| 100 | Parameters |
Parameters |
| 101 | Group Policy |
Group Policy |
| 102 | Netlogon |
Netlogon |
| 103 | Maintains a secure channel between this computer and the domain controller for authenticating users and services. If this service is stopped, the computer may not authenticate users and services and the domain controller cannot register DNS records. If this service is disabled, any services that explicitly depend on it will fail to start. |
Maintains a secure channel between this computer and the domain controller for authenticating users and services. If this service is stopped, the computer may not authenticate users and services and the domain controller cannot register DNS records. If this service is disabled, any services that explicitly depend on it will fail to start. |
| 1002 | Netlogon Service (RPC) |
Netlogon Service (RPC) |
| 1003 | Netlogon Service (NP-In) |
Netlogon Service (NP-In) |
| 1004 | Netlogon Service (RPC-EPMAP) |
Netlogon Service (RPC-EPMAP) |
| 1005 | Inbound rule for the NetLogon service to be remotely managed via RPC/TCP. |
Inbound rule for the NetLogon service to be remotely managed via RPC/TCP. |
| 1006 | Inbound rule for the NetLogon service to be remotely managed over Named Pipes. |
Inbound rule for the NetLogon service to be remotely managed over Named Pipes. |
| 1007 | Inbound rule for the RPCSS service to allow RPC/TCP traffic for the NetLogon service. |
Inbound rule for the RPCSS service to allow RPC/TCP traffic for the NetLogon service. |
| 1008 | Netlogon Service Authz (RPC) |
Netlogon Service Authz (RPC) |
| 1009 | Inbound rule for the NetLogon service to process remote authz requests via RPC/TCP. |
Inbound rule for the NetLogon service to process remote authz requests via RPC/TCP. |
| 1010 | Netlogon Service |
Netlogon Service |
| 2002 | Counters for measuring the performance of Netlogon. |
Counters for measuring the performance of Netlogon. |
| 2004 | Semaphore Waiters |
Semaphore Waiters |
| 2006 | Number of thread currently waiting to acquire the semaphore. |
Number of thread currently waiting to acquire the semaphore. |
| 2008 | Semaphore Holders |
Semaphore Holders |
| 2010 | Number of thread currently holding the semaphore. |
Number of thread currently holding the semaphore. |
| 2012 | Semaphore Acquires |
Semaphore Acquires |
| 2014 | The total number of times the semaphore has been acquired over the lifetime of the Secure Channel connection (or since system boot for _Total). |
The total number of times the semaphore has been acquired over the lifetime of the Secure Channel connection (or since system boot for _Total). |
| 2016 | Semaphore Timeouts |
Semaphore Timeouts |
| 2018 | The total number of times a thread has timed out waiting for the semaphore over the lifetime of the Secure Channel connection (or since system boot for _Total). |
The total number of times a thread has timed out waiting for the semaphore over the lifetime of the Secure Channel connection (or since system boot for _Total). |
| 2020 | Average Semaphore Hold Time |
Average Semaphore Hold Time |
| 2022 | The average amount of time the semaphore is held over the last sample. |
The average amount of time the semaphore is held over the last sample. |
| 2024 | Semaphore Hold Time Base |
Semaphore Hold Time Base |
| 2026 | The base value used to calculate the average semaphore hold time. |
The base value used to calculate the average semaphore hold time. |
| 2028 | Last Authentication Time |
Last Authentication Time |
| 2030 | How long, in milliseconds, the last successful NTLM authentication took. |
How long, in milliseconds, the last successful NTLM authentication took. |
| 2032 | Authentication base time |
Authentication base time |
| 2034 | The base value used to calculate Last Authentication Time. |
The base value used to calculate Last Authentication Time. |
| 11010 | This feature is used to maintain a secure channel between domain clients and a domain controller for authenticating users and services. (Uses RPC) |
This feature is used to maintain a secure channel between domain clients and a domain controller for authenticating users and services. (Uses RPC) |
| 0x50000002 | Error |
Error |
| 0x50000003 | Warning |
Warning |
| 0x50000004 | Information |
Information |
| 0x70000001 | Blocking NTLM |
Blocking NTLM |
| 0x70000002 | Auditing NTLM |
Auditing NTLM |
| 0x70000003 | MSA |
MSA |
| 0x70000004 | Max |
Max |
| 0x90000001 | Microsoft-Windows-Security-Netlogon |
Microsoft-Windows-Security-Netlogon |
| 0xB0000FA4 | Domain Controller Blocked: NTLM authentication to this domain controller is blocked.%nSecure Channel name: %1%nUser name: %2%nDomain name: %3%nWorkstation name: %4%nSecure Channel type: %5%n%nNTLM authentication within the domain %3 is blocked.%n%nIf you want to allow NTLM authentication requests in the domain %3, set the security policy Network Security: Restrict NTLM: NTLM authentication in this domain to Disabled.%n%nIf you want to allow NTLM authentication requests only to specific servers in the domain %3, set the security policy Network Security: Restrict NTLM: NTLM authentication in this domain to Deny for domain servers or Deny domain accounts to domain servers, and then set the security policy Network Security: Restrict NTLM: Add server exceptions in this domain to define a list of servers in this domain as an exception to use NTLM authentication. |
Domain Controller Blocked: NTLM authentication to this domain controller is blocked.%nSecure Channel name: %1%nUser name: %2%nDomain name: %3%nWorkstation name: %4%nSecure Channel type: %5%n%nNTLM authentication within the domain %3 is blocked.%n%nIf you want to allow NTLM authentication requests in the domain %3, set the security policy Network Security: Restrict NTLM: NTLM authentication in this domain to Disabled.%n%nIf you want to allow NTLM authentication requests only to specific servers in the domain %3, set the security policy Network Security: Restrict NTLM: NTLM authentication in this domain to Deny for domain servers or Deny domain accounts to domain servers, and then set the security policy Network Security: Restrict NTLM: Add server exceptions in this domain to define a list of servers in this domain as an exception to use NTLM authentication. |
| 0xB0001F44 | Domain Controller Blocked Audit: Audit NTLM authentication to this domain controller.%nSecure Channel name: %1%nUser name: %2%nDomain name: %3%nWorkstation name: %4%nSecure Channel type: %5%n%nAudit NTLM authentication requests within the domain %3 that would be blocked if the security policy Network Security: Restrict NTLM: NTLM authentication in this domain is set to any of the Deny options.%n%nIf you want to allow NTLM authentication requests in the domain %3, set the security policy Network Security: Restrict NTLM: NTLM authentication in this domain to Disabled.%n%nIf you want to allow NTLM authentication requests to specific servers in the domain %3, set the security policy Network Security: Restrict NTLM: NTLM authentication in this domain to Deny for domain servers or Deny domain accounts to domain servers, and then set the security policy Network Security: Restrict NTLM: Add server exceptions in this domain to define a list of servers in the domain %3 to which clients are allowed to use NTLM authentication. |
Domain Controller Blocked Audit: Audit NTLM authentication to this domain controller.%nSecure Channel name: %1%nUser name: %2%nDomain name: %3%nWorkstation name: %4%nSecure Channel type: %5%n%nAudit NTLM authentication requests within the domain %3 that would be blocked if the security policy Network Security: Restrict NTLM: NTLM authentication in this domain is set to any of the Deny options.%n%nIf you want to allow NTLM authentication requests in the domain %3, set the security policy Network Security: Restrict NTLM: NTLM authentication in this domain to Disabled.%n%nIf you want to allow NTLM authentication requests to specific servers in the domain %3, set the security policy Network Security: Restrict NTLM: NTLM authentication in this domain to Deny for domain servers or Deny domain accounts to domain servers, and then set the security policy Network Security: Restrict NTLM: Add server exceptions in this domain to define a list of servers in the domain %3 to which clients are allowed to use NTLM authentication. |
| 0xB0002328 | Netlogon failed to retrieve the password for account %1 in domain %2. %3 |
Netlogon failed to retrieve the password for account %1 in domain %2. %3 |
| 0xB0002329 | The account %1 cannot be used as managed service account on the local machine because not all the supported encryption types of the account are supported by the local machine. |
The account %1 cannot be used as managed service account on the local machine because not all the supported encryption types of the account are supported by the local machine. |
| 0xB000232A | Netlogon failed to add %1 as a managed service account to this local machine. %2 |
Netlogon failed to add %1 as a managed service account to this local machine. %2 |
| 0xB000232B | Netlogon failed to remove the managed service account %1 from this local machine. %2 |
Netlogon failed to remove the managed service account %1 from this local machine. %2 |