收集 Microsoft Windows DHCP 記錄
這份文件:
- 說明部署架構和安裝步驟,以及產生 Google Security Operations Parser for Microsoft Windows DHCP 事件支援記錄檔所需的任何設定。如要瞭解 Google Security Operations 資料擷取作業,請參閱「將資料擷取至 Google Security Operations」。
- 包括剖析器如何將原始記錄中的欄位對應至 Google Security Operations Unified Data Model 欄位的相關資訊。
本文中的資訊適用於具有 WINDOWS_DHCP 攝取標籤的剖析器。擷取標籤會識別哪個剖析器將原始記錄資料正規化為具結構性的 UDM 格式。
事前準備
查看建議的部署架構
這張圖表顯示部署架構中建議使用的基礎元件,可收集 Microsoft Windows DHCP 事件並傳送至 Google Security Operations。請比對這項資訊與您的環境,確認已安裝這些元件。每個客戶部署作業都會與此表示方式不同,且可能更為複雜。必備項目如下:
- Microsoft Windows 伺服器已設定 DHCP 伺服器角色。詳情請參閱「Microsoft Windows 伺服器設定」。
- 所有系統都已設定為世界標準時間時區。
- NXLog 會安裝在叢集 Microsoft Windows 伺服器上,用於收集及轉送作業、管理員和篩選通知管道的記錄。
- Google Security Operations 轉寄站安裝在中央 Microsoft Windows 或 Linux 伺服器上。如要瞭解如何安裝及設定轉寄站,請參閱「在 Windows 或 Linux 伺服器上安裝及設定轉寄站」一文。  
查看支援的裝置和版本
Google Security Operations 剖析器支援下列 Microsoft Windows Server 版本和通訊協定產生的記錄。Microsoft Windows Server 發布了下列版本:Foundation、Essentials、Standard 和 Datacenter。各版本產生的記錄檔事件結構相同。
| 伺服器版本 | 支援的通訊協定 | 
|---|---|
| Microsoft Windows Server 2019 | DHCPv4 | 
| Microsoft Windows Server 2016 | DHCPv4 | 
| Microsoft Windows Server 2012 | DHCPv4 | 
Google Security Operations 剖析器支援 NXLog Enterprise Edition 或 Community Edition 收集的記錄。
查看支援的記錄類型
Google Security Operations 剖析器支援 Microsoft Windows DHCP 伺服器產生的下列記錄類型。如要進一步瞭解這些記錄類型,請參閱 Microsoft Windows DHCP 伺服器說明文件。這項功能支援以英文文字產生的記錄,但不支援以非英文語言產生的記錄。
| 類型 | 資料格式 | 說明 | 
|---|---|---|
| 稽核記錄 | CSV | 包括啟動和關閉,以及租約活動。 | 
| 作業事件 | Microsoft Windows 事件格式 | 提供 DHCP 設定記錄功能。 | 
| 管理員活動 | Microsoft Windows 事件格式 | 提供 DHCP 伺服器管理事件記錄。 | 
| 篩選通知事件 | Microsoft Windows 事件格式 | 提供以 DHCP 伺服器連結層為準的篩選事件記錄。 | 
設定 Bindplane 代理程式
使用 Bindplane 代理程式收集 Windows DHCP 記錄。
安裝完成後,Bindplane Agent 服務會以 observerIQ 服務的形式顯示在 Windows 服務清單中。
- 安裝及設定 Windows DHCP 伺服器。如要進一步瞭解如何安裝 Windows DHCP 伺服器,請參閱「動態主機設定通訊協定 (DHCP) 總覽」。 
- 在 Windows 伺服器上執行的收集器中安裝 Bindplane 代理程式。如要進一步瞭解如何安裝 Bindplane 代理程式,請參閱 Bindplane 代理程式安裝說明。 
- 建立 Bindplane 代理程式的設定檔,並加入下列內容。 - receivers: windowseventlog/dhcp_server_notification: channel: Microsoft-Windows-Dhcp-Server/FilterNotifications windowseventlog/dhcp_server_admin: channel: DhcpAdminEvents windowseventlog/dhcp_server_operational: channel: Microsoft-Windows-Dhcp-Server/Operational processors: batch: exporters: chronicle/dhcp: endpoint: https://malachiteingestion-pa.googleapis.com creds: '{ "type": "service_account", "project_id": "malachite-projectname", "private_key_id": `PRIVATE_KEY_ID`, "private_key": `PRIVATE_KEY`, "client_email":"`SERVICE_ACCOUNT_NAME`@malachite-`PROJECT_ID`.iam.gserviceaccount.com", "client_id": `CLIENT_ID`, "auth_uri": "https://accounts.google.com/o/oauth2/auth", "token_uri": "https://oauth2.googleapis.com/token", "auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs", "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/`SERVICSERVICE_ACCOUNT_NAME`%40malachite-`PROJECT_ID`.iam.gserviceaccount.com", "universe_domain": "googleapis.com" }' log_type: 'WINDOWS_DHCP' override_log_type: false raw_log_field: body customer_id: 'dddddddd-dddd-dddd-dddd-dddddddddddd' service: pipelines: logs/dhcp: receivers: - windowseventlog/dhcp_server_admin - windowseventlog/dhcp_server_notification - windowseventlog/dhcp_server_operational processors: [batch] exporters: [chronicle/dhcp]
- 將 - PRIVATE_KEY_ID、- PRIVATE_KEY、- SERVICSERVICE_ACCOUNT_NAME、- PROJECT_ID、- CLIENT_ID和- CUSTOMER_ID替換為服務帳戶 JSON 檔案中的相應值,您可以從 Google Cloud 平台下載該檔案。如要進一步瞭解服務帳戶金鑰,請參閱「建立及刪除服務帳戶金鑰」說明文件。
- 如要啟動 observerIQ 代理程式服務,請依序選取「Services」>「Extended」>「observerIQ Service」>「start」。 
設定 Microsoft Windows DHCP 伺服器
- 安裝及設定 Microsoft Windows DHCP 伺服器。詳情請參閱 Microsoft Windows 說明文件。
- 將系統設定為世界標準時間時區。
- 在每個 Microsoft Windows DHCP 伺服器上安裝 NXLog。請參閱 NXLog 說明文件,包括設定 Microsoft Windows DHCP 的 NXLog 相關資訊。
- 為每個 NXLog 執行個體建立設定檔。使用 im_file 和 im_msvistalog 模組。 - 如要瞭解如何使用 im_file 輸入模組,請參閱「使用 DHCP 管理控制台進行設定」。 
- 如要瞭解如何使用 im_msvistalog 模組,請參閱「Event log for Microsoft Windows 2008/Vista and later (im_msvistalog)」。 
 - 以下是 NXLog 設定範例。請按照這份指南的說明,使用 32 位元 NXLog 代理程式從 64 位元 Microsoft Windows 收集記錄。 - 將 - <hostname>和- <port>值替換為目的地中央 Microsoft Windows 伺服器的相關資訊。詳情請參閱 NXLog 說明文件中的 om_tcp 模組。
- 在「<Input audit_logs_csv>」部分,將「File」屬性變更為包含 DHCP 稽核記錄的檔案位置。請參閱 NXLog 說明文件中的 im_file 輸入模組。 
 - define ROOT C:\Program Files\nxlog define WINDHCP_OUTPUT_DESTINATION_ADDRESS HOSTNAME define WINDHCP_OUTPUT_DESTINATION_PORT PORT Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log <Extension _json> Module xm_json </Extension> <Input dhcp_server_eventlog> Module im_msvistalog <QueryXML> <QueryList> <Query Id="0" Path="System"> <Select Path="System">*[System[Provider[@Name='Microsoft-Windows-DHCP-Server']]]</Select> </Query> <Query Id="0"> <Select Path="DhcpAdminEvents">*</Select> <Select Path="Microsoft-Windows-Dhcp-Server/FilterNotifications">*</Select> <Select Path="Microsoft-Windows-Dhcp-Server/Operational">*</Select> </Query> </QueryList> </QueryXML> Exec $EventTime = integer($EventTime) / 1000; Exec $EventReceivedTime = integer($EventReceivedTime) / 1000; Exec to_json(); </Input> <Input audit_logs_csv> Module im_file File "LOG_FILE_PATH" # Use quotation marks. For example: "c:\dhcp\-*.log" SavePos TRUE InputType LineBased Exec $Message = $raw_event; </Input> <Output out_chronicle_forwarder> Module om_tcp Host %WINDHCP_OUTPUT_DESTINATION_ADDRESS% Port %WINDHCP_OUTPUT_DESTINATION_PORT% </Output> <Route dhcp_events_to_chronicle_forwarder> Path dhcp_server_eventlog,audit_logs_csv => out_chronicle_forwarder </Route>
- 啟動 NXLog 服務。 
設定中央 Microsoft Windows 或 Linux 伺服器
如要瞭解如何安裝及設定轉寄站,請參閱「在 Linux 上安裝及設定轉寄站」或「在 Microsoft Windows 上安裝及設定轉寄站」一文。
- 將系統時區設為世界標準時間。
- 在中央 Microsoft Windows 或 Linux 伺服器上安裝 Google Security Operations 轉寄站。
- 設定 Google Security Operations 轉送器,將記錄傳送至 Google Security Operations。 以下是轉送站設定範例。 - - syslog: common: enabled: true data_type: WINDOWS_DHCP batch_n_seconds: 10 batch_n_bytes: 1048576 tcp_address: 0.0.0.0:10518 connection_timeout_sec: 60
支援的 Microsoft Windows DHCP 記錄檔格式
Microsoft Windows DHCP 剖析器支援 JSON、SYSLOG 和 CSV 格式的記錄。
支援的 Microsoft Windows DHCP 範例記錄
- JSON - { "EventTime": 1629978331254, "Hostname": "user238.dummy2.local", "Keywords": "9223372036854775808", "EventType": "INFO", "SeverityValue": 2, "Severity": "INFO", "EventID": 75, "SourceName": "Microsoft-Windows-DHCP-Server", "ProviderGuid": "{6D64F02C-A125-4DAC-9A01-F0555B41CA84}", "Version": 0, "TaskValue": 0, "OpcodeValue": 0, "RecordNumber": 116, "ExecutionProcessID": 4160, "ExecutionThreadID": 4892, "Channel": "Microsoft-Windows-Dhcp-Server/Operational", "UserID": "S-1-2-3", "AccountType": "Unknown", "Message": "Scope: [[198.51.100.0]10] for IPv4 is Updated with Lease Duration: 691200 seconds by USER2\\\\Administrator. The previous configured Lease Duration was: 0 seconds.", "Opcode": "Info", "IP_ScopeName": "[[198.51.100.0]10]", "ModifiedDuration": "691200", "ClientName": "USER2\\\\Administrator", "OriginalDuration": "0", "EventReceivedTime": 1629978331254, "SourceModuleName": "dhcp_server_eventlog", "SourceModuleType": "im_msvistalog" }
- SYSLOG - 9/12/2024 1:34:50 PM 18DC PACKET 00000291686F6100 UDP Rcv 198.51.100.0 48ea Q [0001 D NOERROR] SRV (5)_ldap(4)_tcp(11)TD-P-MS-DC2(0)
- CSV - 10,07/14/21,11:54:02,Assign,198.51.100.0,,00505683901B,,1261026911,0,,,,,,,,,0
欄位對應參考資料:裝置記錄檔欄位對應至 UDM 欄位
本節說明剖析器如何將原始記錄欄位對應至 Unified Data Model (UDM) 欄位。
稽核記錄
| 原始記錄檔欄位 | UDM 欄位 | 
|---|---|
| ID | security_result.rule_name is set to "EventID: %{EventID}" The dhcp.type is set according to the EventID: For EventIDs 10, 11, 20, 21, value is set to ACK. For EventID 12, value is set to RELEASE. For EventIDs 13, 14, 15, 22 the value is set to NAK. For EventIDs 16, 23 value is set to WIN_DELETED. For EventIDs 17, 18 value is set to WIN_EXPIRED. | 
| Date | metadata.event_timestamp | 
| Time | metadata.event_timestamp | 
| Description | metadata.description | 
| IP Address | principal.ip If the syslog header contains an IP address, it is mapped to "principal.ip", else if the syslog header contains a hostname, it is mapped to "principal.hostname". | 
| Host Name | network.dhcp.client_hostname | 
| MAC Address | If the event_type is NETWORK_DHCP, then network.dhcp.chaddr is set. Otherwise, target.mac is set. | 
| User Name | principal.user.userid | 
| TransactionID | network.dhcp.transaction_id | 
| QResult | Value is mapped to the security_result.action If value is 0:NoQuarantine, set to ALLOW If value is 1:Quarantine, set to QUARANTINE If value is 2:Drop Packet, set to BLOCK If value is 3:Probation, set to ALLOW If value is 6:No Quarantine Information, set to UNKNOWN_ACTION | 
| Dhcid | network.dhcp.client_identifier | 
作業、管理和篩選通知事件的通用欄位
| 原始記錄檔欄位 | UDM 欄位 | 
|---|---|
| EventTime | metadata.event_timestamp | 
| Channel | If the Category field not empty, then metadata.product_event_type set to
"%{Category} [%{EventID}]" If the Category field is empty, then metadata.product_event_type set to "%{Channel} [%{EventID}]" | 
| SourceName | metadata.vendor = "Microsoft" metadata.product_name = "Windows DHCP Server" | 
| Hostname | principal.hostname | 
| EventID | security_result.rule_name | 
| Severity | security_result.severity Original values mapped to UDM field values as follows: 
 | 
| UserID | principal.user.windows_sid | 
| ExecutionProcessID | principal.process.pid | 
| ProcessID | principal.process.pid | 
營運事件
| 原始記錄檔欄位 | UDM 欄位 | 
|---|---|
| PhysicalAddress | principal.mac | 
| ClientName | principal.user.userid | 
| HWType | dhcp.htype | 
| OptionName | dhcp.option.code | 
| Message | metadata.description | 
| Category | metadata.product_event_type | 
| ReservationName | target.resource.name The value stored is different depending on the EventID of the original event. | 
| RelationshipName | target.resource.name The value stored is different depending on the EventID of the original event. | 
| IP_ScopeName | target.resource.name The value stored is different depending on the EventID of the original event. | 
| PolicyName | target.resource.name The value stored is different depending on the EventID of the original event. | 
| IP_Name | target.resource.name The value stored is different depending on the EventID of the original event. | 
| Server2Name | target.hostname | 
| Server | Depending on the value, stored in target.ip or target.hostname. | 
篩選通知事件
| 原始記錄檔欄位 | UDM 欄位 | 
|---|---|
| MACAddress | principal.mac | 
| Message | metadata.description | 
管理員事件
| 原始記錄檔欄位 | UDM 欄位 | 
|---|---|
| operation | security_result.description | 
| FQDNName | target.hostname | 
| Message | metadata.description | 
| Category | metadata.product_event_type | 
| Server | target.ip / target.hostname | 
| RelationName | target.resource.name. The value stored is different depending on the EventID of the original event. | 
| PartnerServer | target.hostname | 
| IP_Name | target.resource.name The value stored is different depending on the EventID of the original event. | 
| IpAddress | target.ip | 
欄位對應參考資料:事件 ID 對應至 UDM 事件類型
本節說明剖析器如何將事件 ID 對應至 UDM event_type。
| 活動 ID | 活動文字 | UDM 事件類型 | 註解 | 
|---|---|---|---|
| 0 | The log was started. | GENERIC_EVENT | |
| 1 | The log was stopped. | GENERIC_EVENT | |
| 2 | The log was temporarily paused due to low disk space. | GENERIC_EVENT | |
| 10 | A new IP address was leased to a client. | NETWORK_DHCP | |
| 11 | A lease was renewed by a client. | NETWORK_DHCP | |
| 12 | A lease was released by a client. | NETWORK_DHCP | |
| 13 | An IP address was found to be in use on the network. | NETWORK_DHCP | |
| 14 | A lease request could not be satisfied because the scope's address pool was exhausted. | NETWORK_DHCP | |
| 15 | A lease was denied. | NETWORK_DHCP | |
| 16 | A lease was deleted. | NETWORK_DHCP | |
| 17 | A lease was expired and DNS records for an expired leases have not been deleted. | NETWORK_DHCP | |
| 18 | A lease was expired and DNS records were deleted. | NETWORK_DHCP | |
| 20 | A BOOTP address was leased to a client. | NETWORK_DHCP | |
| 21 | A dynamic BOOTP address was leased to a client. | NETWORK_DHCP | |
| 22 | A BOOTP request could not be satisfied because the scope's address pool for BOOTP was exhausted. | NETWORK_DHCP | |
| 23 | A BOOTP IP address was deleted after checking to see it was not in use. | NETWORK_DHCP | |
| 24 | IP address cleanup operation has began. | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 25 | IP address cleanup statistics. | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 30 | DNS update request to the named DNS server. | GENERIC_EVENT | |
| 31 | DNS update failed. | GENERIC_EVENT | |
| 32 | DNS update successful. | GENERIC_EVENT | |
| 33 | Packet dropped due to NAP policy. | GENERIC_EVENT | |
| 34 | DNS update request failed.as the DNS update request queue limit exceeded. | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 35 | DNS update request failed. | GENERIC_EVENT | |
| 36 | Packet dropped because the server is in failover standby role or the hash of the client ID does not match. | GENERIC_EVENT | |
| 50 | Unreachable domain | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 51 | Authorization succeeded | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 53 | Cached Authorization | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 54 | Authorization failed | GENERIC_EVENT | |
| 55 | Authorization (servicing) | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 56 | Authorization failure, stopped servicing | GENERIC_EVENT | |
| 57 | Server found in domain | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 58 | Server could not find domain | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 59 | Network failure | GENERIC_EVENT | |
| 60 | No DC is DS Enabled | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 61 | Server found that belongs to DS domain | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 62 | Another server found | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 63 | Restarting rogue detection | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 64 | No DHCP enabled interfaces | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 70 | Scope: %1 for IPv4 is Configured by %2. | SETTING_CREATION | |
| 71 | Scope: %1 for IPv4 is Modified by %2 | SETTING_MODIFICATION | |
| 72 | Scope: %1 for IPv4 is Deleted by %2 | SETTING_DELETION | |
| 73 | Scope: %1 for IPv4 is Activated by %2 | SETTING_MODIFICATION | |
| 74 | Scope: %1 for IPv4 is DeActivated by %2 | SETTING_MODIFICATION | |
| 75 | Scope: %1 for IPv4 is Updated with Lease Duration: %2 seconds by %3. The previous configured Lease Duration was: %4 seconds | SETTING_MODIFICATION | |
| 76 | Scope: %1 for IPv4 is Updated with Option Settings: %2 by %3 | SETTING_MODIFICATION | |
| 77 | Scope: %1 for IPv4 is Enabled for DNS Dynamic updates by %2 | SETTING_MODIFICATION | |
| 78 | Scope: %1 for IPv4 is Disabled for DNS Dynamic updates by %2 | SETTING_MODIFICATION | |
| 79 | Scope: %1 for IPv4 is Updated with DNS Settings by %2: to dynamically update DNS A and PTR records on request by the DHCP Clients | SETTING_MODIFICATION | |
| 80 | Scope: %1 for IPv4 is Updated with DNS Settings by %2: to always dynamically update DNS A and PTR records | SETTING_MODIFICATION | |
| 81 | Scope: %1 for IPv4 is Enabled for DNS Settings by %2: to discard DNS A and PTR records when lease is deleted | SETTING_MODIFICATION | |
| 82 | Scope: %1 for IPv4 is Disabled for DNS Settings by %2: to discard DNS A and PTR records when lease is deleted | SETTING_MODIFICATION | |
| 83 | Scope: %1 for IPv4 is Enabled for DNS Settings by %2: to dynamically update DNS A and PTR records for DHCP Clients that do not request updates | SETTING_MODIFICATION | |
| 84 | Scope: %1 for IPv4 is Disabled for DNS Settings by %2: to dynamically update DNS A and PTR records for DHCP Clients that do not request updates | SETTING_MODIFICATION | |
| 85 | Policy based assignment has been disabled for scope %1 | SETTING_MODIFICATION | |
| 86 | Policy based assignment has been enabled for scope %1 | SETTING_MODIFICATION | |
| 87 | Name Protection setting is Enabled on Scope: %1 for IPv4 by %2 | SETTING_MODIFICATION | |
| 88 | Name Protection setting is Disabled on Scope: %1 for IPv4 by %2 | SETTING_MODIFICATION | |
| 89 | Scope: %1 for IPv4 is Updated with support type: %2 by %3 | SETTING_MODIFICATION | |
| 90 | NAP Enforcement is Enabled on Scope: %1 for IPv4 by %2 | SETTING_MODIFICATION | |
| 91 | NAP Enforcement is Disabled on Scope: %1 for IPv4 by %2 | SETTING_MODIFICATION | |
| 92 | NAP Profile is configured on Scope: %1 for IPv4 with the following NAP Profile: %2 by %3 | SETTING_CREATION | |
| 93 | NAP Profile is Updated on Scope: %1 for IPv4 with the following NAP Profile: %2 by %3. The previous configured NAP Profile was: %4 | SETTING_MODIFICATION | |
| 94 | The following NAP Profile: %1 is deleted on Scope: %2 by %4 | SETTING_DELETION | |
| 95 | Scope: %1 for Multicast IPv4 is Configured by %2 | SETTING_CREATION | |
| 96 | Scope: %1 for Multicast IPv4 is Deleted by %2 | SETTING_DELETION | |
| 97 | Scope: %1 for IPv4 is Added in Superscope: %2 by %3 | SETTING_CREATION | |
| 98 | SuperScope: %1 for IPv4 is Configured by %2 | SETTING_CREATION | |
| 99 | SuperScope: %1 for IPv4 is Deleted by %2 | SETTING_DELETION | |
| 100 | Scope: %1 within SuperScope: %2 for IPv4 is Activated by %3 | SETTING_MODIFICATION | |
| 101 | Scope: %1 within SuperScope: %2 for IPv4 is DeActivated by %3 | SETTING_MODIFICATION | |
| 102 | Scope: %1 for IPv4 is Removed in Superscope: %2 by %3. However, the Scope exists outside the Superscope | SETTING_DELETION | |
| 103 | Scope: %1 for IPv4 is Deleted in Superscope: %2 as well as Deleted permanently by %3 | SETTING_DELETION | |
| 104 | Delay Time: %1 milliseconds for the OFFER message sent by Secondary Servers is Updated on Scope: %2 for IPv4 by %4. The previous configured Delay Time was: %3 milliseconds | SETTING_MODIFICATION | |
| 105 | Server level option %1 for IPv4 has been updated by %2 | SETTING_MODIFICATION | |
| 106 | Reservation: %1 for IPv4 is Configured under Scope %2 by %3 | SETTING_CREATION | |
| 107 | Reservation: %1 for IPv4 is Deleted under Scope %2 by %3 | SETTING_DELETION | |
| 108 | Reservation: %1 for IPv4 under Scope: %2 is Enabled for DNS Dynamic updates by %3 | SETTING_MODIFICATION | |
| 109 | Reservation: %1 for IPv4 under Scope: %2 is Disabled for DNS Dynamic updates by %3 | SETTING_MODIFICATION | |
| 110 | Reservation: %1 for IPv4 under Scope: %2 is Updated with DNS Settings by %3: to dynamically update DNS A and PTR records on request by the DHCP Clients | SETTING_MODIFICATION | |
| 111 | Reservation: %1 for IPv4 under Scope: %2 is Updated with DNS Settings by %3: to always dynamically update DNS A and PTR records | SETTING_MODIFICATION | |
| 112 | Reservation: %1 for IPv4 under Scope: %2 is Enabled for DNS Settings by %3: to discard DNS A and PTR records when lease is deleted | SETTING_MODIFICATION | |
| 113 | Reservation: %1 for IPv4 under Scope: %2 is Disabled for DNS Settings by %3: to discard DNS A and PTR records when lease is deleted | SETTING_MODIFICATION | |
| 114 | Reservation: %1 for IPv4 under Scope: %2 is Enabled for DNS Settings by %3: to dynamically update DNS A and PTR records for DHCP Clients that do not request updates | SETTING_MODIFICATION | |
| 115 | Reservation: %1 for IPv4 under Scope: %2 is Disabled for DNS Settings by %3: to dynamically update DNS A and PTR records for DHCP Clients that do not request updates | SETTING_MODIFICATION | |
| 116 | Reservation: %1 for IPv4 under Scope: %2 is Updated with Option Setting: %3 by %4 | SETTING_MODIFICATION | |
| 117 | Policy based assignment has been disabled at server level | SETTING_MODIFICATION | |
| 118 | Policy based assignment has been enabled at server level | SETTING_MODIFICATION | |
| 119 | Added exclusion IP Address range %1 in the Address Pool for IPv4 under Scope: %2 by %3 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 120 | Deleted exclusion IP Address range %1 in the Address Pool for IPv4 under Scope: %2 by %3 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 121 | Link Layer based filtering is Enabled in the Allow List of the IPv4 by %1 | SETTING_MODIFICATION | |
| 122 | Link Layer based filtering is Disabled in the Allow List of the IPv4 by %1 | SETTING_MODIFICATION | |
| 123 | Filter for physical address: %1, hardware type: %3 added to the IPv4 Allow List by %2 | SETTING_CREATION | |
| 124 | Filter for physical address: %1, hardware type: %3 removed from the IPv4 Allow List by %2 | SETTING_DELETION | |
| 125 | Link Layer based filtering is Enabled in the Deny List of the IPv4 by %1 | SETTING_MODIFICATION | |
| 126 | Link Layer based filtering is Disabled in the Deny List of the IPv4 by %1 | SETTING_MODIFICATION | |
| 127 | Filter for physical address: %1, hardware type: %3 added to the IPv4 Deny List by %2 | SETTING_CREATION | |
| 128 | Filter for physical address: %1, hardware type: %3 removed from the IPv4 Deny List by %2 | SETTING_DELETION | |
| 129 | Scope: %1 for IPv6 is Configured by %2 | SETTING_CREATION | |
| 130 | Scope: %1 for IPv6 is Deleted by %2 | SETTING_DELETION | |
| 131 | Scope: %1 for IPv6 is Activated by %2 | SETTING_MODIFICATION | |
| 132 | Scope: %1 for IPv6 is DeActivated by %2 | SETTING_MODIFICATION | |
| 133 | Scope: %1 for IPv6 is Updated with Lease Preferred Lifetime: %2 by %3. The previous configured Lease Preferred Lifetime was: %4 | SETTING_MODIFICATION | |
| 134 | Scope: %1 for IPv6 is Updated with Lease Valid Lifetime: %2 by %3. The previous configured Lease Valid Lifetime was: %4 | SETTING_MODIFICATION | |
| 135 | Scope: %1 for IPv6 is Updated with Option Setting: %2 by %3 | SETTING_MODIFICATION | |
| 136 | Scope: %1 for IPv6 is Enabled for DNS Dynamic updates by %2 | SETTING_MODIFICATION | |
| 137 | Scope: %1 for IPv6 is Disabled for DNS Dynamic updates by %2 | SETTING_MODIFICATION | |
| 138 | Scope: %1 for IPv6 is Updated with DNS Settings by %2: to dynamically update DNS AAAA and PTR records on request by the DHCP Clients | SETTING_MODIFICATION | |
| 139 | Scope: %1 for IPv6 is Updated with DNS Settings by %2: to always dynamically update DNS AAAA and PTR records | SETTING_MODIFICATION | |
| 140 | Scope: %1 for IPv6 is Enabled for DNS Settings by %2: to discard DNS AAAA and PTR records when lease is deleted | SETTING_MODIFICATION | |
| 141 | Scope: %1 for IPv6 is Disabled for DNS Settings by %2: to discard DNS AAAA and PTR records when lease is deleted. | SETTING_MODIFICATION | |
| 142 | Name Protection setting is Enabled on Scope: %1 for IPv6 by %2 | SETTING_MODIFICATION | |
| 143 | Name Protection setting is Disabled on Scope: %1 for IPv6 by %2 | SETTING_MODIFICATION | |
| 145 | Reservation: %1 for IPv6 is Configured under Scope %2 by %3 | SETTING_CREATION | |
| 147 | Reservation: %1 for IPv6 is Deleted under Scope %2 by %3 | SETTING_DELETION | |
| 148 | Reservation: %1 for IPv6 under Scope: %2 is Enabled for DNS Dynamic updates by %3 | SETTING_MODIFICATION | |
| 149 | Reservation: %1 for IPv6 under Scope: %2 is Disabled for DNS Dynamic updates by %3 | SETTING_MODIFICATION | |
| 150 | Reservation: %1 for IPv6 under Scope: %2 is Updated with DNS Settings by %3: to dynamically update DNS AAAA and PTR records on request by the DHCP Clients | SETTING_MODIFICATION | |
| 151 | Reservation: %1 for IPv6 under Scope: %2 is Updated with DNS Settings by %3: to always dynamically update DNS AAAA and PTR records | SETTING_MODIFICATION | |
| 152 | Reservation: %1 for IPv6 under Scope: %2 is Enabled for DNS Settings by %3: to discard DNS AAAA and PTR records when lease is deleted | SETTING_MODIFICATION | |
| 153 | Reservation: %1 for IPv6 under Scope: %2 is Disabled for DNS Settings by %3: to discard DNS AAAA and PTR records when lease is deleted | SETTING_MODIFICATION | |
| 154 | Reservation: %1 for IPv6 under Scope: %2 is Updated with Option Setting: %3 by %4 | SETTING_MODIFICATION | |
| 155 | Added exclusion IP Address range %1 in the Address Pool for IPv6 under Scope: %2 by %3 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 156 | Deleted exclusion IP Address range %1 in the Address Pool for IPv6 under Scope: %2 by %3 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 157 | Scope: %1 for IPv6 is Modified by %2 | SETTING_MODIFICATION | |
| 158 | DHCPv6 Stateless client inventory has been enabled for the scope %1 | SETTING_MODIFICATION | |
| 159 | DHCPv6 Stateless client inventory has been disabled for the scope %1 | SETTING_MODIFICATION | |
| 160 | DHCPv6 Stateless client inventory has been enabled for the server | SETTING_MODIFICATION | |
| 161 | DHCPv6 Stateless client inventory has been disabled for the server | SETTING_MODIFICATION | |
| 162 | Purge time interval for DHCPv6 stateless client inventory for scope %1 has been set to %2 hours | SETTING_MODIFICATION | |
| 163 | Purge time interval for DHCPv6 stateless client inventory for server has been set to %1 hours | SETTING_MODIFICATION | |
| 164 | Scope: %1 for IPv4 is Enabled for DNS Settings by %2: to disable dynamic updates for DNS PTR records | SETTING_MODIFICATION | |
| 165 | Scope: %1 for IPv4 is Disabled for DNS Settings by %2: to disable dynamic updates for DNS PTR records | SETTING_MODIFICATION | |
| 166 | Server level option %1 for IPv6 has been updated by %2 | SETTING_MODIFICATION | |
| 167 | Server level option %1 for IPv4 has been removed by %2 | SETTING_DELETION | |
| 168 | Option setting: %2 has been removed from IPv4 scope: %1 by %3 | SETTING_DELETION | |
| 169 | Option setting: %3 has been removed from the reservation: %1 in IPv4 scope: %2 by %4 | SETTING_DELETION | |
| 170 | Server level option %1 for IPv6 has been removed by %2 | SETTING_DELETION | |
| 171 | Option setting: %2 has been removed from IPv6 scope: %1 by %3 | SETTING_DELETION | |
| 172 | Option setting: %3 has been removed from the reservation: %1 in IPv6 scope: %2 by %4 | SETTING_DELETION | |
| 1000 | The DHCP service received the unknown option %1, with a length of %2. The raw option data is given below | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1001 | The DHCP service failed to register with Service Controller. The following error occurred: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1002 | The DHCP service failed to initialize its global parameters. The following error occurred: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1003 | The DHCP service failed to initialize its registry parameters. The following error occurred: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1004 | The DHCP service failed to initialize the database. The following error occurred: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1005 | The DHCP service failed to initialize Winsock startup. The following error occurred: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1006 | The DHCP service failed to start as a RPC server. The following error occurred : %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1007 | The DHCP service failed to initialize Winsock data. The following error occurred: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1008 | The DHCP service is shutting down due to the following error: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1009 | The DHCP service encountered the following error while cleaning up the pending client records: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1010 | The DHCP service encountered the following error while cleaning up the database: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1011 | The DHCP service issued a NACK (negative acknowledgement message) to the client, %2, for the address, %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1012 | The DHCP client, %2, declined the address %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1013 | The DHCP Client, %2, released the address %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1016 | The DHCP service encountered the following error when backing up the database: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1017 | The DHCP service encountered the following error when backing up the registry configuration: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1018 | The DHCP service failed to restore the database. The following error occurred: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1019 | The DHCP service failed to restore the DHCP registry configuration. The following error occurred: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1020 | Scope, %1, is %2 percent full with only %3 IP addresses remaining | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1021 | The DHCP service could not load the JET database library successfully | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1022 | The DHCP service could not use the database. If this service was started for the first time after the upgrade from NT 3.51 or earlier, you need to run the utility, upg351db.exe, on the DHCP database to convert it to the new JET database format. Restart the DHCP service after you have upgraded the database | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1023 | The DHCP service will now terminate because the existing database needs conversion to Windows 2000 format. The conversion via the jetconv process, has initiated. Do not reboot or stop the jetconv process. The conversion may take up to 10 minutes depending on the size of the database. Terminate DHCP now by clicking OK. This is required for the database conversion to succeed. NOTE: The DHCP service will be restarted automatically when the conversion is completed. To check conversion status, look at the Application event log for the jetconv process | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1024 | The DHCP service has initialized and is ready | SERVICE_START | |
| 1025 | The DHCP service was unable to read the BOOTP file table from the registry. The DHCP service will be unable to respond to BOOTP requests that specify the boot file name | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1026 | The DHCP service was unable to read the global BOOTP file name from the registry | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1027 | The audit log file cannot be appended | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1028 | The DHCP service failed to initialize the audit log. The following error occurred: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1029 | The DHCP service was unable to ping for a new IP address. The address was leased to the client | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1030 | The audit log file could not be backed up. The following error occurred: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1031 | The installed server callout .dll file has caused an exception. The exception was: %1. The server has ignored this exception. All further exceptions will be ignored | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1032 | The installed server callout .dll file has caused an exception. The exception was: %1. The server has ignored this exception and the .dll file could not be loaded | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1033 | The DHCP service has successfully loaded one or more callout DLLs | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1034 | The DHCP service has failed to load one or more callout DLLs. The following error occurred: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1035 | The DHCP service was unable to create or lookup the DHCP Users local group on this computer. The error code is in the data | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1036 | The DHCP server was unable to create or lookup the DHCP Administrators local group on this computer. The error code is in the data | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1037 | The DHCP service has started to clean up the database | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1038 | The DHCP service has cleaned up the database for unicast IP addresses -- %1 leases have been recovered and %2 records have been removed from the database | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1039 | The DHCP service has cleaned up the database for multicast IP addresses -- %1 leases have expired (been marked for deletion) and %2 records have been removed from the database | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1040 | The DHCP service successfully restored the database | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1041 | The DHCP service is not servicing any DHCPv4 clients because none of the active network interfaces have statically configured IPv4 addresses, or there are no active interfaces | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1042 | The DHCP/BINL service running on this machine has detected a server on the network. If the server does not belong to any domain, the domain is listed as empty. The IP address of the server is listed in parentheses. %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1043 | The DHCP/BINL service on the local machine has determined that it is authorized to start. It is servicing clients now | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1044 | The DHCP/BINL service on the local machine, belonging to the Windows Administrative domain %2, has determined that it is authorized to start. It is servicing clients now | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1045 | The DHCP/BINL service on the local machine has determined that it is not authorized to start. It has stopped servicing clients. The following are some possible reasons for this: This machine belongs to a workgroup and has encountered another DHCP Server (belonging to a Windows Administrative Domain) servicing the same network. An unexpected network error occurred | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1046 | The DHCP/BINL service on the local machine, belonging to the Windows Administrative domain %2, has determined that it is not authorized to start. It has stopped servicing clients. The following are some possible reasons for this: This machine is part of a directory service enterprise and is not authorized in the same domain. (See help on the DHCP Service Management Tool for additional information). This machine cannot reach its directory service enterprise and it has encountered another DHCP service on the network belonging to a directory service enterprise on which the local machine is not authorized. Some unexpected network error occurred. | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1047 | The DHCP/BINL service on the local machine has determined that it is authorized to start. It is servicing clients now. The DHCP/BINL service has determined that the machine was recently upgraded. If the machine is intended to belong to a directory service enterprise, the DHCP service must be authorized in the directory service for it to start servicing clients. (See help on DHCP Service Management Tool for authorizing the server) | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1048 | The DHCP/BINL Service on the local machine, belonging to Windows Domain %2, has determined that it is authorized to start. It is servicing clients now. It has determined that the computer was recently upgraded. It has also determined that either there is no directory service enterprise for the domain or that the computer is not authorized in the directory service. All DHCP services that belong to a directory service enterprise should be authorized in the directory service to service clients. (See help on the DHCP Service Management Tool for authorizing a DHCP service in the directory service) | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1049 | The DHCP/BINL service on the local machine encountered an error while trying to find the domain of the local machine. The error was: %3 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1050 | The DHCP/BINL service on the local machine encountered a network error. The error was: %3 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1051 | The DHCP/BINL service has determined that it is not authorized to service clients on this network for the Windows domain: %2. All DHCP services that belong to a directory service enterprise must be authorized in the directory service to service clients. (See help on the DHCP Service Management Tool for authorizing a DHCP server in the directory service) | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1052 | The DHCP/BINL service on this workgroup server has encountered another server with IP Address, %1, belonging to the domain %2 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1053 | The DHCP/BINL service has encountered another server on this network with IP Address, %1, belonging to the domain: %2 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1054 | The DHCP/BINL service on this computer is shutting down. See the previous event log messages for reasons | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1055 | The DHCP service was unable to impersonate the credentials necessary for DNS registrations: %1. The local system credentials is being used | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1056 | The DHCP service has detected that it is running on a DC and has no credentials configured for use with Dynamic DNS registrations initiated by the DHCP service. This is not a recommended security configuration. Credentials for Dynamic DNS registrations may be configured using the command line "netsh dhcp server set dnscredentials" or via the DHCP Administrative tool | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1057 | The DHCP service was unable to convert the temporary database to ESE format: %1. | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1058 | The DHCP service failed to initialize its configuration parameters. The following error occurred: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1059 | The DHCP service failed to see a directory server for authorization | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1060 | The DHCP service was unable to access path specified for the audit log | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1061 | The DHCP service was unable to access path specified for the database backups | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1062 | The DHCP service was unable to access path specified for the database | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1063 | There are no IP addresses available for lease in the scope or superscope "%1" | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1064 | There are no IP addresses available for BOOTP clients in the scope or superscope "%1" | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1065 | There were some orphaned entries deleted in the configuration due to the deletion of a class or an option definition. Please recheck the server configuration | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1144 | This computer has at least one dynamically assigned IP address. For reliable DHCP Server operation, you should use only static IP addresses | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1338 | The number of pending DHCPOFFER messages for delayed transmission to the client has exceeded the server's capacity of 1000 pending messages. The DHCP server will drop all subsequent DHCPDISCOVER messages for which the DHCPOFFER message response needs to be delayed as per the server configuration. The DHCP server will continue to process DHCPDISCOVER messages for which the DHCPOFFER message responses do not need to be delayed. The DHCP server will resume processing all DHCPDISCOVER messages once the number of pending DHCPOFFER messages for delayed transmission to the client is below the server's capacity | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1339 | The number pending DHCPOFFER messages for delayed transmission to the client is now below the server's capacity of 1000. The DHCP server will now resume processing all DHCPDISCOVER messages | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1340 | The DNS registration for DHCPv4 Client IP address %1 , FQDN %2 and DHCID %3 has been denied as there is probably an existing client with same FQDN already registered with DNS | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1341 | There are no IP addresses available for lease in IP address range(s) of the policy %1 in scope %2 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1342 | IP address range of scope %1 is out of IP addresses | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1343 | Ip address range(s) for the scope %1 policy %2 is %3 percent full with only %4 IP addresses available | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1344 | The DNS IP Address %1 is not a valid DNS Server Address | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1376 | IP address range of scope %1 is %2 percent full with only %3 IP addresses available | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 1377 | SuperScope, %1, is %2 percent full with only %3 IP addresses remaining. This superscope has the following scopes %4 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 10000 | DHCPv6 confirmation has been declined because the address was not appropriate to the link or DHCPv6 renew request has a Zero lifetime for Client Address %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 10001 | Renew, rebind or confirm received for IPv6 addresses %1 for which there are no active lease available | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 10002 | DHCPv6 service received the unknown option %1, with a length of %2. The raw option data is given below | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 10003 | There are no IPv6 addresses available to lease in the scope serving the network with Prefix %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 10004 | The DHCPv6 client, %2, declined the address %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 10005 | DHCPv6 Scope serving the network with prefix %1, is %2 percent full with only %3 IP addresses remaining | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 10006 | A DHCPV6 client %1 has been deleted from DHCPV6 database. | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 10007 | A DHCPV6 message that was in the queue for more than 30 seconds has been dropped because it is too old to process | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 10008 | An invalid DHCPV6 message has been dropped | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 10009 | A DHCPV6 message that was not meant for this server has been dropped | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 10010 | DHCV6 message has been dropped because it was received on a Uni-cast address and unicast support is disabled on the server | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 10011 | DHCPV6 audit log file cannot be appended, Error Code returned %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 10012 | A DHCPV6 message has been dropped because the server is not authorized to process the message | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 10013 | The DHCPv6 service failed to initialize the audit log. The following error occurred: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 10014 | DHCPv6 audit log file could not be backed up. Error code %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 10015 | AThe DHCPv6 service was unable to access path specified for the audit log | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 10016 | The DHCPv6 service failed to initialize Winsock startup. The following error occurred %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 10017 | The DHCPv6 service has detected that it is running on a DC and has no credentials configured for use with Dynamic DNS registrations initiated by the DHCPv6 service. This is not a recommended security configuration | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 10018 | The DHCPv6 Server failed to receive a notification of interface list changes. Some of the interfaces will not be enabled in the DHCPv6 service | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 10019 | The DHCPv6 service failed to initialize its configuration parameters. The following error occurred: %1. | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 10020 | This computer has at least one dynamically assigned IPv6 address.For reliable DHCPv6 server operation, you should use only static IPv6 addresses | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 10021 | DHCPv6 service failed to initialize the database. The following error occurred: %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 10022 | The DHCPv6 service has initialized and is ready to serve | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 10023 | DHCPv6 Server is unable to bind to UDP port number %1 as it is used by another application. This port must be made available to DHCPv6 Server to start servicing the clients | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 10024 | ERROR_LAST_DHCPV6_SERVER_ERROR | GENERIC_EVENT | |
| 10025 | The DNS registration for DHCPv6 Client IPv6 address %1 , FQDN %2 and DHCID %3 has been denied as there is probably an existing client with same FQDN already registered with DNS. | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20090 | DHCP Server is unable to bind to UDP port number %1 as it is used by another application. This port must be made available to DHCP Server to start servicing the clients | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20096 | DHCP Services were denied to machine with hardware address %1, hardware type %4 and FQDN/Hostname %2 because it matched entry %3 in the Deny List | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20097 | DHCP Services were denied to machine with hardware address %1, hardware type %3 and FQDN/Hostname %2 because it did not match any entry in the Allow List | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20098 | No DHCP clients are being served, as the Allow list is empty and the server was configured to provide DHCP services, to clients whose hardware addresses are present in the Allow List | GENERIC_EVENT | |
| 20099 | DHCP Services were denied to machine with hardware address %1, hardware type %4 and unspecified FQDN/Hostname%2 because it matched entry %3 in the Deny List | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20100 | DHCP Services were denied to machine with hardware address %1, hardware type %3 and unspecified FQDN/Hostname%2 because it did not match any entry in the Allow List | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20162 | Scavenger started purging stateless entries | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20220 | Policy %2 for server is %1 | SETTING_CREATION | |
| 20221 | Policy %2 for scope %3 is %1 | SETTING_CREATION | |
| 20222 | The conditions for server policy %3 have been set to %1. The conditions are grouped by logical operator %2 | SETTING_MODIFICATION | |
| 20223 | The conditions for scope %4 policy %3 have been set to %1. The conditions are grouped by logical operator %2 | SETTING_MODIFICATION | |
| 20224 | A new server wide IPv4 policy %1 was created. The processing order of the policy is %2 | SETTING_CREATION | |
| 20225 | A new scope policy %1 was created in scope %3. The processing order of the policy is %2 | SETTING_CREATION | |
| 20226 | Policy %1 was deleted from server | SETTING_DELETION | |
| 20227 | Policy %1 was deleted from scope %2 | SETTING_DELETION | |
| 20228 | The IP address range from %1 was set for the scope %3 policy %2 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20229 | The IP address range from %1 was removed from the scope %3 policy %2 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20230 | The value %2 was set for the option %1 for the server policy %3 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20231 | The value %2 was set for the option %1 for the scope %4 policy %3 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20232 | The value %2 was removed from the option %1 for the server policy %3 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20233 | The value %2 was removed from the option %1 for the scope %4 policy %3 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20234 | Server policy %2 has been renamed to %1 | SETTING_MODIFICATION | |
| 20235 | Scope %3 policy %2 has been renamed to %1 | SETTING_MODIFICATION | |
| 20236 | Description of server policy %2 was set to %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20237 | Description of scope %3 policy %2 was set to %1 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20238 | Processing order of server policy %3 was changed to %1 from %2 | SETTING_MODIFICATION | |
| 20239 | Processing order of scope %4 policy %3 was changed to %1 from %2 | SETTING_MODIFICATION | |
| 20240 | A failover relationship has been created between servers %1 and %2 with the following configuration parameters: name: %3, mode: load balance, maximum client lead time: %4 seconds, load balance percentage on this server: %5, auto state switchover interval: %6 seconds | SETTING_CREATION | |
| 20241 | A failover relationship has been created between servers %1 and %2 with the following configuration parameters: name: %3, mode: hot standby, maximum client lead time: %4 seconds, reserve address percentage on standby server: %5, auto state switchover interval: %6 seconds, standby server: %7 | SETTING_CREATION | |
| 20242 | Failover relationship %1 between %2 and %3 has been deleted | SETTING_DELETION | |
| 20243 | Scope %1 has been added to the failover relationship %2 with server %3 | SETTING_MODIFICATION | |
| 20244 | Scope %1 has been removed from the failover relationship %2 with server %3 | SETTING_MODIFICATION | |
| 20245 | The failover configuration parameter MCLT for failover relationship %1 with server %2 has been changed from %3 seconds to %4 seconds | SETTING_MODIFICATION | |
| 20246 | The failover configuration parameter auto switch over interval for failover relationship %1 with server %2 has been changed from %3 seconds to %4 seconds | SETTING_MODIFICATION | |
| 20247 | The failover configuration parameter reserve address percentage for failover relationship %1 with server %2 has been changed from %3 to %4 | SETTING_MODIFICATION | |
| 20248 | The failover configuration parameter load balance percentage for failover relationship %1 with server %2 has been changed from %3 to %4 on this server | SETTING_MODIFICATION | |
| 20249 | The failover configuration parameter mode for failover relationship %1 with server %2 has been changed from hot standby to load balance | SETTING_MODIFICATION | |
| 20250 | The failover configuration parameter mode for failover relationship %1 with server %2 has been changed from load balance to hot standby | SETTING_MODIFICATION | |
| 20251 | The failover state of server: %1 for failover relationship: %2 changed from: %3 to %4 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20252 | The failover state of server: %1 for failover relationship: %2 changed from: %3 to %4 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20253 | The server detected that it is out of time synchronization with partner server: %1 for failover relationship: %2. The time is out of sync by: %3 seconds | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20254 | Server has established contact with failover partner server %1 for relationship %2 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20255 | Server has lost contact with failover partner server %1 for relationship %2 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20256 | Failover protocol message BINDING-UPDATE from server %1 for failover relationship %2 was rejected because message digest failed to compare | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20257 | Failover protocol message BINDING-UPDATE from server %1 for failover relationship %2 was rejected because message digest was not configured | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20258 | Failover protocol message BINDING-UPDATE from server %1 for failover relationship %2 is rejected because message digest was not present | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20259 | The failover state of server: %1 for failover relationship: %2 changed to : %3 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20260 | The failover state of server: %1 for failover relationship: %2 changed to: %3 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20261 | Failover protocol message BINDING-ACK from server %1 for failover relationship %2 was rejected because message digest failed to compare | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20262 | Failover protocol message BINDING-ACK from server %1 for failover relationship %2 was rejected because message digest was not configured | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20263 | Failover protocol message BINDING-ACK from server %1 for failover relationship %2 is rejected because message digest was not present | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20264 | Failover protocol message CONNECT from server %1 for failover relationship %2 was rejected because message digest failed to compare | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20265 | Failover protocol message CONNECT from server %1 for failover relationship %2 was rejected because message digest was not configured | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20266 | Failover protocol message CONNECT from server %1 for failover relationship %2 is rejected because message digest was not present | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20267 | Failover protocol message CONNECTACK from server %1 for failover relationship %2 was rejected because message digest failed to compare | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20268 | Failover protocol message CONNECTACK from server %1 for failover relationship %2 was rejected because message digest was not configured | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20269 | Failover protocol message CONNECTACK from server %1 for failover relationship %2 is rejected because message digest was not present | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20270 | Failover protocol message UPDREQALL from server %1 for failover relationship %2 was rejected because message digest failed to compare | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20271 | Failover protocol message UPDREQALL from server %1 for failover relationship %2 was rejected because message digest was not configured | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20272 | Failover protocol message UPDREQALL from server %1 for failover relationship %2 is rejected because message digest was not present | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20273 | Failover protocol message UPDDONE from server %1 for failover relationship %2 was rejected because message digest failed to compare | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20274 | Failover protocol message UPDDONE from server %1 for failover relationship %2 was rejected because message digest was not configured | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20275 | Failover protocol message UPDDONE from server %1 for failover relationship %2 is rejected because message digest was not present | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20276 | Failover protocol message UPDREQ from server %1 for failover relationship %2 was rejected because message digest failed to compare | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20277 | Failover protocol message UPDREQ from server %1 for failover relationship %2 was rejected because message digest was not configured | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20278 | Failover protocol message UPDREQ from server %1 for failover relationship %2 is rejected because message digest was not present | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20279 | Failover protocol message STATE from server %1 for failover relationship %2 was rejected because message digest failed to compare | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20280 | Failover protocol message STATE from server %1 for failover relationship %2 was rejected because message digest was not configured | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20281 | Failover protocol message STATE from server %1 for failover relationship %2 is rejected because message digest was not present | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20282 | Failover protocol message CONTACT from server %1 for failover relationship %2 was rejected because message digest failed to compare | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20283 | Failover protocol message CONTACT from server %1 for failover relationship %2 was rejected because message digest was not configured | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20284 | Failover protocol message CONTACT from server %1 for failover relationship %2 is rejected because message digest was not present | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20285 | An invalid cryptographic algorithm %1 was specified for failover message authentication in FailoverCryptoAlgorithm under registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DHCPServer\Parameters\Failover. The operation is halted | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20286 | BINDING UPDATE message for IP address %1 could not be replicated to the partner server %2 of failover relation %3 as the internal BINDING UPDATE queue is full | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20287 | DHCP client request from %1 was dropped since the applicable IP address ranges in scope/superscope %2 are out of available IP addresses. This could be because of IP address ranges of a policy being out of available IP addresses | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20288 | This DHCP server %1 has transitioned to a PARTNER DOWN state for the failover relationship %2 and the MCLT period of %3 seconds has expired. The server has taken over the free IP address pool of the partner server %4 for all scopes which are part of the failover relationship | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20289 | A BINDING-UPDATE message with transaction id: %1 was sent for IP address: %2 with binding status: %3 to partner server: %4 for failover relationship: %5 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20290 | A BINDING-UPDATE message with transaction id: %1 was received for IP address: %2 with binding status: %3 from partner server: %4 for failover relationship: %5 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20291 | A BINDING-ACK message with transaction id: %1 was sent for IP address: %2 with reject reason: (%3) to partner server: %4 for failover relationship: %5 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20292 | A BINDING-ACK message with transaction id: %1 was received for IP address: %2 with reject reason: (%3 ) from partner server: %4 for failover relationship: %5 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20311 | The shared secret for failover relationship %2 with server %1 has been changed | SETTING_MODIFICATION | |
| 20312 | Message authentication for failover relationship %2 with server %1 has been enabled | SETTING_MODIFICATION | |
| 20313 | Message authentication for failover relationship %2 with server %1 has been disabled | SETTING_MODIFICATION | |
| 20315 | DNSSuffix of scope %3 policy %2 was set to %1 | SETTING_MODIFICATION | |
| 20316 | DNSSuffix of server policy %2 was set to %1 | SETTING_MODIFICATION | |
| 20317 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | ||
| 20318 | Forward record registration for IPv4 address %1 and FQDN %2 failed with error %3 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20319 | Forward record registration for IPv4 address %1 and FQDN %2 failed with error %3 (%4). | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20320 | PTR record registration for IPv4 address %1 and FQDN %2 failed with error %3. This is likely to be because the reverse lookup zone for this record does not exist on the DNS server | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20321 | PTR record registration for IPv4 address %1 and FQDN %2 failed with error %3 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20322 | PTR record registration for IPv4 address %1 and FQDN %2 failed with error %3 (%4). | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20323 | Forward record registration for IPv6 address %1 and FQDN %2 failed with error %3. This is likely to be because the forward lookup zone for this record does not exist on the DNS server | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20324 | Forward record registration for IPv6 address %1 and FQDN %2 failed with error %3 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20325 | Forward record registration for IPv6 address %1 and FQDN %2 failed with error %3 (%4) | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20326 | PTR record registration for IPv6 address %1 and FQDN %2 failed with error %3. This is likely to be because the reverse lookup zone for this record does not exist on the DNS server | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20327 | PTR record registration for IPv6 address %1 and FQDN %2 failed with error %3 | SYSTEM_AUDIT_LOG_UNCATEGORIZED | |
| 20328 | PTR record registration for IPv6 address %1 and FQDN %2 failed with error %3 (%4) | SYSTEM_AUDIT_LOG_UNCATEGORIZED | 
還有其他問題嗎?向社群成員和 Google SecOps 專業人員尋求答案。