detection.wiki

Microsoft-Windows-SMBWitnessService

72 events across 2 channels

EventTitleChannelSample
1Witness Service initialization failed with ErrorCode.AdminN
1Event ID 1OperationalN
2Witness Service protocol security callback failure (Error = ErrorCode, …AdminN
2Event ID 2OperationalN
3Witness Service received a registration request from Witness Client (ClientName) …AdminN
3Event ID 3OperationalN
4Witness Service successfully registered request from Witness Client (ClientName) …AdminN
4Event ID 4OperationalN
5Witness Service registration request from Witness Client (ClientName) for …AdminN
5Event ID 5OperationalN
6Witness Service is queuing notifications for Clients clients.AdminN
6Event ID 6OperationalN
7Witness Service completed queuing notifications for Clients clients.AdminN
7Event ID 7OperationalN
8Witness Service resource notification to Witness Client (ClientName) failed with …AdminN
8Event ID 8OperationalN
9Witness Service sent NumResources resource events to Witness Client …AdminN
9Event ID 9OperationalN
10Witness Service received a move client request for client (ClientName).AdminN
10Event ID 10OperationalN
11Witness Service successfully sent a move request to client (ClientName).AdminN
11Event ID 11OperationalN
12Witness Service ignored the move client request for client (ClientName).AdminN
12Event ID 12OperationalN
13Witness Service ignored the move client request for client (ClientName).AdminN
13Event ID 13OperationalN
14Witness Service reported a failure (ErrorCode) to move client (ClientName).AdminN
14Event ID 14OperationalN
15Witness Service received witness unregister request from Witness Client …AdminN
15Event ID 15OperationalN
16Witness Service removed registration for Witness Client (ClientName).AdminN
16Event ID 16OperationalN
17Witness Service shutdown failed with error (ErrorCode).AdminN
17Event ID 17OperationalN
18Witness Service successfully sent the list of Witness Servers to Client …AdminN
18Event ID 18OperationalN
19Witness Service is retrying to process the list of Witness Servers to Client …AdminN
19Event ID 19OperationalN
20Witness Service failed to process the list of Witness Servers for Client …AdminN
20Event ID 20OperationalN
21Witness Service failed to move client (ClientName).AdminN
21Event ID 21OperationalN
22Witness Service failed to move client (ClientName).AdminN
22Event ID 22OperationalN
23Witness Service failed to move client (ClientName) to destination node …AdminN
23Event ID 23OperationalN
24Witness Service received a registration request from Witness Client (ClientName) …AdminN
24Event ID 24OperationalN
25Witness Service successfully registered request from Witness Client (ClientName) …AdminN
25Event ID 25OperationalN
26Witness Service registration request from Witness Client (ClientName) for …AdminN
26Event ID 26OperationalN
27Witness Service received witness unregister request from Witness Client …AdminN
27Event ID 27OperationalN
28Witness Service is queuing share move notifications for Clients clients.AdminN
28Event ID 28OperationalN
29Witness Service completed queuing share move notifications for Clients clients.AdminN
29Event ID 29OperationalN
30Witness Service share move notification to Witness Client (ClientName) failed …AdminN
30Event ID 30OperationalN
31Witness Service sent NumResources share move events to Witness Client …AdminN
31Event ID 31OperationalN
32Witness Service is queuing IP notifications for Clients clients.AdminN
32Event ID 32OperationalN
33Witness Service completed queuing IP notifications for Clients clients.AdminN
33Event ID 33OperationalN
34Witness Service IP notification to Witness Client (ClientName) failed with error …AdminN
34Event ID 34OperationalN
35Witness Service sent NumResources IP events to Witness Client (ClientName).AdminN
35Event ID 35OperationalN
36Witness Service is requesting to move an SMB client that is optimized to connect …AdminN
36Event ID 36OperationalN

Event ID 1: Witness Service initialization failed with ErrorCode.

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service initialization failed with ErrorCode.

Message #

Witness Service initialization failed with %1

Fields #

NameDescription
ErrorCode UInt32

Event ID 1

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service initialization failed with.

Fields #

NameDescription
ErrorCode UInt32

Event ID 2: Witness Service protocol security callback failure (Error = ErrorCode, Authentication Level = AuthenticationLevel, Authentication Service = AuthenticationService).

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service protocol security callback failure (Error = ErrorCode, Authentication Level = AuthenticationLevel, Authentication Service = AuthenticationService).

Message #

Witness Service protocol security callback failure (Error = %3, Authentication Level = %1, Authentication Service = %2)

Fields #

NameDescription
AuthenticationLevel UInt32
AuthenticationService UInt32
ErrorCode UInt32

Event ID 2

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service protocol security callback failure (Error = , Authentication Level = , Authentication Service = ).

Fields #

NameDescription
AuthenticationLevel UInt32
AuthenticationService UInt32
ErrorCode UInt32

Event ID 3: Witness Service received a registration request from Witness Client (ClientName) for NetName \\NetName.

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service received a registration request from Witness Client (ClientName) for NetName \\NetName.

Message #

Witness Service received a registration request from Witness Client (%1) for NetName \\%2

Fields #

NameDescription
ClientName UnicodeString
NetName UnicodeString

Event ID 3

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service received a registration request from Witness Client () for NetName \\.

Fields #

NameDescription
ClientName UnicodeString
NetName UnicodeString

Event ID 4: Witness Service successfully registered request from Witness Client (ClientName) for NetName \\NetName.

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service successfully registered request from Witness Client (ClientName) for NetName \\NetName.

Message #

Witness Service successfully registered request from Witness Client (%1) for NetName \\%2

Fields #

NameDescription
ClientName UnicodeString
NetName UnicodeString

Event ID 4

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service successfully registered request from Witness Client () for NetName \\.

Fields #

NameDescription
ClientName UnicodeString
NetName UnicodeString

Event ID 5: Witness Service registration request from Witness Client (ClientName) for NetName \\NetName failed with error (ErrorCode).

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service registration request from Witness Client (ClientName) for NetName \\NetName failed with error (ErrorCode).

Message #

Witness Service registration request from Witness Client (%1) for NetName \\%2 failed with error (%3)

Fields #

NameDescription
ClientName UnicodeString
NetName UnicodeString
ErrorCode Int32

Event ID 5

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service registration request from Witness Client () for NetName \\ failed with error ().

Fields #

NameDescription
ClientName UnicodeString
NetName UnicodeString
ErrorCode Int32

Event ID 6: Witness Service is queuing notifications for Clients clients.

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service is queuing notifications for Clients clients.

Message #

Witness Service is queuing notifications for %1 clients

Fields #

NameDescription
Clients UInt64

Event ID 6

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service is queuing notifications for clients.

Fields #

NameDescription
Clients UInt64

Event ID 7: Witness Service completed queuing notifications for Clients clients.

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service completed queuing notifications for Clients clients.

Message #

Witness Service completed queuing notifications for %1 clients

Fields #

NameDescription
Clients UInt64

Event ID 7

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service completed queuing notifications for clients.

Fields #

NameDescription
Clients UInt64

Event ID 8: Witness Service resource notification to Witness Client (ClientName) failed with error (ErrorCode).

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service resource notification to Witness Client (ClientName) failed with error (ErrorCode).

Message #

Witness Service resource notification to Witness Client (%1) failed with error (%2)

Fields #

NameDescription
ClientName UnicodeString
ErrorCode UInt32

Event ID 8

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service resource notification to Witness Client () failed with error ().

Fields #

NameDescription
ClientName UnicodeString
ErrorCode UInt32

Event ID 9: Witness Service sent NumResources resource events to Witness Client (ClientName).

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service sent NumResources resource events to Witness Client (ClientName).

Message #

Witness Service sent %1 resource events to Witness Client (%2)

Fields #

NameDescription
NumResources Int32
ClientName UnicodeString

Event ID 9

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service sent resource events to Witness Client ().

Fields #

NameDescription
NumResources Int32
ClientName UnicodeString

Event ID 10: Witness Service received a move client request for client (ClientName).

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service received a move client request for client (ClientName).

Message #

Witness Service received a move client request for client (%1)

Fields #

NameDescription
ClientName UnicodeString

Event ID 10

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service received a move client request for client ().

Fields #

NameDescription
ClientName UnicodeString

Event ID 11: Witness Service successfully sent a move request to client (ClientName).

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service successfully sent a move request to client (ClientName).

Message #

Witness Service successfully sent a move request to client (%1)

Fields #

NameDescription
ClientName UnicodeString

Event ID 11

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service successfully sent a move request to client ().

Fields #

NameDescription
ClientName UnicodeString

Event ID 12: Witness Service ignored the move client request for client (ClientName).

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service ignored the move client request for client (ClientName). Client is not registered with current Witness Service.

Message #

Witness Service ignored the move client request for client (%1). Client is not registered with current Witness Service

Fields #

NameDescription
ClientName UnicodeString

Event ID 12

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service ignored the move client request for client (). Client is not registered with current Witness Service.

Fields #

NameDescription
ClientName UnicodeString

Event ID 13: Witness Service ignored the move client request for client (ClientName).

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service ignored the move client request for client (ClientName). Destination server (ServerName) is unavailable.

Message #

Witness Service ignored the move client request for client (%1). Destination server (%2) is unavailable

Fields #

NameDescription
ClientName UnicodeString
ServerName UnicodeString

Event ID 13

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service ignored the move client request for client (). Destination server () is unavailable.

Fields #

NameDescription
ClientName UnicodeString
ServerName UnicodeString

Event ID 14: Witness Service reported a failure (ErrorCode) to move client (ClientName).

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service reported a failure (ErrorCode) to move client (ClientName).

Message #

Witness Service reported a failure (%1) to move client (%2)

Fields #

NameDescription
ErrorCode UInt32
ClientName UnicodeString

Event ID 14

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service reported a failure () to move client ().

Fields #

NameDescription
ErrorCode UInt32
ClientName UnicodeString

Event ID 15: Witness Service received witness unregister request from Witness Client (ClientName) for NetName \\NetName.

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service received witness unregister request from Witness Client (ClientName) for NetName \\NetName.

Message #

Witness Service received witness unregister request from Witness Client (%1) for NetName \\%2

Fields #

NameDescription
ClientName UnicodeString
NetName UnicodeString

Event ID 15

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service received witness unregister request from Witness Client () for NetName \\.

Fields #

NameDescription
ClientName UnicodeString
NetName UnicodeString

Event ID 16: Witness Service removed registration for Witness Client (ClientName).

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service removed registration for Witness Client (ClientName).

Message #

Witness Service removed registration for Witness Client (%1)

Fields #

NameDescription
ClientName UnicodeString

Event ID 16

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service removed registration for Witness Client ().

Fields #

NameDescription
ClientName UnicodeString

Event ID 17: Witness Service shutdown failed with error (ErrorCode).

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service shutdown failed with error (ErrorCode).

Message #

Witness Service shutdown failed with error (%1)

Fields #

NameDescription
ErrorCode UInt32

Event ID 17

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service shutdown failed with error ().

Fields #

NameDescription
ErrorCode UInt32

Event ID 18: Witness Service successfully sent the list of Witness Servers to Client (ClientName).

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service successfully sent the list of Witness Servers to Client (ClientName).

Message #

Witness Service successfully sent the list of Witness Servers to Client (%1)

Fields #

NameDescription
ClientName UnicodeString

Event ID 18

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service successfully sent the list of Witness Servers to Client ().

Fields #

NameDescription
ClientName UnicodeString

Event ID 19: Witness Service is retrying to process the list of Witness Servers to Client (ClientName).

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service is retrying to process the list of Witness Servers to Client (ClientName).

Message #

Witness Service is retrying to process the list of Witness Servers to Client (%1)

Fields #

NameDescription
ClientName UnicodeString

Event ID 19

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service is retrying to process the list of Witness Servers to Client ().

Fields #

NameDescription
ClientName UnicodeString

Event ID 20: Witness Service failed to process the list of Witness Servers for Client (ClientName) with error (ErrorCode).

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service failed to process the list of Witness Servers for Client (ClientName) with error (ErrorCode).

Message #

Witness Service failed to process the list of Witness Servers for Client (%1) with error (%2)

Fields #

NameDescription
ClientName UnicodeString
ErrorCode UInt32

Event ID 20

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service failed to process the list of Witness Servers for Client () with error ().

Fields #

NameDescription
ClientName UnicodeString
ErrorCode UInt32

Event ID 21: Witness Service failed to move client (ClientName).

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service failed to move client (ClientName). Client name is invalid.

Message #

Witness Service failed to move client (%1). Client name is invalid

Fields #

NameDescription
ClientName UnicodeString

Event ID 21

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service failed to move client (). Client name is invalid.

Fields #

NameDescription
ClientName UnicodeString

Event ID 22: Witness Service failed to move client (ClientName).

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service failed to move client (ClientName). Destination node (DestinationNode) is invalid.

Message #

Witness Service failed to move client (%1). Destination node (%2) is invalid

Fields #

NameDescription
ClientName UnicodeString
DestinationNode UnicodeString

Event ID 22

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service failed to move client (). Destination node () is invalid.

Fields #

NameDescription
ClientName UnicodeString
DestinationNode UnicodeString

Event ID 23: Witness Service failed to move client (ClientName) to destination node (DestinationNode).

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service failed to move client (ClientName) to destination node (DestinationNode). NetName (NetName) is invalid.

Message #

Witness Service failed to move client (%1) to destination node (%2). NetName (%3) is invalid

Fields #

NameDescription
ClientName UnicodeString
DestinationNode UnicodeString
NetName UnicodeString

Event ID 23

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service failed to move client () to destination node (). NetName () is invalid.

Fields #

NameDescription
ClientName UnicodeString
DestinationNode UnicodeString
NetName UnicodeString

Event ID 24: Witness Service received a registration request from Witness Client (ClientName) for \\NetName\ShareName.

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service received a registration request from Witness Client (ClientName) for \\NetName\ShareName.

Message #

Witness Service received a registration request from Witness Client (%1) for \\%2\%3

Fields #

NameDescription
ClientName UnicodeString
NetName UnicodeString
ShareName UnicodeString

Event ID 24

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service received a registration request from Witness Client () for \\\.

Fields #

NameDescription
ClientName UnicodeString
NetName UnicodeString
ShareName UnicodeString

Event ID 25: Witness Service successfully registered request from Witness Client (ClientName) for \\NetName\ShareName.

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service successfully registered request from Witness Client (ClientName) for \\NetName\ShareName.

Message #

Witness Service successfully registered request from Witness Client (%1) for \\%2\%3

Fields #

NameDescription
ClientName UnicodeString
NetName UnicodeString
ShareName UnicodeString

Event ID 25

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service successfully registered request from Witness Client () for \\\.

Fields #

NameDescription
ClientName UnicodeString
NetName UnicodeString
ShareName UnicodeString

Event ID 26: Witness Service registration request from Witness Client (ClientName) for \\NetName\ShareName failed with error (ErrorCode).

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service registration request from Witness Client (ClientName) for \\NetName\ShareName failed with error (ErrorCode).

Message #

Witness Service registration request from Witness Client (%1) for \\%2\%3 failed with error (%4)

Fields #

NameDescription
ClientName UnicodeString
NetName UnicodeString
ShareName UnicodeString
ErrorCode Int32

Event ID 26

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service registration request from Witness Client () for \\\ failed with error ().

Fields #

NameDescription
ClientName UnicodeString
NetName UnicodeString
ShareName UnicodeString
ErrorCode Int32

Event ID 27: Witness Service received witness unregister request from Witness Client (ClientName) for \\NetName\ShareName.

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service received witness unregister request from Witness Client (ClientName) for \\NetName\ShareName.

Message #

Witness Service received witness unregister request from Witness Client (%1) for \\%2\%3

Fields #

NameDescription
ClientName UnicodeString
NetName UnicodeString
ShareName UnicodeString

Event ID 27

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service received witness unregister request from Witness Client () for \\\.

Fields #

NameDescription
ClientName UnicodeString
NetName UnicodeString
ShareName UnicodeString

Event ID 28: Witness Service is queuing share move notifications for Clients clients.

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service is queuing share move notifications for Clients clients.

Message #

Witness Service is queuing share move notifications for %1 clients

Fields #

NameDescription
Clients UInt64

Event ID 28

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service is queuing share move notifications for clients.

Fields #

NameDescription
Clients UInt64

Event ID 29: Witness Service completed queuing share move notifications for Clients clients.

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service completed queuing share move notifications for Clients clients.

Message #

Witness Service completed queuing share move notifications for %1 clients

Fields #

NameDescription
Clients UInt64

Event ID 29

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service completed queuing share move notifications for clients.

Fields #

NameDescription
Clients UInt64

Event ID 30: Witness Service share move notification to Witness Client (ClientName) failed with error (ErrorCode).

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service share move notification to Witness Client (ClientName) failed with error (ErrorCode).

Message #

Witness Service share move notification to Witness Client (%1) failed with error (%2)

Fields #

NameDescription
ClientName UnicodeString
ErrorCode UInt32

Event ID 30

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service share move notification to Witness Client () failed with error ().

Fields #

NameDescription
ClientName UnicodeString
ErrorCode UInt32

Event ID 31: Witness Service sent NumResources share move events to Witness Client (ClientName).

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service sent NumResources share move events to Witness Client (ClientName).

Message #

Witness Service sent %1 share move events to Witness Client (%2)

Fields #

NameDescription
NumResources Int32
ClientName UnicodeString

Event ID 31

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service sent share move events to Witness Client ().

Fields #

NameDescription
NumResources Int32
ClientName UnicodeString

Event ID 32: Witness Service is queuing IP notifications for Clients clients.

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service is queuing IP notifications for Clients clients.

Message #

Witness Service is queuing IP notifications for %1 clients

Fields #

NameDescription
Clients UInt64

Event ID 32

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service is queuing IP notifications for clients.

Fields #

NameDescription
Clients UInt64

Event ID 33: Witness Service completed queuing IP notifications for Clients clients.

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service completed queuing IP notifications for Clients clients.

Message #

Witness Service completed queuing IP notifications for %1 clients

Fields #

NameDescription
Clients UInt64

Event ID 33

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service completed queuing IP notifications for clients.

Fields #

NameDescription
Clients UInt64

Event ID 34: Witness Service IP notification to Witness Client (ClientName) failed with error (ErrorCode).

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service IP notification to Witness Client (ClientName) failed with error (ErrorCode).

Message #

Witness Service IP notification to Witness Client (%1) failed with error (%2)

Fields #

NameDescription
ClientName UnicodeString
ErrorCode UInt32

Event ID 34

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service IP notification to Witness Client () failed with error ().

Fields #

NameDescription
ClientName UnicodeString
ErrorCode UInt32

Event ID 35: Witness Service sent NumResources IP events to Witness Client (ClientName).

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Description

Witness Service sent NumResources IP events to Witness Client (ClientName).

Message #

Witness Service sent %1 IP events to Witness Client (%2)

Fields #

NameDescription
NumResources Int32
ClientName UnicodeString

Event ID 35

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Description

Witness Service sent IP events to Witness Client ().

Fields #

NameDescription
NumResources Int32
ClientName UnicodeString

Event ID 36: Witness Service is requesting to move an SMB client that is optimized to connect to a specific SMB server for one or more file shares.

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Admin

Message #

Witness Service is requesting to move an SMB client (%1) that is optimized to connect to a specific SMB server for one or more file shares. After requested move completes, the SMB client will attempt to move to the optimal SMB server for (%2)

Fields #

NameDescription
ClientName UnicodeString
ShareName UnicodeString

Event ID 36

#
Provider
Microsoft-Windows-SMBWitnessService
Channel
Operational

Fields #

NameDescription
ClientName UnicodeString
ShareName UnicodeString

Provenance

Where this provider's schema came from, and which Windows build it was observed on. Windows can change a provider's event schema between builds, so use this to judge whether it matches the build you collect from.

ETW provider GUID ce704b50-b105-4bc8-a24f-1792c0401c2a

Defined in Witness.dll, which carries the event manifest.

Observed on:

  • WS2022-20348.4893, schema read from the registered manifest, binary version 10.0.20348.1, captured 2026-06-02

Downloads