Windows event viewer code meaning

Source: Internet
Author: User

Account Logon Events

Table 1 shows the security events generated by the "Audit Account Logon Events" security template settings.

Table 1: Audit Account Logon Events

Event ID

Event Description

672

The authentication service (AS) ticket has been issued and verified.

673

The authorization ticket service (TGS) ticket is authorized. TGS is a ticket issued by the Kerberos v5 ticket Authorization Service (TGS). It allows users to authenticate specific services in the domain.

674

The security subject has updated the AS ticket or TGS ticket.

675

Pre-authentication failed. This event is generated in the Key Distribution Center (KDC) when you type an incorrect password.

676

Authentication ticket request failed. This event is not generated in members of Windows XP Professional or Windows Server family.

677

The TGS ticket is not authorized. This event is not generated in members of Windows XP Professional or Windows Server family.

678

The account has been successfully mapped to the domain account.

681

Logon Failed. Attempt to log on to the domain account. This event is not generated in members of Windows XP Professional or Windows Server family.

682

The user has reconnected to the disconnected Terminal Server session.

683

The user disconnects the Terminal Server session without logging out.

Account management events

Table 2 shows the security events generated by the "Audit Account Management" security template settings.

Table 2: Audit account management events

Event ID

Event Description

624

The user account has been created.

627

The user password has been changed.

628

The user password has been set.

630

The user account has been deleted.

631

The global group has been created.

632

The member has been added to the global group.

633

The member has been deleted from the global group.

634

The global group has been deleted.

635

You have created a local group.

636

The member has been added to the local group.

637

The member has been deleted from the local group.

638

The local group has been deleted.

639

The local group account has been changed.

641

The global group account has been changed.

642

The user account has been changed.

643

The Domain Policy has been modified.

644

The user account is automatically locked.

645

The computer account has been created.

646

The computer account has been changed.

647

The computer account has been deleted.

648

The local security group to disable security has been created.
Note:: In the official name, SECURITY_DISABLED means that the group cannot be used to authorize access checks.

649

The local security group to disable security has been changed.

650

The member has been added to the security-disabled local security group.

651

The member has been deleted from the security-disabled local security group.

652

The security disabled local group has been deleted.

653

The global group to disable security has been created.

654

The global group to disable security has been changed.

655

The member has been added to the disabled security global group.

656

The member has been deleted from the disabled security global group.

657

The globally disabled security group has been deleted.

658

The security-enabled universal group has been created.

659

The security-enabled universal group has been changed.

660

The member has been added to a security-enabled universal group.

661

The member has been deleted from the security-enabled universal group.

662

The security-enabled generic group has been deleted.

663

The security-disabled general group has been created.

664

The security disabled universal group has been changed.

665

The member has been added to the disabled security group.

666

The member has been deleted from the disabled security group.

667

The security disabled general group has been deleted.

668

The group type has been changed.

684

The security descriptor of the Management Group member has been set.
Note:On the domain controller, every 60 Minutes, the background thread searches all the members of the Management Group (such as the domain, enterprise, and architecture administrator) and applies a fixed security descriptor to it. This event has been recorded.

685

The account name has been changed.

Directory Service Access event

Table 3 shows the security events generated by the "Audit Directory Service Access" security template settings.

Table 3: Audit Directory Service Access Events

Event ID

Event Description

566

A common object operation occurs.

Audit Logon Events

Table 4 contains the security events generated by the "Audit Logon Events" security template settings.

Table 4: Audit Logon Events

Event ID

Audit Logon Events

528

The user successfully logs on to the computer.

529

Logon Failed. Attempt to log on with an unknown user name or known user name but incorrect password.

530

Logon Failed. Try to log on outside of the permitted time.

531

Logon Failed. Attempt to log on with a disabled account.

532

Logon Failed. Try to log on with an expired account.

533

Logon Failed. User attempts to log on to the specified computer are not allowed.

534

Logon Failed. The user attempts to log on with an unsupported password.

535

Logon Failed. The password of the specified account has expired.

536

Logon Failed. The. Net Logon Service is not started.

537

Logon Failed. The logon attempt fails for other reasons.
Note:: In some cases, the cause of Logon failure may be unknown.

538

The cancellation process has been completed.

539

Logon Failed. The account is locked when you try to log on.

540

The user successfully logs on to the network.

541

The main mode Internet Key Exchange (IKE) authentication between the local computer and the listed peer-to-peer client identity (Security Association established) has been completed, or the data channel has been established in quick mode.

542

The data channel has been terminated.

543

The main mode has been terminated.
Note:: This situation occurs if the security association time limit (8 hours by default) expires, the policy is changed, or the peer-to-peer termination occurs.

544

The primary Mode Authentication fails because the peer client does not provide a valid certificate or the signature is invalid.

545

Authentication in main mode fails because of Kerberos failure or invalid password.

546

The proposal sent by the peer client is invalid, causing the establishment of IKE Security Association to fail. The received package contains invalid data.

547

An error occurs during the IKE handshake.

548

Logon Failed. The security identifier (SID) from the trusted domain does not match the account domain SID of the client.

549

Logon Failed. When the forest performs identity authentication, all the sid related to the untrusted namespace will be filtered out.

550

A notification message that can be used to indicate possible DoS attacks.

551

The user has started the logout process.

552

You can use clear creden。 to successfully log on to a computer that has been logged on as another user.

682

The user has reconnected to the disconnected Terminal Server session.

683

Disconnect the Terminal Server session before you log off. Note: This event is generated when you connect to the terminal server session over the network. This event appears on the terminal server.


2. When the system verifies whether \ Device \ Serial1 is a Serial port, the system detects the fifo mode ). This method will be used.

17 error W32Time provider NtpClient: an error occurs when the DNS queries the manually configured peer-to-peer machine 'time .windows.com, 0x1. NtpClient will retry the NDS Query within 15 minutes. The error is: the socket operation attempts a host that cannot be connected. (0x80072751)

20 warning Print has added or updated the Windows NT x86 Version-3 Printer Driver Canon PIXMA iP1000. File:-CNMDR6e. DLL, CNMUI6e. DLL, CNMCP6e. DLL, CNMMH6e. HLP, CNMD56e. DLL, CNMUR6e. DLL, CNMSR6e. DLL, CNMIN6e. INI, CNMPI6e. DLL, CNMSM6e. EXE, CNMSS6e. SMR, CNMSD6e. EXE, CNMSQ6e. EXE, CNMSH6e. HLP,
CNMSH6e

26. Application Popup: Rsaupd.exe-component not found: MFC71.DLL not found. Re-installing the application may fix this problem.

29 error W32Time time the service provider NtpClient is configured to obtain time from one or more time sources, but no source can be accessed. The contact time source will not be tried within 14 minutes. NtpClient does not have a time source for accurate time.

35. The W32Time Service uses the time source time.windows.com (ntp. m | 0x1 | 192.168.1.208: 123-> 207.46.197.32: 123) To synchronize the system time.

115 information SRService system recovery monitoring is enabled on all drives.

116 Letter SRService system recovery monitoring is disabled on all drives.

1001 information Save Dump the computer has restarted after detecting an error. Check error: 0x4a4b4d53 (0xc000000e, 0x01d04bf0, 0x00000010, 0x0000029a ). Dump data is saved in: C: \ WINDOWS \ Minidump \ Mini052809-01.dmp.

1005 warn Dhcp your computer that the IP address 192.168.1.100 of the NIC whose network address is 00E04C47978D is already in use on the network. The computer automatically obtains another address.

3260 information Workstation this computer is successfully added to the workgroup 'workgroup '.

4202 information the Tcpip system detects that the NIC Realtek... Family PCI Fast Ethernet NIC-the micro port of the package scheduler is disconnected from the network and the network configuration of the NIC has been released. If the network card is not disconnected, it may cause a fault. Please contact your vendor for updated drivers.

4226 warn that Tcpip TCP/IP has reached the security limit for the number of concurrent TCP connection attempts.

4377 information NtServicePack Windows XP Hotfix KB873339 was installed. 6005 information EventLog Event Log service has been started. (BOOT)

6006 EventLog Event Log Service has stopped. (Shutdown)

6009 press ctrl, alt, or delete (abnormal) to shut down EventLog.

6011 EventLog the machine's NetBIOS Name and DNS host name are changed from MACHINENAME to AA.

7000 error Service Control Manager failed to start npkcrypt due to the following error:

7031 error Service Control Manager Eset Service the unexpected termination of the Service has already occurred once. The following correction operations will run within 0 milliseconds: restart the service.

7035 the Information Service Control Manager xxx Service successfully sends a start Control.

7036 the Information Service Control Manager xxx Service is in the running or stopping status.

8033 information BROWSER: The main BROWSER has stopped the BROWSER from conducting mandatory elections on the \ Device \ NetBT_Tcpip _ {163DE7AB-92AE-499F-8340-B6358A4597CE} network.

10000 error DCOM cannot start the DCOM server: {80EE4902-33A8-11D1-A213-0080C88593A5 }.

Error: 15007 information HTTP successfully added the reserved namespace identified by the URL prefix http: // *: 2869.

60054 Setup successfully completed Windows internal version 2600 installation.

64002 Windows File Protection tries to replace the File on the protected system File c: \ windows \ system32 \ quartz. dll. To maintain system stability, this file is restored to the original version. The file version of the system file is 6.5.2600.3497.

64008 warning Windows File Protection unable to verify the Protected c: \ windows \ system32 \ quartz. dll system File because Windows File Protection is interrupted. Please use the SFC tool to verify the integrity of the file later

 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.