????

Your IP : 18.119.192.101

Current Path : C:/Windows/System32/drivers/en-US/
Upload File :
Current File : C:/Windows/System32/drivers/en-US/mrxsmb.sys.mui

MZ����@���	�!�L�!This program cannot be run in DOS mode.

$��<߱�R���R���R�U�����R�U�P���R�Rich��R�PEL�!6

`��@ 38.rdata�@@.rsrc@ 4@@<!|�
T88<!|�$��8.rdata8x.rdata$zzzdbg �.rsrc$01�"@0.rsrc$02 �H��t"��'��c�[��P�U����R<!|���0�H�������
��� �8�P�h�����
��������		 	0	@	P	`	p	�	�	�	�	�	��"���#��%��D'�L*f��-���1���4��8f�9���<��=��hO��MUI���)�e�p�w/��o5qХC7�8g�&��>@���MUIen-USSMB Client SharesSMB Client Shares�This counter set displays information about server shares that are being accessed by the client using SMB protocol version 2 or higher.Read Bytes/secRead Bytes/sec7The rate at which bytes are being read from this share.Write Bytes/secWrite Bytes/sec8The rate at which bytes are being written to this share.Read Requests/secRead Requests/sec=The rate at which read requests are being sent to this share.PAWrite Requests/secWrite Requests/sec>The rate at which write requests are being sent to this share.Avg. Bytes/ReadAvg. Bytes/Read-The average number of bytes per read request.Avg. Bytes/WriteAvg. Bytes/Write.The average number of bytes per write request.
Avg. sec/Read
Avg. sec/Read^The average latency between the time a read request is sent and when its response is received.PAAvg. sec/WriteAvg. sec/Write_The average latency between the time a write request is sent and when its response is received.Data Bytes/secData Bytes/sec@The rate at which bytes are being read or written to this share.Data Requests/secData Requests/secFThe rate at which read or write requests are being sent to this share.Avg. Data Bytes/RequestAvg. Data Bytes/Request6The average number of bytes per read or write request.PAAvg. sec/Data RequestAvg. sec/Data RequestgThe average latency between the time a read or write request is sent and when its response is received.Current Data Queue LengthCurrent Data Queue LengthGThe current number of read or write requests outstanding on this share.Avg. Read Queue LengthAvg. Read Queue LengthDThe average number of read requests that were queued for this share.Avg. Write Queue LengthAvg. Write Queue LengthEThe average number of write requests that were queued for this share.PAAvg. Data Queue LengthAvg. Data Queue LengthSThe average number of both read and write requests that were queued for this share.Metadata Requests/secMetadata Requests/secAThe rate at which metadata requests are being sent to this share.Credit Stalls/secCredit Stalls/secWThe number of requests per second delayed based on insufficient credits for this share.PAQThe rate at which bytes are being read from this share via RDMA direct placement.RThe rate at which bytes are being written to this share via RDMA direct placement.WThe rate at which read requests are being sent to this share via RDMA direct placement.XThe rate at which write requests are being sent to this share via RDMA direct placement.4The rate at which read requests go through Turbo I/O5The rate at which write requests go through Turbo I/O!The number of compressed requests"The number of compressed responses#The number of compressed bytes sentPA)Read Bytes transmitted via SMB Direct/sec)Read Bytes transmitted via SMB Direct/sec*Write Bytes transmitted via SMB Direct/sec*Write Bytes transmitted via SMB Direct/sec,Read Requests transmitted via SMB Direct/sec,Read Requests transmitted via SMB Direct/sec-Write Requests transmitted via SMB Direct/sec-Write Requests transmitted via SMB Direct/secTurbo I/O Reads/secTurbo I/O Reads/secTurbo I/O Writes/secTurbo I/O Writes/secCompressed Requests/secPACompressed Requests/secCompressed Responses/secCompressed Responses/secCompressed Bytes Sent/secCompressed Bytes Sent/secPA*00�00�0�0�PP�	��e�e������-�-�x���������P�����!N�!N���u��u�L	�u��u���u�v�\�v��v��%w�,w���w��w���w��w�!�w��w�$�w��w��&Px�Qx��+Sx�Tx�40Yx�bx�87fx�fx�Pjx�ox��T�x��x�^y�y�@x"y�"y�H�$y�,y��}�}�|�}�}���@��@���hx�ix���u�v� ��w��w�|�Sx�Xx���cx�ex�T�gx�gx����x��x�h��x��x�\��g��Info

$Server Error

$Cached Error

LInitialize Security Context Error

<Security Signature Error

 Start State

End State

Error

Warning

 Information

Verbose

@Microsoft-Windows-SMBClient

lMicrosoft-Windows-SMBClient/HelperClassDiagnostic

lMicrosoft-Windows-SMBClient/ObjectStateDiagnostic

XMicrosoft-Windows-SMBClient/Operational

\Microsoft-Windows-SMBClient/XPerfAnalytic

XMicrosoft-Windows-SMBClient/Diagnostic

\Microsoft-Windows-SMBClient/Connectivity

TMicrosoft-Windows-SMBClient/Security

LMicrosoft-Windows-SMBClient/Audit

lCreate SrvCall Error: %1 Location: %2 Context: %3

lSession Setup Error: %1 Location: %2 Context: %3

hTree Connect Error: %1 Location: %2 Context: %3

pCreate VNetRoot Error: %1 Location: %2 Context: %3

hCreate File Error: %1 Location: %2 Context: %3

@Packet Fragment (%2 bytes)

TTransitioned to State: %1 Context: %2

�SMB exchange suspended: RxContext %1 Exchange %2 ListHead %3

�SMB exchange resumed: RxContext %1 Exchange %2 ExchangeState %3 ExchangeStatus %4

0SMB buffer context suspended: BufferCtxt %1 Exchange %2 MidCharge %3 Window %4 CurrentWindowLimit %5 ThrottlingWindowLimit %6 CurrentWindowSize %7

,SMB buffer context resumed: BufferCtxt %1 Exchange %2 MidCharge %3 Window %4 CurrentWindowLimit %5 ThrottlingWindowLimit %6 CurrentWindowSize %7

lSMB Mid window blocked: Window %1 HungSession %2

8SMB rechunk multi-credit request: BufferCtxt %1 Exchange %2 MidCharge %3 Window %4 CurrentWindowLimit %5 ThrottlingWindowLimit %6 CurrentWindowSize %7

hSMB initialize Mid window: Server %2 Window %3

DSMB Mid window state: Window %1 CurrentWindowSize %2 CurrentWindowLimit %3 ThrottlingWindowLimit %4 OldestPendingMid %5 NextAvailableMid %6 CreditsGranted %7

dSMB teardown Mid window: Server %2 Window %3

lSMB copy data completion: Status %1 VcEndpoint %2

dSMB send completion: Status %1 VcEndpoint %2

tWSK connect: SocketAddress %2 VcEndpoint %3 Socket %4

|WSK connect completion: VcEndpoint %1 Socket %2 Status %3

�WSK send: VcEndpoint %1 Socket %2 SendMdl %3 SendLength %4

�WSK send completion: VcEndpoint %1 Socket %2 SendMdl %3 SendLength %4 Status %5

�WSK receive: VcEndpoint %1 Socket %2 ReceiveMdl %3 ReceiveLength %4

�WSK receive completion: VcEndpoint %1 Socket %2 ReceiveMdl %3 ReceiveLength %4 Status %5

pCompression requested for file object %3: Status %4

�Decompression failed: VcEndpoint %1 Socket %2 ReceiveBuffer %3 ReceiveLength %4 Status %5

�Compression failed: VcEndpoint %1 Socket %2 SendBuffer %3 SendLength %4 Status %5

pSMB session expired: SessionEntry %1 ServerName %3

tSMB 3 part SPN reauth: SessionEntry %1 ServiceName %3

dSMB reconnect durable open: Fcb %1 SrvOpen %2

LSMB defer open: Fcb %1 SrvOpen %2

PSMB undefer open: Fcb %1 SrvOpen %2

�SMB send[%1]: [%2] (Mid/Sid/Tid) (%3/%4/%5) MidCharge %6 Creds %7 SendLengh %8 VcEndpoint %9

�SMB receive: [%1] (Mid/Sid/Tid) (%2/%4/%5) Creds %6 Status %7 VcEndpoint %8

�SMB receive interim: [%1] (Mid/AsyncId/Sid/Tid) (%2/%3/%4/%5) Creds %6 Status %7 VcEndpoint %8

�SMB receive async: [%1] (AsyncId/Sid/Tid) (%3/%4/%5) Creds %6 Status %7 VcEndpoint %8

<SMB registry key: %1 = %2

�SMB update file info cache: RxContext %1 Fcb %2 FileName %4

�SMB fetch file info cache: RxContext %1 Fcb %2 FileName %4 Status %5

�SMB invalidate file info cache: RxContext %1 Fcb %2 FileName %4

�SMB update file not found cache: RxContext %1 Fcb %2 FileName %4

�SMB fetch file not found cache: RxContext %1 Fcb %2 FileName %4 Result %5

�SMB invalidate file not found cache: RxContext %1 Fcb %2 FileName %4

xSMB populate dir cache: RxContext %1 Fcb %2 DirName %4

�SMB fetch dir cache: RxContext %1 Fcb %2 FileName %4 Status %5

�Session %1 to %6 transitioned from [%2] to [%3] with Status %4

�Share connection %1 to %6 transitioned from [%2] to [%3] with Status %4

�Open handle %1 to %10%12 transitioned from [%5] to [%6] with Status %7

`The local computer didn't received an SMB1 negotiate response in the last 20 minutes.n%nGuidance:%n%nThis event indicates that no attempt was made to contact this computer via the SMB1 protocol. After %1 online days of no SMB1 contact attempts, the SMB1 Client service will automatically uninstall.

�Failed to open a persistent handle.%n%nError: %7%n%nFileId: %2:%3%nCreateGUID: %4%nPath: %10%12%n%nReason: %8%n%nGuidance:%nA persistent handle allows transparent failover on Windows File Server clusters. This event has many causes and does not always indicate an issue with SMB. Review online documentation for troubleshooting information.

�An invalid FSCTL_QUERY_NETWORK_INTERFACE_INFO response was sent by the server %2

The client failed to connect to the server %2 from the local IP address %4 to the remote IP address %6 over TCP transport. Error: %7

The client failed to connect to the server %2 from the local IP address %4 to the remote IP address %6 over RDMA transport. Error: %7

The client connected to the server %2 from the local IP address %4 to the remote IP address %6 over TCP transport successfully

The client connected to the server %2 from the local IP address %4 to the remote IP address %6 over RDMA transport successfully

DThe server name cannot be resolved.%n%nError: %2%n%nServer name: %4%n%nGuidance:%nThe client cannot resolve the server address in DNS or WINS. This issue often manifests immediately after joining a computer to the domain, when the client's DNS registration may not yet have propagated to all DNS servers. You should also expect this event at system startup on a DNS server (such as a domain controller) that points to itself for the primary DNS. You should validate the DNS client settings on this computer using IPCONFIG /ALL and NSLOOKUP.

P%1.%n%nError: %2%n%nServer name: %4

�Failed to establish a network connection.%n%nError: %2%n%nServer name: %4%nServer address: %6%nConnection type: %7%n%nGuidance:%nThis indicates a problem with the underlying network or transport, such as with TCP/IP, and not with SMB. A firewall that blocks TCP port 445, or TCP port 5445 when using an iWARP RDMA adapter, can also cause this issue.

@A network connection was disconnected.%n%nServer name: %4%nServer address: %6%nConnection type: %7%n%nGuidance:%nThis indicates that the client's connection to the server was disconnected.%n%nFrequent, unexpected disconnects when using an RDMA over Converged Ethernet (RoCE) adapter may indicate a network misconfiguration. RoCE requires Priority Flow Control (PFC) to be configured for every host, switch and router on the RoCE network. Failure to properly configure PFC will cause packet loss, frequent disconnects and poor performance.

 A request timed out because there was no response from the server.%n%nServer name: %6%nSession ID:%3%nTree ID:%4%nMessage ID:%2%nCommand: %1%nInstance Name: %9%nRetryCount: %10%nElapsedTime(ms): %11%n%nGuidance:%nThe server is responding over TCP but not over SMB. Ensure the Server service is running and responsive, and the disks do not have high per-IO latency, which makes the disks appear unresponsive to SMB. Also, ensure the server is responsive overall and not paused; for instance, make sure you can log on to it.

 Added a TCP/IP transport interface.%n%nName: %2%nInterfaceIndex: %3%n%nGuidance:%nA TCP/IP binding was added to the specified network adapter for the SMB client. The SMB client can now send and receive SMB traffic on this network adapter using TCP/IP. You should expect this event when a computer restarts or when a previously disabled network adaptor is re-enabled. No user action is required.

tDeleted a TCP/IP transport interface.%n%nName: %2%nInterfaceIndex: %3%n%nGuidance:%nA TCP/IP binding was removed from the specified network adapter for the SMB client. You should expect this event when a computer shuts down or when a previously enabled network adaptor is disabled. No user action is required.

�Added a TDI transport interface.%n%nName: %2%n%nGuidance:%nA TDI (NetBIOS) binding was added to the specified network adapter for the SMB client. The SMB client can now send and receive SMB traffic on this network adapter using TDI. You should expect this event when a computer restarts or when a previously disabled network adaptor is re-enabled. No user action is required.

TDeleted a TDI transport interface.%n%nName: %2%n%nGuidance:%nA TDI (NetBIOS) binding was removed from the specified network adapter for the SMB client. You should expect this event when a computer shuts down or when a previously enabled network adaptor is disabled. No user action is required.

TWitness registration has completed.%n%nStatus: %1%n%nCluster share name: %4%nCluster share type: %2%nFile server cluster address: %6%n%nGuidance:%nThe client successfully registered with the SMB Witness through RPC using TCP (port 135, then an endpoint port above 1023). No action is required.

Witness deregistration has completed.%n%nStatus: %1%n%nCluster share name: %4%nCluster share type: %2%n%nGuidance:%nThe client successfully de-registered with the SMB Witness through RPC using TCP (port 135, then an endpoint port above 1023). No action is required.

�The server failed the negotiate request.%n%nError: %2%n%nServer name: %4%n%nGuidance:%nThe server does not support any dialect that the client is trying to negotiate, such as the client has SMB2/SMB3 disabled and the server has SMB1 disabled.

0Close request failed.%n%nError: %2%n%nPath: %4%6%n%nGuidance:%nA persistent handle (Continuous Availability) or a resilient handle failed to close.

TRDMA interfaces are available but the client failed to connect to the server over RDMA transport.%n%nServer name: %2%n%nGuidance:%nBoth client and server have RDMA (SMB Direct) adaptors but there was a problem with the connection and the client had to fall back to using TCP/IP SMB (non-RDMA).

�Failed to establish an SMB multichannel network connection.%n%nError: %2%n%nServer name: %4%nServer address: %6%nClient address: %7%nInstance name: %9%nConnection type: %10%n%nGuidance:%nThis indicates a problem with the underlying network or transport, such as with TCP/IP or QUIC/UDP, and not with SMB. A firewall that blocks TCP port 445 or UDP port 443 or TCP port 5445 when using an iWARP RDMA adapter can also cause this issue. Since the error occurred while trying to connect extra channels, it will not result in an application error. This event is for diagnostics only.

�The SMB negotiate response processing failed on the client to determine the selected encryption cipher for the client and server. Please ensure there is a common cipher between the client and server.%n%nClient encryption cipher suite order (most to least preferred): %2%nServer replied back with its selected encryption cipher ID: %4%n

�Could not find a certificate mapping that matches the server name. %n%nConnection type: %1%nServer name: %3.%n

The client established its session to the server.%n%nServer name: %4%nServer address: %6!S!%nClient address: %8!S!%nSession ID: %2

8The client failed to establish its session to the server.%n%nError: %1%n%nServer name: %4%nServer address: %6!S!%nClient address: %8!S!%nSession ID: %2

�The SMB redirector selected the connection initiated with the following parameters:%n%nServer name: %2%nServer socket address: %5%nClient socket address: %7%nClient certificate thumbprint: %12%nTransport: %3%nInstance Name: %9

�The SMB client was denied access to the SMB server during mutual authentication.%n%nServer name: %2%nServer socket address: %5%nClient socket address: %7%nClient certificate thumbprint: %11%nTransport: %3%nInstance Name: %9

DA request on persistent/resilient handle failed because the handle was invalid or it exceeded the timeout.%n%nStatus: %7%n%nType: %1%nPath: %4%6%nRestart count: %2%n%nGuidance:%nAfter retrying a request on a Continuously Available (Persistent) handle or a Resilient handle, the client was unable to reconnect the handle. This event is the result of a handle recovery failure. Review other events for more details.

LThe SMB Multichannel registry value is not configured with default settings.%n%nDefault Registry Value:%n[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters]%n"DisableMultiChannel"=dword:0%nConfigured Registry Value:%n[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters]%n"DisableMultiChannel"=dword:%2%n%nGuidance:%nYou can configure SMB Multichannel on the client using the Windows PowerShell cmdlet Set-SmbClientConfiguration. Disabling SMB client multichannel support is not a recommended configuration, as it can lead to degraded performance and decreased reliability if one channel or network path fails.

�The SMB 3 and SMB 2 driver is not configured with the default start type.%n%nDefault Start Type: DEMAND_START%nConfigured Start Type: DISABLED%n%nGuidance:%nYou should expect this event when disabling SMB2/SMB3 for the client using SC.EXE or editing the Windows registry. Microsoft does not recommend disabling SMB2/SMB3. Disabling SMB2/SMB3 prevents use of features such as SMB Transparent Failover, SMB Scale Out, SMB Multichannel, SMB Direct (RDMA), SMB Encryption, VSS for SMB file shares, and SMB Directory Leasing. SMB provides alternative troubleshooting workarounds to disabling SMB2/SMB3 in most cases.

hThe client supports SMB Direct (RDMA) and SMB Signing is in use.%n%nShare name: %2%n%nGuidance:%nFor optimal SMB Direct performance, you can disable SMB Signing. This configuration is less secure and you should only consider this configuration on trustworthy private networks with strict access control.

�The client supports SMB Direct (RDMA) and SMB Encryption is in use.%n%nShare name: %2%n%nGuidance:%nFor optimal SMB Direct performance, you can disable SMB Encryption on the server for shares accessed by this client. This configuration is less secure and you should only consider this configuration on trustworthy private networks with strict access control.

�The Cipher Suite Order group policy setting is invalid.%n%nGuidance:%n%nThis event indicates that an administrator has configured an invalid value for the "Computer Configuration\Administrative Templates\Network\Lanman Workstation\Cipher Suite Order" group policy setting. The client will use the default cipher suite order "%1" until this error is resolved.

�The RequireSecureNegotiate setting has been removed.%n%nRegistry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters%nRegistry Value: RequireSecureNegotiate%n%nGuidance:%n%nYou should expect this event when an administrator configures the RequireSecureNegotiate setting. Secure negotiate prevents man-in-the-middle attacks against SMB connection establishment. Previous versions of Windows allowed secure negotiate to be disabled. Disabling secure negotiate is no longer allowed. The client removed the setting from the registry. No user action is required.

�%1.%n%nError: %2%n%nSecurity status: %3%nUser name: %10%nLogon ID: %4%nSerrver name: %6

�%1.%n%nError: %2%n%nSecurity status: %3%nUser name: %10%nLogon ID: %4%nServer name: %6%nPrincipal name: %8

pThe outbound authentication failed using a network token.%n%nError: %2%n%nServer name: %4%n%nGuidance:%nThis typically indicates that delegation must be configured for a Kerberos double-hop scenario. If delegation is configured, confirm that the services are configured correctly on the middle-tier server.

The LmCompatibilityLevel value is different from the default.%n%nConfigured LM Compatibility Level: %2%nDefault LM Compatibility Level: 3%n%nGuidance:%nLAN Manager (LM) authentication is the protocol used to authenticate Windows clients for network operations. This includes joining a domain, accessing network resources, and authenticating users or computers. This determines which challenge/response authentication protocol is negotiated between the client and the server computers. Specifically, the LM authentication level determines which authentication protocols the client will try to negotiate or the server will accept. The value set for LmCompatibilityLevel determines which challenge/response authentication protocol is used for network logons. This value affects the level of authentication protocol that clients use, the level of session security negotiated, and the level of authentication accepted by servers.%n%nValue (Setting) - Description%n%n0 (Send LM & NTLM responses) - Clients use LM and NTLM authentication and never use NTLMv2 session security. Domain controllers accept LM, NTLM, and NTLMv2 authentication.%n%n1 (Send LM & NTLM - use NTLMv2 session security if negotiated) - Clients use LM and NTLM authentication, and use NTLMv2 session security if the server supports it. Domain controllers accept LM, NTLM, and NTLMv2 authentication.%n%n2 (Send NTLM response only) - Clients use NTLM authentication only and use NTLMv2 session security if the server supports it. Domain controllers accept LM, NTLM, and NTLMv2 authentication.%n%n3 (Send NTLM v2 response only) - Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it. Domain controllers accept LM, NTLM, and NTLMv2 authentication.%n%n4 (Send NTLMv2 response only/refuse LM) - Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it. Domain controllers refuse LM and accept only NTLM and NTLMv2 authentication.%n%n5 (Send NTLM v2 response only/refuse LM & NTLM) - Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it. Domain controllers refuse LM and NTLM and accept only NTLMv2 authentication.%n%nIncompatibly configured  LmCompatibility levels between a client and server (such as 0 on a client and 5 on a server) prevent access to the server. Non-Microsoft clients and servers also provide these configuration settings.

�The SMB client failed to connect to the share.%n%nError: %2%n%nPath: %4%6

�The negotiate validation failed.%n%nFrom negotiate response:%nDialect: %1%nSecurityMode: %2%nCapabilities: %3%nServerGuid: %4%n%nFrom FSCTL_VALIDATE_NEGOTIATE_INFO response:%nDialect: %5%nSecurityMode: %6%nCapabilities: %7%nServerGuid: %8%n%nGuidance:%nThe client successfully negotiated SMB dialect, security mode, capabilities and server GUID with the server, but the validation of these values then failed after connecting to a share. This may be due to a "man-in-the-middle" compromise attempt.

tThe signing validation failed.%n%nError:%7%n%nServer name: %6%nSession ID:%3%nTree ID:%4%nMessage ID:%2%nCommand: %1%n%nGuidance:%nThis error indicates that SMB messages are being modified in transit across the network from the server to the client. This may be due to the session ending on the server, a problem with the network, a problem with a third-party SMB server, or a "man-in-the-middle" compromise attempt.%n%nPacketFragment:%9

�The client received an unencrypted message when encryption was expected.%n%nServer name: %6%nSession ID:%3%nTree ID:%4%nMessage ID:%2%nCommand: %1%nInstance Name: %9%n%nGuidance:%nThis error indicates that SMB messages are being modified in transit across the network from the server to the client. This may be due to the session ending on the server, a problem with the network, a problem with a third-party SMB server, or a "man-in-the-middle" compromise attempt.

4Failed to decrypt an encrypted SMB message.%n%nError:%7%n%nServer name: %6%nSession ID:%3%nInstance Name: %9%n%nGuidance:%nThe client received an encrypted SMB message but cannot decrypt the data. This typically means that the communication came from a previous session that no longer exists. The encryption header may also have been damaged or tampered with on the network between the client and server.

pThe SMB Signing registry value is not configured with default settings.%n%nDefault Registry Value:%n[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters]%n"EnableSecuritySignature"=dword:1%nConfigured Registry Value:%n[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters]%n"EnableSecuritySignature"=dword:0%n%nGuidance:%nEven though you can disable, enable, or require SMB Signing, the negotiation rules changed starting with SMB2 and not all combinations operate like SMB1.%n%nThe effective behavior for SMB2/SMB3 is:%nClient Required and Server Required = Signed%nClient Not Required and Server Required = Signed%nServer Required and Client Not Required = Signed%nServer Not Required and Client Not Required = Not Signed%n%nWhen requiring SMB Encryption, SMB Signing is not used, regardless of settings. SMB Encryption implicitly provides the same integrity guarantees as SMB Signing.

Rejected an insecure guest logon.%n%nUser name: %2%nServer name: %4%n%nGuidance:%nThis event indicates that the server attempted to log the user on as an unauthenticated guest and was denied by the client. Guest logons do not support standard security features such as signing and encryption. As a result, guest logons are vulnerable to man-in-the-middle attacks that can expose sensitive data on the network. Windows disables insecure guest logons by default. Microsoft does not recommend enabling insecure guest logons.

�The %1 registry value is not configured with default settings.%n%nDefault Registry Value:%n[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters]%n"%1"=dword:0%nConfigured Registry Value:%n[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters]%n"%1"=dword:%2%n%nGuidance:%nThis event indicates that an administrator has enabled insecure guest logons. An insecure guest logon occurs when a server logs the user on as an unauthenticated guest, typically in response to an authentication failure. Guest logons do not support standard security features such as signing and encryption. As a result, allowing guest logons makes the client vulnerable to man-in-the-middle attacks that can expose sensitive data on the network. Windows disables insecure guest logons by default. Microsoft does not recommend enabling insecure guest logons.

�Mutual authentication was unexpectedly lost after re-authenticating to %6%nUser %8%nLogonID %4%nStatus %2%n AuthProtocol Old %9  New %10%nMutualAuthState Old %11 New %12%nClustered %13%n

LSession key for connection is weaker than required. Connection will be closed as a result.%n%nServer: %2%nUser: %6%nSession key length: %3%nRequired Session key length: %4%n%nGuidance:%nTo establish a connection with a shorter session key, set the following registry DWORD value name with the value as decimal bits:%n[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters]%n"MinimumSessionKeyLength"%n%nImportant: If you have configured the 'Network security: Configure encryption types allowed for Kerberos' security policy to prevent use of 256-bit keys but also set the MinimumSessionKeyLength greater than 128 bits, the computer will not be able to make SMB connections. Setting MinimumSessionKeyLength higher than 128 bits will also prevent SMB connections using NTLM.

(SMB1 negotiate response received from remote device when SMB1 cannot be negotiated by the local computer. %n%nDialect: %1%n%n Server name: %3%n%n Guidance:%nThe client has SMB1 disabled or uninstalled. For more information: https://go.microsoft.com/fwlink/?linkid=852747.

The local computer received an SMB1 negotiate response.%n%nDialect: %1%n%n SecurityMode %3%n%n Server name: %5%n%n Guidance:%n SMB1 is deprecated and should not be installed nor enabled. For more information, see https://go.microsoft.com/fwlink/?linkid=852747.

,The local computer didn't received an SMB1 negotiate response in the last %1 days.n%nGuidance:%n%nThis event indicates that after detecting no attempts to contact this computer via the SMB1 protocol for %1 online days, the SMB1 Client service was automatically uninstalled.

,Packet (%4 bytes)

(The connection was forcibly disconnected. %n%nError: %2%n%nName: %4%n%nServer address: %6%nClient address: %7%nInstance name: %9%nConnection type: %10%n%nGuidance:%nThis connection is disconnected to force existing requests to fail back as soon as possible. This is a fast-fail mechanism to allow upper layers to apply their recovery policies as soon as possible. This event is for diagnostics only.

�The disconnect state on connection was cleared %n%nName: %3%nInstance name: %5%n%nGuidance:%nAny persistent disconnect state on this connection is cleared. Any new IO will be sent to the server as usual. This event is for diagnostics only.

t%5 connect: SocketAddress %2 VcEndpoint %3 Socket %4

|%4 connect completion: VcEndpoint %1 Socket %2 Status %3

|%5 send: VcEndpoint %1 Socket %2 SendMdl %3 SendLength %4

�%6 send completion: VcEndpoint %1 Socket %2 SendMdl %3 SendLength %4 Status %5

�%5 receive: VcEndpoint %1 Socket %2 ReceiveMdl %3 ReceiveLength %4

�%6 receive completion: VcEndpoint %1 Socket %2 ReceiveMdl %3 ReceiveLength %4 Status %5

@Failed to reconnect a persistent handle.%n%nError: %7%n%nFileId: %2:%3%nCreateGUID: %4%nPath: %10%12%n%nReason: %8%n%nPrevious reconnect error: %13%nPrevious reconnect reason: %14%n%nGuidance:%nA persistent handle allows transparent failover on Windows File Server clusters. This event has many causes and does not always indicate an issue with SMB. Review online documentation for troubleshooting information.

Failed to reconnect a resilient handle.%n%nError: %7%n%nFileId: %2:%3%nPath: %10%12%n%nReason: %8.%n%nPrevious reconnect error: %13%nPrevious reconnect reason: %14%n%nGuidance:%nA resilient handle provides guarantees to applications requesting it. This event has many causes and does not always indicate an issue with SMB. Review online documentation for troubleshooting information.

 Failed to establish a network connection.%n%nError: %2%n%nServer name: %4%nServer address: %6%nInstance name: %9%nConnection type: %10%n%nGuidance:%nThis indicates a problem with the underlying network or transport, such as with TCP/IP or QUIC/UDP, and not with SMB. A firewall that blocks TCP port 445 or UDP port 443 or TCP port 5445 when using an iWARP RDMA adapter can also cause this issue.

�A network connection was disconnected.%n%nInstance name: %4%nServer name: %6%nServer address: %8%nConnection type: %9%nInterfaceId: %10%n%nGuidance:%nThis indicates that the client's connection to the server was disconnected.%n%nFrequent, unexpected disconnects when using an RDMA over Converged Ethernet (RoCE) adapter may indicate a network misconfiguration. RoCE requires Priority Flow Control (PFC) to be configured for every host, switch and router on the RoCE network. Failure to properly configure PFC will cause packet loss, frequent disconnects and poor performance.

�The client lost its session to the server.%n%nError: %1%n%nServer name: %5%nSession ID: %2%n%nGuidance:%nIf the server is a Windows Failover Cluster file server, then this message occurs when the file share moves between cluster nodes. There should also be an anti-event 30806 indicating the session to the server was re-established. If the server is not a failover cluster, it is likely that the server was previously online, but it is now inaccessible over the network.

,The client re-established its session to the server.%n%nServer name: %5%nServer address: %7%nSession ID: %2%n%nGuidance:%nYou should expect this event if there was a previous event 30805, but the client successfully resumed the cached connection before the timeout expired.

�The connection to the share was lost.%n%nError: %1%n%nShare name: %5%nSession ID: %2%nTree ID: %3%n%nGuidance:%nIf the server is a Windows Failover Cluster file server, then this message occurs when the file share moves between cluster nodes. There should also be an anti-event 30808 indicating the session to the server was re-established. If the server is not a failover cluster, it is likely that the server was previously online, but it is now inaccessible over the network.

<The connection to the share was re-established.%n%nShare name: %5%nServer address: %7%nSession ID: %2%nTree ID: %3%n%nGuidance:%nYou should expect this event if there was a previous event 30807, but the client successfully resumed the cached connection before the timeout expired.

xThe SMB client received a request to move to a different node on a file server cluster.%n%nFile server cluster name: %4%nNew file server cluster address: %6%n%nGuidance:%nContinuous Availability (Transparent Failover) is in use and the client computer is going to move to a different node after an SMB witness request over RPC using TCP (first contacting port 135, then contacting an endpoint port above 1023). No user action is required.

lThe SMB client successfully moved to a different node on a file server cluster.%n%nFile server cluster name: %4%n New file server cluster address: %6%n%nGuidance:%nContinuous Availability (Transparent Failover) is in use and the client computer successfully moved to a different node after an SMB witness request over RPC using TCP (first contacting port 135, then contacting an endpoint port above 1023). No user action is required.

dThe SMB client failed to move to a different node on a file server cluster.%n%nError: %1%n%nFile server cluster name: %4%n%nGuidance:%nContinuous Availability (Transparent Failover) is in use and the client computer failed to move to a different node after an SMB witness request over RPC using TCP (first contacting port 135, then contacting an endpoint port above 1023). The attempt to connect to the destination server failed, which is typically due to a network configuration issue. For example, this issue may occur if the destination node's IP address cannot be resolved, if the destination node is behind a firewall, or if there is no network route from the client to the node.

�The connection was terminated due to one or more IO request timeouts.%n%nError: %2%n%nName: %4%nServer address: %6%nClient address: %7%nInstance name: %9%nConnection type: %10%n%nGuidance:%nThis indicates a problem with the underlying network or the storage stack on the remote server. IO operations were not completed within the allotted time. The application may not see this failure because IOs are usually retried on a different connection. This event is for diagnostics only.

�The handle was created without persistence.%n%nFile ID: %2:%3%nCreateGUID: %4%nPath: %10%12%n%nGuidance:%nThe server supports Continuous Availability (persistent handles) and the request to create the handle succeeded. However, the server did not grant persistence. You should verify that the Resume Key Filter is running on the server and is attached to the target volume.

dThe server does not support multichannel.%n%nServer name: %2%n%nGuidance:%nThe client attempted to use SMB Multichannel, but an administrator has disabled multichannel support on the server. This may also be a non-Microsoft file server that does not support multichannel or has multichannel disabled. You can enable SMB Multichannel on the server using this Windows PowerShell cmdlet: Set-SmbServerConfiguration -EnableMultiChannel:$true. This event does not apply to the multichannel settings of SMB client, which are controlled by the Set-SmbClientConfiguration Windows PowerShell cmdlet. Enabling or disabling client multichannel support does not affect server multichannel support.

TThe client cannot connect to the server due to a multichannel constraint registry setting.%n%nServer name: %2%n%nGuidance:%nThe client attempted to use SMB Multichannel, but an administrator has configured multichannel support to prevent multichannel on the client. You can configure SMB Multichannel on the client using the Windows PowerShell cmdlets: New-SmbMultichannelConstraint and Remove-SmbMultichannelConstraint.

Active

$Disconnected

Suspended

<Construction in progress

4Recovery in progress

8Disconnect in progress

<Invalidation in progress

Invalid

Deleted

NetBT

TCPIP

Rdma

VMBUS

Quic

@Smb2DiagReasonNotSpecified

,Smb2DiagReasonDns

HSmb2DiagReasonSetSocketSecurity

0Smb2DiagReasonIPSec

DSmb2DiagReasonNetworkConnect

LSmb2DiagReasonNegotiateValidation

DSmb2DiagReasonExchangeExpiry

PSmb2DiagReasonDisconnectIndication

@Smb2DiagReasonNegativeCache

dSmb2DiagReasonConsecutiveSessionSetupFailures

\Smb2DiagReasonQuicServerCertificateError

TSmb2DiagReasonQuicServerConfigFailure

HSmb2DiagReasonAcquireCredHandle

,Smb2DiagReasonISC

PSmb2DiagReasonSessionSetupResponse

<Smb2DiagReasonMADowngrade

HSmb2DiagReasonCreateSigningKey

LSmb2DiagReasonRegisterCryptoKeys

,Smb2DiagReasonQCA

TSmb2DiagReasonEncryptionOnNullSession

HSmb2DiagReasonSessionKeyLength

LSmb2DiagReasonTreeConnectResponse

TSmb2DiagReasonValidateNegotiateFsctl

DSmb2DiagReasonHandleReconnect

DSmb2DiagReasonCreateResponse

PSmb2DiagReasonExchangeCancellation

TSmb2DiagReasonExchangeNoBindingObject

LSmb2DiagReasonExchangeSendFailure

DSmb2DiagReasonObjectSuspended

DSmb2DiagReasonUserDisconnect

@Smb2DiagReasonHandleClosed

@Smb2DiagReasonInternalError

lSmb2DiagDisconnectReasonReceiveContextAllocation

\Smb2DiagDisconnectReasonPaddingAllocation

pSmb2DiagDisconnectReasonExchangeReceiveHandlerError

hSmb2DiagDisconnectReasonMessageBufferAllocation

`Smb2DiagDisconnectReasonVcEndpointTornDown

hSmb2DiagDisconnectReasonMessageSizeReceiveError

lSmb2DiagDisconnectReasonMessageSizeTooLargeError

\Smb2DiagDisconnectReasonMessageCopyError

dSmb2DiagDisconnectReasonVcReceiveHandlerError

XSmb2DiagDisconnectReasonVcReceiveError

Negotiate

$Session setup

Logoff

$Tree connect

(Tree disconnect

Create

Close

Flush

Read

Write

Lock

Ioctl

Cancel

Echo

(Query directory

$Change notify

 Query info

Set info

$Oplock break

Create

Close

Read

Write

,Query information

(Set information

Query EA

Set EA

$Flush buffers

<Query volume information

8Set volume information

,Directory control

0File system control

(Device control

8Internal device control

$Lock control

Cleanup

(Query security

$Set security

8Query quota information

4Set quota information

0Internal probe I/O

Symmetric

 Asymmetric

None

NTLM

Kerberos

PKU2U

�4VS_VERSION_INFO��
�|O
�|O?StringFileInfo�040904B0LCompanyNameMicrosoft CorporationVFileDescriptionWindows NT SMB Minirdrn'FileVersion10.0.20348.3207 (WinBuild.160101.0800)6InternalNameMRxSmb.sys�.LegalCopyright� Microsoft Corporation. All rights reserved.FOriginalFilenameMRXSMB.Sys.MUIj%ProductNameMicrosoft� Windows� Operating SystemDProductVersion10.0.20348.3207DVarFileInfo$Translation	�PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX