
Hostname | principal.hostname |
EventID | security_result.rule_name |
Severity | security_result.severity Original values mapped to UDM field values as follows:
|
UserID | principal.user.windows_sid |
ExecutionProcessID | principal.process.pid |
ProcessID | principal.process.pid |
操作事件
原始日志字段 | UDM 字段 |
---|---|
PhysicalAddress | principal.mac |
ClientName | principal.user.userid |
HWType | dhcp.htype |
OptionName | dhcp.option.code |
Message | metadata.description |
Category | metadata.product_event_type |
ReservationName | target.resource.name The value stored is different depending on the EventID of the original event. |
RelationshipName | target.resource.name The value stored is different depending on the EventID of the original event. |
IP_ScopeName | target.resource.name The value stored is different depending on the EventID of the original event. |
PolicyName | target.resource.name The value stored is different depending on the EventID of the original event. |
IP_Name | target.resource.name The value stored is different depending on the EventID of the original event. |
Server2Name | target.hostname |
Server | Depending on the value, stored in target.ip or target.hostname. |
过滤通知事件
原始日志字段 | UDM 字段 |
---|---|
MACAddress | principal.mac |
Message | metadata.description |
管理事件
原始日志字段 | UDM 字段 |
---|---|
operation | security_result.description |
FQDNName | target.hostname |
Message | metadata.description |
Category | metadata.product_event_type |
Server | target.ip / target.hostname |
RelationName | target.resource.name. The value stored is different depending on the EventID of the original event. |
PartnerServer | target.hostname |
IP_Name | target.resource.name The value stored is different depending on the EventID of the original event. |
IpAddress | target.ip |
字段映射参考信息:事件 ID 到 UDM 事件类型
本部分介绍解析器如何将事件 ID 映射到 UDM event_type。
活动 ID | 事件文本 | UDM 事件类型 | 注释 |
---|---|---|---|
0 | The log was started. | GENERIC_EVENT | |
1 | The log was stopped. | GENERIC_EVENT | |
2 | The log was temporarily paused due to low disk space. | GENERIC_EVENT | |
10 | A new IP address was leased to a client. | NETWORK_DHCP | |
11 | A lease was renewed by a client. | NETWORK_DHCP | |
12 | A lease was released by a client. | NETWORK_DHCP | |
13 | An IP address was found to be in use on the network. | NETWORK_DHCP | |
14 | A lease request could not be satisfied because the scope's address pool was exhausted. | NETWORK_DHCP | |
15 | A lease was denied. | NETWORK_DHCP | |
16 | A lease was deleted. | NETWORK_DHCP | |
17 | A lease was expired and DNS records for an expired leases have not been deleted. | NETWORK_DHCP | |
18 | A lease was expired and DNS records were deleted. | NETWORK_DHCP | |
20 | A BOOTP address was leased to a client. | NETWORK_DHCP | |
21 | A dynamic BOOTP address was leased to a client. | NETWORK_DHCP | |
22 | A BOOTP request could not be satisfied because the scope's address pool for BOOTP was exhausted. | NETWORK_DHCP | |
23 | A BOOTP IP address was deleted after checking to see it was not in use. | NETWORK_DHCP | |
24 | IP address cleanup operation has began. | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
25 | IP address cleanup statistics. | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
30 | DNS update request to the named DNS server. | GENERIC_EVENT | |
31 | DNS update failed. | GENERIC_EVENT | The UDM field is_alert is set to true. |
32 | DNS update successful. | GENERIC_EVENT | |
33 | Packet dropped due to NAP policy. | GENERIC_EVENT | The UDM field is_alert is set to true. |
34 | DNS update request failed.as the DNS update request queue limit exceeded. | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
35 | DNS update request failed. | GENERIC_EVENT | The UDM field is_alert is set to true. |
36 | Packet dropped because the server is in failover standby role or the hash of the client ID does not match. | GENERIC_EVENT | |
50 | Unreachable domain | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
51 | Authorization succeeded | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
53 | Cached Authorization | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
54 | Authorization failed | GENERIC_EVENT | The UDM field is_alert is set to true. |
55 | Authorization (servicing) | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
56 | Authorization failure, stopped servicing | GENERIC_EVENT | The UDM field is_alert is set to true. |
57 | Server found in domain | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
58 | Server could not find domain | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
59 | Network failure | GENERIC_EVENT | The UDM field is_alert is set to true. |
60 | No DC is DS Enabled | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
61 | Server found that belongs to DS domain | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
62 | Another server found | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
63 | Restarting rogue detection | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
64 | No DHCP enabled interfaces | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
70 | Scope: %1 for IPv4 is Configured by %2. | SETTING_CREATION | |
71 | Scope: %1 for IPv4 is Modified by %2 | SETTING_MODIFICATION | |
72 | Scope: %1 for IPv4 is Deleted by %2 | SETTING_DELETION | |
73 | Scope: %1 for IPv4 is Activated by %2 | SETTING_MODIFICATION | |
74 | Scope: %1 for IPv4 is DeActivated by %2 | SETTING_MODIFICATION | |
75 | Scope: %1 for IPv4 is Updated with Lease Duration: %2 seconds by %3. The previous configured Lease Duration was: %4 seconds | SETTING_MODIFICATION | |
76 | Scope: %1 for IPv4 is Updated with Option Settings: %2 by %3 | SETTING_MODIFICATION | |
77 | Scope: %1 for IPv4 is Enabled for DNS Dynamic updates by %2 | SETTING_MODIFICATION | |
78 | Scope: %1 for IPv4 is Disabled for DNS Dynamic updates by %2 | SETTING_MODIFICATION | |
79 | Scope: %1 for IPv4 is Updated with DNS Settings by %2: to dynamically update DNS A and PTR records on request by the DHCP Clients | SETTING_MODIFICATION | |
80 | Scope: %1 for IPv4 is Updated with DNS Settings by %2: to always dynamically update DNS A and PTR records | SETTING_MODIFICATION | |
81 | Scope: %1 for IPv4 is Enabled for DNS Settings by %2: to discard DNS A and PTR records when lease is deleted | SETTING_MODIFICATION | |
82 | Scope: %1 for IPv4 is Disabled for DNS Settings by %2: to discard DNS A and PTR records when lease is deleted | SETTING_MODIFICATION | |
83 | Scope: %1 for IPv4 is Enabled for DNS Settings by %2: to dynamically update DNS A and PTR records for DHCP Clients that do not request updates | SETTING_MODIFICATION | |
84 | Scope: %1 for IPv4 is Disabled for DNS Settings by %2: to dynamically update DNS A and PTR records for DHCP Clients that do not request updates | SETTING_MODIFICATION | |
85 | Policy based assignment has been disabled for scope %1 | SETTING_MODIFICATION | |
86 | Policy based assignment has been enabled for scope %1 | SETTING_MODIFICATION | |
87 | Name Protection setting is Enabled on Scope: %1 for IPv4 by %2 | SETTING_MODIFICATION | |
88 | Name Protection setting is Disabled on Scope: %1 for IPv4 by %2 | SETTING_MODIFICATION | |
89 | Scope: %1 for IPv4 is Updated with support type: %2 by %3 | SETTING_MODIFICATION | |
90 | NAP Enforcement is Enabled on Scope: %1 for IPv4 by %2 | SETTING_MODIFICATION | |
91 | NAP Enforcement is Disabled on Scope: %1 for IPv4 by %2 | SETTING_MODIFICATION | |
92 | NAP Profile is configured on Scope: %1 for IPv4 with the following NAP Profile: %2 by %3 | SETTING_CREATION | |
93 | NAP Profile is Updated on Scope: %1 for IPv4 with the following NAP Profile: %2 by %3. The previous configured NAP Profile was: %4 | SETTING_MODIFICATION | |
94 | The following NAP Profile: %1 is deleted on Scope: %2 by %4 | SETTING_DELETION | |
95 | Scope: %1 for Multicast IPv4 is Configured by %2 | SETTING_CREATION | |
96 | Scope: %1 for Multicast IPv4 is Deleted by %2 | SETTING_DELETION | |
97 | Scope: %1 for IPv4 is Added in Superscope: %2 by %3 | SETTING_CREATION | |
98 | SuperScope: %1 for IPv4 is Configured by %2 | SETTING_CREATION | |
99 | SuperScope: %1 for IPv4 is Deleted by %2 | SETTING_DELETION | |
100 | Scope: %1 within SuperScope: %2 for IPv4 is Activated by %3 | SETTING_MODIFICATION | |
101 | Scope: %1 within SuperScope: %2 for IPv4 is DeActivated by %3 | SETTING_MODIFICATION | |
102 | Scope: %1 for IPv4 is Removed in Superscope: %2 by %3. However, the Scope exists outside the Superscope | SETTING_DELETION | |
103 | Scope: %1 for IPv4 is Deleted in Superscope: %2 as well as Deleted permanently by %3 | SETTING_DELETION | |
104 | Delay Time: %1 milliseconds for the OFFER message sent by Secondary Servers is Updated on Scope: %2 for IPv4 by %4. The previous configured Delay Time was: %3 milliseconds | SETTING_MODIFICATION | |
105 | Server level option %1 for IPv4 has been updated by %2 | SETTING_MODIFICATION | |
106 | Reservation: %1 for IPv4 is Configured under Scope %2 by %3 | SETTING_CREATION | |
107 | Reservation: %1 for IPv4 is Deleted under Scope %2 by %3 | SETTING_DELETION | |
108 | Reservation: %1 for IPv4 under Scope: %2 is Enabled for DNS Dynamic updates by %3 | SETTING_MODIFICATION | |
109 | Reservation: %1 for IPv4 under Scope: %2 is Disabled for DNS Dynamic updates by %3 | SETTING_MODIFICATION | |
110 | Reservation: %1 for IPv4 under Scope: %2 is Updated with DNS Settings by %3: to dynamically update DNS A and PTR records on request by the DHCP Clients | SETTING_MODIFICATION | |
111 | Reservation: %1 for IPv4 under Scope: %2 is Updated with DNS Settings by %3: to always dynamically update DNS A and PTR records | SETTING_MODIFICATION | |
112 | Reservation: %1 for IPv4 under Scope: %2 is Enabled for DNS Settings by %3: to discard DNS A and PTR records when lease is deleted | SETTING_MODIFICATION | |
113 | Reservation: %1 for IPv4 under Scope: %2 is Disabled for DNS Settings by %3: to discard DNS A and PTR records when lease is deleted | SETTING_MODIFICATION | |
114 | Reservation: %1 for IPv4 under Scope: %2 is Enabled for DNS Settings by %3: to dynamically update DNS A and PTR records for DHCP Clients that do not request updates | SETTING_MODIFICATION | |
115 | Reservation: %1 for IPv4 under Scope: %2 is Disabled for DNS Settings by %3: to dynamically update DNS A and PTR records for DHCP Clients that do not request updates | SETTING_MODIFICATION | |
116 | Reservation: %1 for IPv4 under Scope: %2 is Updated with Option Setting: %3 by %4 | SETTING_MODIFICATION | |
117 | Policy based assignment has been disabled at server level | SETTING_MODIFICATION | |
118 | Policy based assignment has been enabled at server level | SETTING_MODIFICATION | |
119 | Added exclusion IP Address range %1 in the Address Pool for IPv4 under Scope: %2 by %3 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
120 | Deleted exclusion IP Address range %1 in the Address Pool for IPv4 under Scope: %2 by %3 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
121 | Link Layer based filtering is Enabled in the Allow List of the IPv4 by %1 | SETTING_MODIFICATION | |
122 | Link Layer based filtering is Disabled in the Allow List of the IPv4 by %1 | SETTING_MODIFICATION | |
123 | Filter for physical address: %1, hardware type: %3 added to the IPv4 Allow List by %2 | SETTING_CREATION | |
124 | Filter for physical address: %1, hardware type: %3 removed from the IPv4 Allow List by %2 | SETTING_DELETION | |
125 | Link Layer based filtering is Enabled in the Deny List of the IPv4 by %1 | SETTING_MODIFICATION | |
126 | Link Layer based filtering is Disabled in the Deny List of the IPv4 by %1 | SETTING_MODIFICATION | |
127 | Filter for physical address: %1, hardware type: %3 added to the IPv4 Deny List by %2 | SETTING_CREATION | |
128 | Filter for physical address: %1, hardware type: %3 removed from the IPv4 Deny List by %2 | SETTING_DELETION | |
129 | Scope: %1 for IPv6 is Configured by %2 | SETTING_CREATION | |
130 | Scope: %1 for IPv6 is Deleted by %2 | SETTING_DELETION | |
131 | Scope: %1 for IPv6 is Activated by %2 | SETTING_MODIFICATION | |
132 | Scope: %1 for IPv6 is DeActivated by %2 | SETTING_MODIFICATION | |
133 | Scope: %1 for IPv6 is Updated with Lease Preferred Lifetime: %2 by %3. The previous configured Lease Preferred Lifetime was: %4 | SETTING_MODIFICATION | |
134 | Scope: %1 for IPv6 is Updated with Lease Valid Lifetime: %2 by %3. The previous configured Lease Valid Lifetime was: %4 | SETTING_MODIFICATION | |
135 | Scope: %1 for IPv6 is Updated with Option Setting: %2 by %3 | SETTING_MODIFICATION | |
136 | Scope: %1 for IPv6 is Enabled for DNS Dynamic updates by %2 | SETTING_MODIFICATION | |
137 | Scope: %1 for IPv6 is Disabled for DNS Dynamic updates by %2 | SETTING_MODIFICATION | |
138 | Scope: %1 for IPv6 is Updated with DNS Settings by %2: to dynamically update DNS AAAA and PTR records on request by the DHCP Clients | SETTING_MODIFICATION | |
139 | Scope: %1 for IPv6 is Updated with DNS Settings by %2: to always dynamically update DNS AAAA and PTR records | SETTING_MODIFICATION | |
140 | Scope: %1 for IPv6 is Enabled for DNS Settings by %2: to discard DNS AAAA and PTR records when lease is deleted | SETTING_MODIFICATION | |
141 | Scope: %1 for IPv6 is Disabled for DNS Settings by %2: to discard DNS AAAA and PTR records when lease is deleted. | SETTING_MODIFICATION | |
142 | Name Protection setting is Enabled on Scope: %1 for IPv6 by %2 | SETTING_MODIFICATION | |
143 | Name Protection setting is Disabled on Scope: %1 for IPv6 by %2 | SETTING_MODIFICATION | |
145 | Reservation: %1 for IPv6 is Configured under Scope %2 by %3 | SETTING_CREATION | |
147 | Reservation: %1 for IPv6 is Deleted under Scope %2 by %3 | SETTING_DELETION | |
148 | Reservation: %1 for IPv6 under Scope: %2 is Enabled for DNS Dynamic updates by %3 | SETTING_MODIFICATION | |
149 | Reservation: %1 for IPv6 under Scope: %2 is Disabled for DNS Dynamic updates by %3 | SETTING_MODIFICATION | |
150 | Reservation: %1 for IPv6 under Scope: %2 is Updated with DNS Settings by %3: to dynamically update DNS AAAA and PTR records on request by the DHCP Clients | SETTING_MODIFICATION | |
151 | Reservation: %1 for IPv6 under Scope: %2 is Updated with DNS Settings by %3: to always dynamically update DNS AAAA and PTR records | SETTING_MODIFICATION | |
152 | Reservation: %1 for IPv6 under Scope: %2 is Enabled for DNS Settings by %3: to discard DNS AAAA and PTR records when lease is deleted | SETTING_MODIFICATION | |
153 | Reservation: %1 for IPv6 under Scope: %2 is Disabled for DNS Settings by %3: to discard DNS AAAA and PTR records when lease is deleted | SETTING_MODIFICATION | |
154 | Reservation: %1 for IPv6 under Scope: %2 is Updated with Option Setting: %3 by %4 | SETTING_MODIFICATION | |
155 | Added exclusion IP Address range %1 in the Address Pool for IPv6 under Scope: %2 by %3 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
156 | Deleted exclusion IP Address range %1 in the Address Pool for IPv6 under Scope: %2 by %3 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
157 | Scope: %1 for IPv6 is Modified by %2 | SETTING_MODIFICATION | |
158 | DHCPv6 Stateless client inventory has been enabled for the scope %1 | SETTING_MODIFICATION | |
159 | DHCPv6 Stateless client inventory has been disabled for the scope %1 | SETTING_MODIFICATION | |
160 | DHCPv6 Stateless client inventory has been enabled for the server | SETTING_MODIFICATION | |
161 | DHCPv6 Stateless client inventory has been disabled for the server | SETTING_MODIFICATION | |
162 | Purge time interval for DHCPv6 stateless client inventory for scope %1 has been set to %2 hours | SETTING_MODIFICATION | |
163 | Purge time interval for DHCPv6 stateless client inventory for server has been set to %1 hours | SETTING_MODIFICATION | |
164 | Scope: %1 for IPv4 is Enabled for DNS Settings by %2: to disable dynamic updates for DNS PTR records | SETTING_MODIFICATION | |
165 | Scope: %1 for IPv4 is Disabled for DNS Settings by %2: to disable dynamic updates for DNS PTR records | SETTING_MODIFICATION | |
166 | Server level option %1 for IPv6 has been updated by %2 | SETTING_MODIFICATION | |
167 | Server level option %1 for IPv4 has been removed by %2 | SETTING_DELETION | |
168 | Option setting: %2 has been removed from IPv4 scope: %1 by %3 | SETTING_DELETION | |
169 | Option setting: %3 has been removed from the reservation: %1 in IPv4 scope: %2 by %4 | SETTING_DELETION | |
170 | Server level option %1 for IPv6 has been removed by %2 | SETTING_DELETION | |
171 | Option setting: %2 has been removed from IPv6 scope: %1 by %3 | SETTING_DELETION | |
172 | Option setting: %3 has been removed from the reservation: %1 in IPv6 scope: %2 by %4 | SETTING_DELETION | |
1000 | The DHCP service received the unknown option %1, with a length of %2. The raw option data is given below | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1001 | The DHCP service failed to register with Service Controller. The following error occurred: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
1002 | The DHCP service failed to initialize its global parameters. The following error occurred: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
1003 | The DHCP service failed to initialize its registry parameters. The following error occurred: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
1004 | The DHCP service failed to initialize the database. The following error occurred: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
1005 | The DHCP service failed to initialize Winsock startup. The following error occurred: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
1006 | The DHCP service failed to start as a RPC server. The following error occurred : %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
1007 | The DHCP service failed to initialize Winsock data. The following error occurred: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
1008 | The DHCP service is shutting down due to the following error: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
1009 | The DHCP service encountered the following error while cleaning up the pending client records: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
1010 | The DHCP service encountered the following error while cleaning up the database: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
1011 | The DHCP service issued a NACK (negative acknowledgement message) to the client, %2, for the address, %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1012 | The DHCP client, %2, declined the address %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1013 | The DHCP Client, %2, released the address %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1016 | The DHCP service encountered the following error when backing up the database: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
1017 | The DHCP service encountered the following error when backing up the registry configuration: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
1018 | The DHCP service failed to restore the database. The following error occurred: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
1019 | The DHCP service failed to restore the DHCP registry configuration. The following error occurred: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
1020 | Scope, %1, is %2 percent full with only %3 IP addresses remaining | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1021 | The DHCP service could not load the JET database library successfully | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1022 | The DHCP service could not use the database. If this service was started for the first time after the upgrade from NT 3.51 or earlier, you need to run the utility, upg351db.exe, on the DHCP database to convert it to the new JET database format. Restart the DHCP service after you have upgraded the database | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1023 | The DHCP service will now terminate because the existing database needs conversion to Windows 2000 format. The conversion via the jetconv process, has initiated. Do not reboot or stop the jetconv process. The conversion may take up to 10 minutes depending on the size of the database. Terminate DHCP now by clicking OK. This is required for the database conversion to succeed. NOTE: The DHCP service will be restarted automatically when the conversion is completed. To check conversion status, look at the Application event log for the jetconv process | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1024 | The DHCP service has initialized and is ready | SERVICE_START | |
1025 | The DHCP service was unable to read the BOOTP file table from the registry. The DHCP service will be unable to respond to BOOTP requests that specify the boot file name | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1026 | The DHCP service was unable to read the global BOOTP file name from the registry | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1027 | The audit log file cannot be appended | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1028 | The DHCP service failed to initialize the audit log. The following error occurred: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
1029 | The DHCP service was unable to ping for a new IP address. The address was leased to the client | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1030 | The audit log file could not be backed up. The following error occurred: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
1031 | The installed server callout .dll file has caused an exception. The exception was: %1. The server has ignored this exception. All further exceptions will be ignored | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1032 | The installed server callout .dll file has caused an exception. The exception was: %1. The server has ignored this exception and the .dll file could not be loaded | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1033 | The DHCP service has successfully loaded one or more callout DLLs | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1034 | The DHCP service has failed to load one or more callout DLLs. The following error occurred: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
1035 | The DHCP service was unable to create or lookup the DHCP Users local group on this computer. The error code is in the data | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
1036 | The DHCP server was unable to create or lookup the DHCP Administrators local group on this computer. The error code is in the data | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
1037 | The DHCP service has started to clean up the database | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1038 | The DHCP service has cleaned up the database for unicast IP addresses -- %1 leases have been recovered and %2 records have been removed from the database | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1039 | The DHCP service has cleaned up the database for multicast IP addresses -- %1 leases have expired (been marked for deletion) and %2 records have been removed from the database | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1040 | The DHCP service successfully restored the database | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1041 | The DHCP service is not servicing any DHCPv4 clients because none of the active network interfaces have statically configured IPv4 addresses, or there are no active interfaces | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1042 | The DHCP/BINL service running on this machine has detected a server on the network. If the server does not belong to any domain, the domain is listed as empty. The IP address of the server is listed in parentheses. %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1043 | The DHCP/BINL service on the local machine has determined that it is authorized to start. It is servicing clients now | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1044 | The DHCP/BINL service on the local machine, belonging to the Windows Administrative domain %2, has determined that it is authorized to start. It is servicing clients now | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1045 | The DHCP/BINL service on the local machine has determined that it is not authorized to start. It has stopped servicing clients. The following are some possible reasons for this: This machine belongs to a workgroup and has encountered another DHCP Server (belonging to a Windows Administrative Domain) servicing the same network. An unexpected network error occurred | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
1046 | The DHCP/BINL service on the local machine, belonging to the Windows Administrative domain %2, has determined that it is not authorized to start. It has stopped servicing clients. The following are some possible reasons for this: This machine is part of a directory service enterprise and is not authorized in the same domain. (See help on the DHCP Service Management Tool for additional information). This machine cannot reach its directory service enterprise and it has encountered another DHCP service on the network belonging to a directory service enterprise on which the local machine is not authorized. Some unexpected network error occurred. | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
1047 | The DHCP/BINL service on the local machine has determined that it is authorized to start. It is servicing clients now. The DHCP/BINL service has determined that the machine was recently upgraded. If the machine is intended to belong to a directory service enterprise, the DHCP service must be authorized in the directory service for it to start servicing clients. (See help on DHCP Service Management Tool for authorizing the server) | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1048 | The DHCP/BINL Service on the local machine, belonging to Windows Domain %2, has determined that it is authorized to start. It is servicing clients now. It has determined that the computer was recently upgraded. It has also determined that either there is no directory service enterprise for the domain or that the computer is not authorized in the directory service. All DHCP services that belong to a directory service enterprise should be authorized in the directory service to service clients. (See help on the DHCP Service Management Tool for authorizing a DHCP service in the directory service) | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1049 | The DHCP/BINL service on the local machine encountered an error while trying to find the domain of the local machine. The error was: %3 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
1050 | The DHCP/BINL service on the local machine encountered a network error. The error was: %3 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
1051 | The DHCP/BINL service has determined that it is not authorized to service clients on this network for the Windows domain: %2. All DHCP services that belong to a directory service enterprise must be authorized in the directory service to service clients. (See help on the DHCP Service Management Tool for authorizing a DHCP server in the directory service) | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1052 | The DHCP/BINL service on this workgroup server has encountered another server with IP Address, %1, belonging to the domain %2 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1053 | The DHCP/BINL service has encountered another server on this network with IP Address, %1, belonging to the domain: %2 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1054 | The DHCP/BINL service on this computer is shutting down. See the previous event log messages for reasons | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1055 | The DHCP service was unable to impersonate the credentials necessary for DNS registrations: %1. The local system credentials is being used | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1056 | The DHCP service has detected that it is running on a DC and has no credentials configured for use with Dynamic DNS registrations initiated by the DHCP service. This is not a recommended security configuration. Credentials for Dynamic DNS registrations may be configured using the command line "netsh dhcp server set dnscredentials" or via the DHCP Administrative tool | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1057 | The DHCP service was unable to convert the temporary database to ESE format: %1. | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1058 | The DHCP service failed to initialize its configuration parameters. The following error occurred: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
1059 | The DHCP service failed to see a directory server for authorization | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
1060 | The DHCP service was unable to access path specified for the audit log | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1061 | The DHCP service was unable to access path specified for the database backups | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1062 | The DHCP service was unable to access path specified for the database | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1063 | There are no IP addresses available for lease in the scope or superscope "%1" | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1064 | There are no IP addresses available for BOOTP clients in the scope or superscope "%1" | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1065 | There were some orphaned entries deleted in the configuration due to the deletion of a class or an option definition. Please recheck the server configuration | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1144 | This computer has at least one dynamically assigned IP address. For reliable DHCP Server operation, you should use only static IP addresses | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1338 | The number of pending DHCPOFFER messages for delayed transmission to the client has exceeded the server's capacity of 1000 pending messages. The DHCP server will drop all subsequent DHCPDISCOVER messages for which the DHCPOFFER message response needs to be delayed as per the server configuration. The DHCP server will continue to process DHCPDISCOVER messages for which the DHCPOFFER message responses do not need to be delayed. The DHCP server will resume processing all DHCPDISCOVER messages once the number of pending DHCPOFFER messages for delayed transmission to the client is below the server's capacity | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1339 | The number pending DHCPOFFER messages for delayed transmission to the client is now below the server's capacity of 1000. The DHCP server will now resume processing all DHCPDISCOVER messages | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1340 | The DNS registration for DHCPv4 Client IP address %1 , FQDN %2 and DHCID %3 has been denied as there is probably an existing client with same FQDN already registered with DNS | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1341 | There are no IP addresses available for lease in IP address range(s) of the policy %1 in scope %2 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1342 | IP address range of scope %1 is out of IP addresses | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1343 | Ip address range(s) for the scope %1 policy %2 is %3 percent full with only %4 IP addresses available | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1344 | The DNS IP Address %1 is not a valid DNS Server Address | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1376 | IP address range of scope %1 is %2 percent full with only %3 IP addresses available | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
1377 | SuperScope, %1, is %2 percent full with only %3 IP addresses remaining. This superscope has the following scopes %4 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
10000 | DHCPv6 confirmation has been declined because the address was not appropriate to the link or DHCPv6 renew request has a Zero lifetime for Client Address %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
10001 | Renew, rebind or confirm received for IPv6 addresses %1 for which there are no active lease available | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
10002 | DHCPv6 service received the unknown option %1, with a length of %2. The raw option data is given below | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
10003 | There are no IPv6 addresses available to lease in the scope serving the network with Prefix %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
10004 | The DHCPv6 client, %2, declined the address %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
10005 | DHCPv6 Scope serving the network with prefix %1, is %2 percent full with only %3 IP addresses remaining | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
10006 | A DHCPV6 client %1 has been deleted from DHCPV6 database. | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
10007 | A DHCPV6 message that was in the queue for more than 30 seconds has been dropped because it is too old to process | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
10008 | An invalid DHCPV6 message has been dropped | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
10009 | A DHCPV6 message that was not meant for this server has been dropped | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
10010 | DHCV6 message has been dropped because it was received on a Uni-cast address and unicast support is disabled on the server | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
10011 | DHCPV6 audit log file cannot be appended, Error Code returned %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
10012 | A DHCPV6 message has been dropped because the server is not authorized to process the message | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
10013 | The DHCPv6 service failed to initialize the audit log. The following error occurred: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
10014 | DHCPv6 audit log file could not be backed up. Error code %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
10015 | AThe DHCPv6 service was unable to access path specified for the audit log | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
10016 | The DHCPv6 service failed to initialize Winsock startup. The following error occurred %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
10017 | The DHCPv6 service has detected that it is running on a DC and has no credentials configured for use with Dynamic DNS registrations initiated by the DHCPv6 service. This is not a recommended security configuration | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
10018 | The DHCPv6 Server failed to receive a notification of interface list changes. Some of the interfaces will not be enabled in the DHCPv6 service | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
10019 | The DHCPv6 service failed to initialize its configuration parameters. The following error occurred: %1. | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
10020 | This computer has at least one dynamically assigned IPv6 address.For reliable DHCPv6 server operation, you should use only static IPv6 addresses | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
10021 | DHCPv6 service failed to initialize the database. The following error occurred: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
10022 | The DHCPv6 service has initialized and is ready to serve | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
10023 | DHCPv6 Server is unable to bind to UDP port number %1 as it is used by another application. This port must be made available to DHCPv6 Server to start servicing the clients | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
10024 | ERROR_LAST_DHCPV6_SERVER_ERROR | GENERIC_EVENT | The UDM field is_alert is set to true. |
10025 | The DNS registration for DHCPv6 Client IPv6 address %1 , FQDN %2 and DHCID %3 has been denied as there is probably an existing client with same FQDN already registered with DNS. | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20090 | DHCP Server is unable to bind to UDP port number %1 as it is used by another application. This port must be made available to DHCP Server to start servicing the clients | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20096 | DHCP Services were denied to machine with hardware address %1, hardware type %4 and FQDN/Hostname %2 because it matched entry %3 in the Deny List | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20097 | DHCP Services were denied to machine with hardware address %1, hardware type %3 and FQDN/Hostname %2 because it did not match any entry in the Allow List | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20098 | No DHCP clients are being served, as the Allow list is empty and the server was configured to provide DHCP services, to clients whose hardware addresses are present in the Allow List | GENERIC_EVENT | |
20099 | DHCP Services were denied to machine with hardware address %1, hardware type %4 and unspecified FQDN/Hostname%2 because it matched entry %3 in the Deny List | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20100 | DHCP Services were denied to machine with hardware address %1, hardware type %3 and unspecified FQDN/Hostname%2 because it did not match any entry in the Allow List | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20162 | Scavenger started purging stateless entries | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20220 | Policy %2 for server is %1 | SETTING_CREATION | |
20221 | Policy %2 for scope %3 is %1 | SETTING_CREATION | |
20222 | The conditions for server policy %3 have been set to %1. The conditions are grouped by logical operator %2 | SETTING_MODIFICATION | |
20223 | The conditions for scope %4 policy %3 have been set to %1. The conditions are grouped by logical operator %2 | SETTING_MODIFICATION | |
20224 | A new server wide IPv4 policy %1 was created. The processing order of the policy is %2 | SETTING_CREATION | |
20225 | A new scope policy %1 was created in scope %3. The processing order of the policy is %2 | SETTING_CREATION | |
20226 | Policy %1 was deleted from server | SETTING_DELETION | |
20227 | Policy %1 was deleted from scope %2 | SETTING_DELETION | |
20228 | The IP address range from %1 was set for the scope %3 policy %2 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20229 | The IP address range from %1 was removed from the scope %3 policy %2 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20230 | The value %2 was set for the option %1 for the server policy %3 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20231 | The value %2 was set for the option %1 for the scope %4 policy %3 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20232 | The value %2 was removed from the option %1 for the server policy %3 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20233 | The value %2 was removed from the option %1 for the scope %4 policy %3 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20234 | Server policy %2 has been renamed to %1 | SETTING_MODIFICATION | |
20235 | Scope %3 policy %2 has been renamed to %1 | SETTING_MODIFICATION | |
20236 | Description of server policy %2 was set to %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20237 | Description of scope %3 policy %2 was set to %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20238 | Processing order of server policy %3 was changed to %1 from %2 | SETTING_MODIFICATION | |
20239 | Processing order of scope %4 policy %3 was changed to %1 from %2 | SETTING_MODIFICATION | |
20240 | A failover relationship has been created between servers %1 and %2 with the following configuration parameters: name: %3, mode: load balance, maximum client lead time: %4 seconds, load balance percentage on this server: %5, auto state switchover interval: %6 seconds | SETTING_CREATION | |
20241 | A failover relationship has been created between servers %1 and %2 with the following configuration parameters: name: %3, mode: hot standby, maximum client lead time: %4 seconds, reserve address percentage on standby server: %5, auto state switchover interval: %6 seconds, standby server: %7 | SETTING_CREATION | |
20242 | Failover relationship %1 between %2 and %3 has been deleted | SETTING_DELETION | |
20243 | Scope %1 has been added to the failover relationship %2 with server %3 | SETTING_MODIFICATION | |
20244 | Scope %1 has been removed from the failover relationship %2 with server %3 | SETTING_MODIFICATION | |
20245 | The failover configuration parameter MCLT for failover relationship %1 with server %2 has been changed from %3 seconds to %4 seconds | SETTING_MODIFICATION | |
20246 | The failover configuration parameter auto switch over interval for failover relationship %1 with server %2 has been changed from %3 seconds to %4 seconds | SETTING_MODIFICATION | |
20247 | The failover configuration parameter reserve address percentage for failover relationship %1 with server %2 has been changed from %3 to %4 | SETTING_MODIFICATION | |
20248 | The failover configuration parameter load balance percentage for failover relationship %1 with server %2 has been changed from %3 to %4 on this server | SETTING_MODIFICATION | |
20249 | The failover configuration parameter mode for failover relationship %1 with server %2 has been changed from hot standby to load balance | SETTING_MODIFICATION | |
20250 | The failover configuration parameter mode for failover relationship %1 with server %2 has been changed from load balance to hot standby | SETTING_MODIFICATION | |
20251 | The failover state of server: %1 for failover relationship: %2 changed from: %3 to %4 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20252 | The failover state of server: %1 for failover relationship: %2 changed from: %3 to %4 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20253 | The server detected that it is out of time synchronization with partner server: %1 for failover relationship: %2. The time is out of sync by: %3 seconds | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20254 | Server has established contact with failover partner server %1 for relationship %2 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20255 | Server has lost contact with failover partner server %1 for relationship %2 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
20256 | Failover protocol message BINDING-UPDATE from server %1 for failover relationship %2 was rejected because message digest failed to compare | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20257 | Failover protocol message BINDING-UPDATE from server %1 for failover relationship %2 was rejected because message digest was not configured | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20258 | Failover protocol message BINDING-UPDATE from server %1 for failover relationship %2 is rejected because message digest was not present | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20259 | The failover state of server: %1 for failover relationship: %2 changed to : %3 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20260 | The failover state of server: %1 for failover relationship: %2 changed to: %3 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20261 | Failover protocol message BINDING-ACK from server %1 for failover relationship %2 was rejected because message digest failed to compare | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20262 | Failover protocol message BINDING-ACK from server %1 for failover relationship %2 was rejected because message digest was not configured | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20263 | Failover protocol message BINDING-ACK from server %1 for failover relationship %2 is rejected because message digest was not present | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20264 | Failover protocol message CONNECT from server %1 for failover relationship %2 was rejected because message digest failed to compare | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20265 | Failover protocol message CONNECT from server %1 for failover relationship %2 was rejected because message digest was not configured | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20266 | Failover protocol message CONNECT from server %1 for failover relationship %2 is rejected because message digest was not present | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20267 | Failover protocol message CONNECTACK from server %1 for failover relationship %2 was rejected because message digest failed to compare | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20268 | Failover protocol message CONNECTACK from server %1 for failover relationship %2 was rejected because message digest was not configured | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20269 | Failover protocol message CONNECTACK from server %1 for failover relationship %2 is rejected because message digest was not present | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20270 | Failover protocol message UPDREQALL from server %1 for failover relationship %2 was rejected because message digest failed to compare | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20271 | Failover protocol message UPDREQALL from server %1 for failover relationship %2 was rejected because message digest was not configured | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20272 | Failover protocol message UPDREQALL from server %1 for failover relationship %2 is rejected because message digest was not present | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20273 | Failover protocol message UPDDONE from server %1 for failover relationship %2 was rejected because message digest failed to compare | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20274 | Failover protocol message UPDDONE from server %1 for failover relationship %2 was rejected because message digest was not configured | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20275 | Failover protocol message UPDDONE from server %1 for failover relationship %2 is rejected because message digest was not present | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20276 | Failover protocol message UPDREQ from server %1 for failover relationship %2 was rejected because message digest failed to compare | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
20277 | Failover protocol message UPDREQ from server %1 for failover relationship %2 was rejected because message digest was not configured | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20278 | Failover protocol message UPDREQ from server %1 for failover relationship %2 is rejected because message digest was not present | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20279 | Failover protocol message STATE from server %1 for failover relationship %2 was rejected because message digest failed to compare | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20280 | Failover protocol message STATE from server %1 for failover relationship %2 was rejected because message digest was not configured | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20281 | Failover protocol message STATE from server %1 for failover relationship %2 is rejected because message digest was not present | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20282 | Failover protocol message CONTACT from server %1 for failover relationship %2 was rejected because message digest failed to compare | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20283 | Failover protocol message CONTACT from server %1 for failover relationship %2 was rejected because message digest was not configured | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20284 | Failover protocol message CONTACT from server %1 for failover relationship %2 is rejected because message digest was not present | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20285 | An invalid cryptographic algorithm %1 was specified for failover message authentication in FailoverCryptoAlgorithm under registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DHCPServer\Parameters\Failover. The operation is halted | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20286 | BINDING UPDATE message for IP address %1 could not be replicated to the partner server %2 of failover relation %3 as the internal BINDING UPDATE queue is full | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20287 | DHCP client request from %1 was dropped since the applicable IP address ranges in scope/superscope %2 are out of available IP addresses. This could be because of IP address ranges of a policy being out of available IP addresses | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20288 | This DHCP server %1 has transitioned to a PARTNER DOWN state for the failover relationship %2 and the MCLT period of %3 seconds has expired. The server has taken over the free IP address pool of the partner server %4 for all scopes which are part of the failover relationship | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
20289 | A BINDING-UPDATE message with transaction id: %1 was sent for IP address: %2 with binding status: %3 to partner server: %4 for failover relationship: %5 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20290 | A BINDING-UPDATE message with transaction id: %1 was received for IP address: %2 with binding status: %3 from partner server: %4 for failover relationship: %5 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20291 | A BINDING-ACK message with transaction id: %1 was sent for IP address: %2 with reject reason: (%3) to partner server: %4 for failover relationship: %5 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20292 | A BINDING-ACK message with transaction id: %1 was received for IP address: %2 with reject reason: (%3 ) from partner server: %4 for failover relationship: %5 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
20311 | The shared secret for failover relationship %2 with server %1 has been changed | SETTING_MODIFICATION | |
20312 | Message authentication for failover relationship %2 with server %1 has been enabled | SETTING_MODIFICATION | |
20313 | Message authentication for failover relationship %2 with server %1 has been disabled | SETTING_MODIFICATION | |
20315 | DNSSuffix of scope %3 policy %2 was set to %1 | SETTING_MODIFICATION | |
20316 | DNSSuffix of server policy %2 was set to %1 | SETTING_MODIFICATION | |
20317 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | ||
20318 | Forward record registration for IPv4 address %1 and FQDN %2 failed with error %3 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
20319 | Forward record registration for IPv4 address %1 and FQDN %2 failed with error %3 (%4). | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
20320 | PTR record registration for IPv4 address %1 and FQDN %2 failed with error %3. This is likely to be because the reverse lookup zone for this record does not exist on the DNS server | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
20321 | PTR record registration for IPv4 address %1 and FQDN %2 failed with error %3 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
20322 | PTR record registration for IPv4 address %1 and FQDN %2 failed with error %3 (%4). | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
20323 | Forward record registration for IPv6 address %1 and FQDN %2 failed with error %3. This is likely to be because the forward lookup zone for this record does not exist on the DNS server | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
20324 | Forward record registration for IPv6 address %1 and FQDN %2 failed with error %3 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
20325 | Forward record registration for IPv6 address %1 and FQDN %2 failed with error %3 (%4) | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
20326 | PTR record registration for IPv6 address %1 and FQDN %2 failed with error %3. This is likely to be because the reverse lookup zone for this record does not exist on the DNS server | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
20327 | PTR record registration for IPv6 address %1 and FQDN %2 failed with error %3 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |
20328 | PTR record registration for IPv6 address %1 and FQDN %2 failed with error %3 (%4) | SYSTEM_AUDIT_LOG_UNCATEGORIZED | The UDM field is_alert is set to true. |