????
Your IP : 216.73.216.152

Current Path : C:/Windows/System32/en-US/
Current File : C:/Windows/System32/en-US/lsasrv.dll.mui
MZ����@���	�!�L�!This program cannot be run in DOS mode.

$��<߱�R���R���R�U�����R�U�P���R�Rich��R�PEL�!4

`!b@ �08.rdata�@@.rsrc@ 2@@^`�
T88^`�$��8.rdata8x.rdata$zzzdbg �.rsrc$01�%�+.rsrc$02 V���
KpDQ�����/Է���8N�U&^`�h�8���P�h�(�@�x�X�p�p��n
��o
���
���
���
��
��
0��
H��
`��
x��
���
���
���
���
���
��
 ��
8��
P��
h��
������	�	�	�	�			(	8	H	X	h	x	�	�	�	�	�	�	�	�			(	8	H	X�%���<��H=���=b�,A��C���H��dT�	��]���dz�8q���r���u��xz0��~@����\�d�P�����P�J���B��&��R�\���L���PM��MOFDATALSAMOFRESOURCEMUIFOMB�� DS}�T(_�	B�����@1!�B� 䂉	!���-���Lp���!��H*BXǓd �S�	�&��e�,���&�� "ĉ%��"D)A�0v�(����A�c����{ T����MN��xTa�O`��ɃG�/A�: S�Ap!�	�Tʇ�q	��҉*��%ES���"�!��B�(�
)�DL`9#�������
�Clu6�̡� � R����t�;��	,L�ـ[R`P#�a�L�a��q7�S�\��iT��>pZ����H �ꈃ�P������x���6�\x��
Ƈ�!J����p.ޅ���qX��-V�s{R���;��C�G�9,���>]�}R��L�A��o���a>\���)�@������T��9/���(��L����5�\��&��#É��#�	�4-���Ԡ@�`��x��������wX4�)
��I	01<�I�
8����ģ����G��S8�H��Cp8���@/�؏���yp S;�s
wl�{\�ÁwD|������������:]�;���Q�gX��G����=sX��d���	����	�s8�s9������`�o��c�
93���&@�����O���1��`&�����?7������t�����
88.���q'�B�=��:>�����OG���	�xxz&�`~�ŝ!���	��?<��?9���O�?9�P`��C�A��x��h���h~t܉9?����88,��X�1�z;�ͳ�g�5� �8֩�=�Pqc��� ���p������I�p�8p^�z���pv\��OK�A������'pSq�'�C~��)	.?<�WĘ��#(�����	pr���&#��	�w���Hp�`�����O�F�C��P1�M��#��
�M��T�G&�j���g|N���L�v8�����G&��'~c�������O�#���f>����G�,�D�\�`PG&�tU�	��dܑ	�����3/���^��q����N�;�zjr��Q�a�N�a8�^��?/�A���8c�c��D�N4��	P(��@���,ΰp�����=�X����~"�������T���1f�:`�?F��#����O>��#�O�	4���NP��1��8a�zB�=@
��w^���?/�??���H\ON>��	�8��q�"���#-p8����GZ�pXÑ0w�Ǒp��?��8�����Q����,��GZ0�(�Cn�!b���㑀��ۈ�q�x�?DN��P�C`��Cp���/'0L����cI0�Cp���8�C�O��-X�P�BȨ�h�w��`���~����P�/I�J��3}�0��?=������P�+A�z�ĝ�z~,���	\����ab<>���ӗ�:��:�""�O�p@�O�����	��Y��	{�\
����;>8/�?.������
���O�	��	��a�a��0gr���OP�s��r����Cps�B�?D�(��p9G���0q�J0�3�2xı����((wj�bO
@�4�������b=���g�a�=?<�����o.�`��`�������-�������qp(�BϤ��:>'��'��w|�;�
�l=`O��#�*����#�	<G(�屒��|��G(���s%���i�w(�؏w`�)<��"�����(@��3�E���3��?2v����`PG)�t�z��9w����7:"�o��e`A�͘�>D�4�X�d��	�1��0�s�B�?L��a
x�;.��;�N���C?���:���R>���������N
�:�
�����*x菺�r�1�����Q\C�Q�?��O`9M&��(8���Qpf�Y
ppd.����<JK�P:)�Q��<J�!�� <��G)�c�pܤ�`��?��Sx�R�`�?2����K=G�����=ʗ�
B�H�B=?�=E
�_�>ME	���
�Z��P��%H�G)�Ÿ��pp0N#H���06��?K>Ŝ�P��R�Fy�z���������sNt���Ot�4�w����O
��`��O����e�g�c
�Q��P�R��#�����U�(�
F4L�H!⇎��0���t��a���']����<N�8��N�9����']�tf�I�vd_�#xP�Q
X��^�(p�Ǩ�\~����s�QN"ڱ�ǎQQ�"D�2���#���x̸�,���]�I��*LLߦ*�Up�#�!�38%(�3�G���+��?���� 0�a�`y�t��=rx���	�0����˒�Z��=f��8<�,��������'������W><1�3����
�l�$8����?&�wv1�!M`���4���<�#�����O��!x���ѕ'��,�����!��9%_;�N%�k;k�����c�c���>�e%f�c���a��3�#f@|&B)�����<qG�Χvda �>�``�Ǉ�@?v���}��qӐ���E�!��{����$�ÁD��g����F|��t8q�����Y��9��D�O.�/��a��I��H�9q�`H9�ѓ8[�5��xAN{@��0�
Nг
�h0�a��;.���l��/	o��k�	��q�;$����'������?$A�:f�!l�v�9�v�7����wN4���	�Oc>'x�	`���c�5��F9�5,�tq���R�D{g�x�8#Pp���oP���x�:|�cP�SX��'�;B�	8?���5��T�;���\����y�w��n��+��"�=������-��!�-�5.8� �907N��8�;Z�s�=Z���6ď	���gBQa��ò�-G�f,���SGD~X���̰'#��'L�����a�$�@��c'`e��S5�N���P�OP��'���|b'Q�ǁxWx4ńA
�����۾q�����=�����=+�ßP�R~T����uR�Q�I	�2J�iG�C���
��)?.��\<H:�����8-�#*p�/P����]� �1F
���A4�#*`at|jpF�#*������a�Q�uX�}D,�2�Q�ˉ�������:1�?���	zZ��j�A
̧N܁�p֮�"��~Txe�ܤ���(��x=��������.A'CP����rN�q������	�yN�w&|�ω��&���OD���L�7.܉��!8���;.~!����M��܉x�����̅���?&��<�b ��C,��F'Z��]����qT���\x9l�s����wT��Q��O`��?-�{H��8��Z@>0ʤ�w`�9x������BQaP#���h��Dh����j��t���;8Xcc�`��?+$���I�5~X�	;�����,����
w^�)�a
\�a��o�N�h�;1��������a�<��`<0>0�f2���{V0?�~Ƈ������R�+����@�\�0������\O�;�Ԁ�~j4�Z�ujǹ	8��
��?�9�
���#�Q6��#Vvl4��������M��FԩwZ���uZ�g����?��s8�E�P����#��`�1�#X��G��y�G�PP��<`��
�'�)��@��������7�v~P𩝟g� >.���82������p&�@�VF����'�y�y�>���sJ\!��*�
;.x||z���,���%��y�|\����	\��W&���3p?h�?2�O>2�C����C�k?3��f|I83Ѐ
}f�0���@vdL�:8�p�|z��83��p�I:1�����yb���'�rt����G�;=���apA���wr�I<9P�'��??N����A(,jl��w��6�-�f���*n��X@����vd�x=;�c���Xp��O�X<f�?A��>A�#�����G��wbρ�G;0�`<0�b�7�H���������?q&����
=*���;-�A58�����`b��8��qh@?4����p��
�nL���>7��F���)���3ѡ�w�7g8`���G�l� ��3pur����=n��'�=9^EP~d�<2Ѓ&��#؏���<����tn@�_pG���耗x���\�X���8
86Ѐ�|��0��@3�`q���0���X�s`@�p���<�`9AV��;k�g��C*����������������h8ŅA
�����D��P
S�h4�0���/7>;F������rh�g�p��?9��8.N�3`���#N
�����?5�s�N
`�6�C`��£��P0�G�?M�a��n��c�0�*~tn��t�O���M�׳#?+��ȏ��\�"��<�;.���x9ȃ�`�����s������p ���c�N��Sp~d�� 56�p���?F�<4��+���s�UƉ��|^���?,��8���cxF�E�P������GWp��rt�'��@�BHjh>+1��d�7�õ��H"�)���-;���
���	=:P�GP��0`�	<Q���!
/��1�  �0(G8?�	�{�{��\cF;;�pA��L���>9u�]�1� ���Ã�	wk��%� 
 ��:xt5<�гXƀ�9`F�\ܳ<�f�
��u���Ax=�\c�ɂ&�"���Hc�GrO8�s��R�N,��A7>��
���A�/ƹ(/�^'����0��ɀ�B�>5�jP�F���Tj��a�z���~Cđ�@��U@X�. ,D&�
S���"aR�0a�@��L ,|'�m�"��5Z�l�"V��@X�r Lx;&�ޠh?= ���E�B3��`!AX�� ,RL���JL��Fa�Ѱ�i�h\��
M<D�fa�����FS�0)��N{�0!�hs0Z}��;�T��j��A��ӏ@��ѡ ,��g��t��aa}���F@X\' ,������a�S����P��PAD�����~��kB��|��"��!�Q��T��V����MOFDATAMUIen-USSIDs Remote Request BaseSIDs Remote Request BaseSecurity Per-Process StatisticsSecurity Per-Process StatisticsSThese counters track the number of security resources and handles used per process.Credential HandlesCredential Handles�This counter tracks the number of credential handles in use by a given process.  Credential handles are handles to pre-existing credentials, such as a password, that are associated with a user and are established through a system logon.PAContext HandlesContext Handles�This counter tracks the number of context handles in use by a given process.  Context handles are associated with security contexts established between a client application and a remote peer.PASecurity System-Wide StatisticsSecurity System-Wide StatisticsFThese counters track authentication performance on a per second basis.NTLM AuthenticationsNTLM Authentications�This counter tracks the number of NTLM authentications processed per second for the AD on this DC or for local accounts on this member server.Kerberos AuthenticationsKerberos AuthenticationsnThis counter tracks the number of times that clients use a ticket to authenticate to this computer per second.KDC AS RequestsKDC AS Requests�This counter tracks the number of Authentication Service (AS) requests that are being processed by the Key Distribution Center (KDC) per second. Clients use AS requests to obtain a ticket-granting ticket.KDC TGS RequestsKDC TGS RequestsThis counter tracks the number of ticket-granting service (TGS) requests that are being processed by the Key Distribution Center (KDC) per second. Clients use these TGS requests to obtain a service ticket, which allows a client to access resources on other computers.Schannel Session Cache EntriesSchannel Session Cache EntriescThis counter tracks the number of Secure Sockets Layer (SSL) entries that are currently stored in the secure channel (Schannel) session cache.  The Schannel session cache stores information about successfully established sessions, such as SSL session IDs.  Clients can use this information to reconnect to a server without performing a full SSL handshake.%Active Schannel Session Cache Entries%Active Schannel Session Cache Entries�This counter tracks the number of Secure Sockets Layer (SSL) entries that are currently stored in the secure channel (Schannel) session cache and that are currently in use.  The Schannel session cache stores information about successfully established sessions, such as SSL session IDs.  Clients can use this information to reconnect to a server without performaing a full SSL handshake.SSL Client-Side Full HandshakesSSL Client-Side Full Handshakes�This counter tracks the number of Secure Sockets Layer (SSL) full client-side handshakes that are being processed per second.  During a handshake, signals are exchanged to acknowledge that communication can occur between computers or other devices.$SSL Client-Side Reconnect Handshakes$SSL Client-Side Reconnect Handshakes5This counter tracks the number of Secure Sockets Layer (SSL) client-side reconnect handshakes that are being processed per second.  Reconnect handshakes allow session keys from previous SSL sessions to be used to resume a client/server connection, and they require less memory to process than full handshakes.SSL Server-Side Full HandshakesSSL Server-Side Full Handshakes�This counter tracks the number of Secure Sockets Layer (SSL) full server-side handshakes that are being processed per second.  During a handshake, signals are exchanged to acknowledge that communication can occur between computers or other devices.$SSL Server-Side Reconnect Handshakes$SSL Server-Side Reconnect Handshakes5This counter tracks the number of Secure Sockets Layer (SSL) server-side reconnect handshakes that are being processed per second.  Reconnect handshakes allow session keys from previous SSL sessions to be used to resume a client/server connection, and they require less memory to process than full handshakes.Digest AuthenticationsDigest Authentications]This counter tracks the number of Digest authentications that are being processed per second.PAForwarded Kerberos RequestsForwarded Kerberos Requests�This counter tracks the number of Kerberos requests that a read-only domain controller (RODC) forwards to its hub, per second.  This counter is tracked only on a RODC.KDC armored AS RequestsKDC armored AS Requests�This counter tracks the number of armored Authentication Service (AS) requests that are being processed by the Key Distribution Center (KDC) per second.KDC armored TGS RequestsKDC armored TGS Requests�This counter tracks the number of armored ticket-granting service (TGS) requests that are being processed by the Key Distribution Center (KDC) per second.KDC claims-aware AS RequestsKDC claims-aware AS Requests�This counter tracks the number of Authentication Service (AS) requests explicitly requesting claims that are being processed by the Key Distribution Center (KDC) per second.7KDC claims-aware service asserted identity TGS requests7KDC claims-aware service asserted identity TGS requests�This counter tracks the number of service asserted identity (S4U2Self) TGS requests that are explicitly requesting claims. These requests are being processed by the Key Distribution Center (KDC) per second.4KDC classic type constrained delegation TGS Requests4KDC classic type constrained delegation TGS RequestswThis counter tracks the number of constrained delegation (S4U2Proxy) TGS requests that are being processed by the Key Distribution Center (KDC) by checking classic type constrained delegation configuration per second. The classic type constrained delegation is restricted to a single domain and configures the backend services SPN on the middle-tier service�s account object.5KDC resource type constrained delegation TGS Requests5KDC resource type constrained delegation TGS RequestsgThis counter tracks the number of constrained delegation (S4U2Proxy) TGS requests that are being processed by the Key Distribution Center (KDC) by checking the resource type constrained delegation per second. The resource type constrained delegation can cross domain boundaries and configures the middle-tier�s account on the backend service�s account object.KDC claims-aware TGS RequestsKDC claims-aware TGS RequestsThis counter tracks the number of claims-aware ticket-granting service (TGS) requests that are being processed by the Key Distribution Center (KDC) per second. A claims-aware Kerberos client will always request claims during Authentication Service (AS) exchanges.PAKDC key trust AS RequestsKDC key trust AS Requests�This counter tracks the number of key trust Authentication Service (AS) requests that are being processed by the Key Distribution Center (KDC) per second.LSA LookupsLSA LookupsyThe LSA Lookup performance counter set consists of counters that measure performance of LSA Account name and SID lookups.Names Inbound Requests/secNames Inbound Requests/secwThis counter displays the rate of inbound account name lookup requests from local and network clients to the local LSA.Names Outbound Requests/secNames Outbound Requests/secmThis counter displays the rate of outbound account name lookup requests from the local LSA to remote servers.#Isolated Names Inbound Requests/sec#Isolated Names Inbound Requests/secUThis counter displays the rate of incoming isolated name lookup requests to the LSA. $Isolated Names Outbound Requests/sec$Isolated Names Outbound Requests/secnThis counter displays the rate of isolated name lookup requests going off box remotely on a Domain Controller.Names Completion TimeNames Completion TimeLThis counter displays the average completion time of an LsaLookupNames call.Names Completion BaseNames Completion BaseWThe base value used to calculate the average completion time of an LsaLookupNames call.Names Remote Request TimeNames Remote Request TimecThis counter displays the time LSA spent waiting on remote server to service a name lookup request.Names Remote Request BaseNames Remote Request BaseXThe base value used to calculate the average completion time of a remote lookup request.Names Errors/secNames Errors/secHThis counter displays the rate of LsaLookupNames call errors per second.Names Unresolved/secNames Unresolved/sec>This counter displays the rate of unresolved names per second.Names Cache % HitNames Cache % HitKThis counter displays the % name requests resolved from the SID/Name cache.Names Cache % Hit BaseNames Cache % Hit Base2Invisible base counter for name cache hit counter.Names Cache % FullNames Cache % Full;This counter displays the % of SID/name cache that is full.Names Cache % Full BaseNames Cache % Full Base+Base counter for name cache % full counter. Name/SID Cache Size(Max Entries) Name/SID Cache Size(Max Entries)PThis counter displays the current maximum size of the LSA Name/SID Lookup cache.Names Xforest Requests/secNames Xforest Requests/secQThis counter displays the rate of LSA Name lookups in trusted forests per second.Names Xforest TimeNames Xforest TimemThis counter displays the time LSA spent waiting on a remote server to service a Xforest name lookup request.PANames Xforest BaseNames Xforest BaseyInvisible counter for base value used to calculate the average wait time for completion of a Xforest name lookup request.!Names Trusted Domain Requests/sec!Names Trusted Domain Requests/secQThis counter displays the rate of LSA Name lookups in trusted Domains per second.!Names Trusted Domain Request Time!Names Trusted Domain Request TimeyThis counter displays the time LSA spent waiting on a remote server in a trusted domain to service a name lookup request.!Names Trusted Domain Request Base!Names Trusted Domain Request BaseqInvisible base counter used to calculate the average wait time for completion of a Trusted Domain lookup request.!Names Primary Domain Requests/sec!Names Primary Domain Requests/secWThis counter displays the rate of remote LSA Name lookups in Primary Domain per second.Names Primary Domain TimeNames Primary Domain Time{This counter displays the time LSA spent waiting on a remote server in the primary domain to service a name lookup request.Names Primary Domain BaseNames Primary Domain Base�Invisible base counter used to calculate the average wait time for completion of a remote name lookup request in Primary Domain.SIDs Inbound Requests/secSIDs Inbound Requests/secnThis counter displays the rate of inbound SID lookup requests from local and network clients to the local LSA.SIDs Outbound Requests/secSIDs Outbound Requests/secdThis counter displays the rate of outbound SID lookup requests from the local LSA to remote servers.SIDs Completion TimeSIDs Completion TimeKThis counter displays the average completion time of an LsaLookupSids call.!SIDs Average Completion Time Base!SIDs Average Completion Time Base^Invisible base counter used to calculate the average completion time of an LsaLookupSids call.SIDs Remote Request TimeSIDs Remote Request TimebThis counter displays the time LSA spent waiting on remote server to service a SID lookup request.PAmInvisible base counter used to calculate the average wait time for completion of a remote SID lookup request.SIDs Errors/secSIDs Errors/secFThis counter displays the rate of LsaLookupSid call errors per second.SIDs Unresolved/secSIDs Unresolved/sec=This counter displays the rate of unresolved SIDs per second.SIDs Cache % HitSIDs Cache % HitAThis counter displays the % SID requests resolved from the cache.PASIDs Cache % Hit BaseSIDs Cache % Hit Base1Invisible base counter for SID Cache hit counter.SIDs Cache % FullSIDs Cache % Full6This counter displays the % of SID cache that is full.SIDs Cache % Full BaseSIDs Cache % Full Base4Invisible base counter for SID cache % full counter.SIDs Xforest Requests/secSIDs Xforest Requests/secLThis counter displays the rate of SID lookups in trusted forests per second.PASIDs Xforest Request TimeSIDs Xforest Request TimejThis counter displays the time LSA spent waiting on remote server to service a Xforest SID lookup request.SIDs Xforest Request BaseSIDs Xforest Request Baseninvisible base counter used to calculate the average wait time for completion of a Xforest SID lookup request. SIDs Trusted Domain Requests/sec SIDs Trusted Domain Requests/secQThis counter displays the rate of LSA SID lookups for trusted Domains per second. SIDs Trusted Domain Request Time SIDs Trusted Domain Request TimevThis counter displays the time LSA spent waiting on remote server in a trusted domain to service a SID lookup request.PASIDs Trusted Domain BaseSIDs Trusted Domain BasexInvisible base counter used to calculate the average wait time for completion of SID lookup request in a Trusted Domain. SIDs Primary Domain Requests/sec SIDs Primary Domain Requests/secVThis counter displays the rate of remote LSA SID lookups in Primary Domain per second. SIDs Primary Domain Request Time SIDs Primary Domain Request TimeuThis counter displays the average time it took for a remote server to service a SID lookup request in Primary Domain.SIDs Primary Domain BaseSIDs Primary Domain BasevInvisible base counter used to calculate the average completion time of a remote SID lookup request in Primary Domain.PA Name/SID cache entries added/sec Name/SID cache entries added/sec1The number of SID/Name entries added to the cache!Name/SID cache entries purged/sec!Name/SID cache entries purged/sec4The number of SID/Name entries purged from the cachePA dd���$,/D@B`��������`���	(0�' (>* 9 lD; Q |H@@N��,N	�	��T��V���V���X@�@������������l� �#�ș0�0�t�00h�PP��pp��������������(�������(�&�&�ģ�The security package does not cache the credentials needed to authenticate to the server.%n%nPackage Name:%t%1%nUser Name:%t%2%nDomain Name:%t%3%nServer Name:%t%4%nProtected User:%t%5%nError Code:%t%6%n

 A security package received a network logon request after the logoff completed.%n%nUser Name:%t%1%nDomain Name:%t%2%nLogon ID:%t%3%nLogoff Time:%t%4%nPID:%t%5%nProgram:%t%6%nPrincipal Name:%t%7%nServer Name:%t%8%nPackage Name:%t%9%nCall Type:%t%10%nError Code:%t%11%n

�Groups assigned to a new logon.%n%nNew Logon:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%tLogon GUID:%t%t%5%n%nEvent in sequence:%t%t%6 of %7%n%nGroup Membership:%t%t%8

4Claims assigned to a new logon.%n%nNew Logon:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%tLogon GUID:%t%t%5%n%n%n%tLogon Type:%t%t%6%n%n%n%nEvent in sequence:%t%t%7 of %8%n%nUser Claims:%t%t%9%n%nDevice Claims:%t%t%10%n%nThis event is generated when a new logon session is created and the user token associated with it contains user and/or device claims. The New Logon fields indicate the account that was logged on. If all the user and device claims in the user token cannot be accommodated in a single event, multiple such events are generated. The Event in sequence field indicates how many more events are generated for this logon session. Each user or device claim is represented in the following format:%n%n%tClaimID ClaimTypeID : Value1, Value2 &  %n%nThe common claim types are: 0 (Invalid Type), 1 (64-bit Integer, 2 (Unsigned 64-bit Integer), 3 (String), 4 (FQBN), 5 (SID), 6 (Boolean) and 16 (Blob). If the claim value exceeds the max allowed length then the string is terminated by ...

User %1 logged off notification is received.%n%nLogonId:%t%2%nAuthorityName:%t%3%nAccountName:%t%4%nTimeout:%t%5 seconds%n

,The security package does not cache the user's sign on credentials.%n%nPackage Name:%t%1%nUser Name:%t%2%nDomain Name:%t%3%nProtected User:%t%4%n

Automatic restart sign on successfully configured the autologon credentials for:%n%n%tAccount Name:%t%t%1%n%tAccount Domain:%t%t%2

�Automatic restart sign on failed to configure the autologon credentials with error:%n%n%1

�Automatic restart sign on successfully deleted autologon credentials from LSA memory

�The security package %1 generated an exception. The exception information is the data.

�Could not upgrade the global secret %1. Please check the status of all services in the system.

XAn anonymous session connected from %1 has attempted to open an LSA policy handle on this machine. The attempt was rejected with STATUS_ACCESS_DENIED to prevent leaking security sensitive information to the anonymous caller.%n The application that made this attempt needs to be fixed. Please contact the application vendor. As a temporary workaround, this security measure can be disabled by setting the \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\TurnOffAnonymousBlock DWORD value to 1.%n This message will be logged at most once a day.

DDuring a logon attempt, the user's security context accumulated too many security IDs. This is a very unusual situation. Remove the user from some global or local groups to reduce the number of security IDs to incorporate into the security context.%nUser's SID is %1%nIf this is the Administrator account, logging on in safe mode will enable Administrator to log on by automatically restricting group memberships.

�The program %2, with the assigned Process ID %1, supplied a NULL or empty target name for the pszTargetName parameter when calling the InitializeSecurityContext API to initiate an outbound NTLM security context. This is a security risk when mutual authentication is required.%n %n To help protect against a malicious attack, make your code more secure. To do this, change the program so that it specifies a target name in the pszTargetName parameter field, and then recompile the code.

,The program %2, with the assigned process ID %1, could not authenticate locally by using the target name %3. The target name used is not valid. A target name should refer to one of the local computer names, for example, the DNS host name.%n %n Try a different target name.

Microsoft Windows Server has detected that NTLM authentication is presently being used between clients and this server. This event occurs once per boot of the server on the first time a client uses NTLM with this server.%n %nNTLM is a weaker authentication mechanism. Please check:%n %n      Which applications are using NTLM authentication?%n      Are there configuration issues preventing the use of stronger authentication such as Kerberos authentication?%n      If NTLM must be supported, is Extended Protection configured?%n %nDetails on how to complete these checks can be found at http://go.microsoft.com/fwlink/?LinkId=225699.

�Microsoft Windows Server has detected that NTLM authentication is being used between clients and this server. This event occurs once per boot of the server on the first time a client uses NTLM with this server.%n %nNTLM is a weaker authentication mechanism. Please check:%n %n      Which applications are using NTLM authentication?%n      Are there configuration issue preventing the use stronger authentication such as Kerberos authentication?%n      If NTLM must be supported, is Extended Protection configured?%n %nDetails on how to complete these checks can be found at http://go.microsoft.com/fwlink/?LinkId=225699.

PAn authentication request for package %1 was rejected because the target information was invalid.  The authentication request did not match the target name of %2.

�A CredSSP authentication to %1 failed to negotiate a common protocol version.  The remote host offered version %2 which is not permitted by Encryption Oracle Remediation.%n%nSee https://go.microsoft.com/fwlink/?linkid=866660 for more information.

A secret object private to LSA was queried by a client. This object was returned in encrypted format for security reasons.

 An error occurred while retrieving new Central Access Policies for this machine.%n%nCould not retrieve policies for the following DNs:%n%1

�An error occurred while processing new Central Access Policies for this machine. Validation failed for the following Central Access Rule referenced by one or more of the Central Access Policies:%n%n%tError:%t%t%1%n%n%tName:%t%t%2%n%tDescription:%t%3

�Credential Guard is configured to run, but is not licensed. Credential Guard was not started.

XThe PDC completed an automatic trust scan operation for all trusts with no errors.%n%nMore information can be found at https://go.microsoft.com/fwlink/?linkid=2162089.

�The PDC completed an automatic trust scan operation for all trusts and encountered at least one error.%n%nMore information can be found at https://go.microsoft.com/fwlink/?linkid=2162089.

|The PDC completed an administrator-requested trust scan operation for the trust '%1' with no errors.%n%nMore information can be found at https://go.microsoft.com/fwlink/?linkid=2162089.

�The PDC was unable to find the specified trust '%1' to scan. The trust either does not exist or it is neither an inbound or bidirectional trust.%n%nMore information can be found at https://go.microsoft.com/fwlink/?linkid=2162089.

�The PDC completed an administrator-requested trust scan operation for the trust '%1' and encountered an error.%n%nMore information can be found at https://go.microsoft.com/fwlink/?linkid=2162089.

hThe PDC encountered an error trying to scan the named trust.%n%nTrust: %1%n%nError: %2(%3)%n%nMore information can be found at https://go.microsoft.com/fwlink/?linkid=2162089.

8MessageIdTypedef=DWORD

NULL SID

Everyone

LOCAL

$CREATOR OWNER

$CREATOR GROUP

,NT Pseudo Domain

$NT AUTHORITY

DIALUP

NETWORK

BATCH

 INTERACTIVE

SERVICE

BUILTIN

SYSTEM

(ANONYMOUS LOGON

4CREATOR OWNER SERVER

4CREATOR GROUP SERVER

DENTERPRISE DOMAIN CONTROLLERS

SELF

0Authenticated Users

 RESTRICTED

Internet$

4TERMINAL SERVER USER

PROXY

$LOCAL SERVICE

(NETWORK SERVICE

<REMOTE INTERACTIVE LOGON

USERS

0NTLM Authentication

4Digest Authentication

8SChannel Authentication

,This Organization

0Other Organization

IUSR

(Mandatory Label

<Untrusted Mandatory Level

0Low Mandatory Level

8Medium Mandatory Level

4High Mandatory Level

8System Mandatory Level

LProtected Process Mandatory Level

$OWNER RIGHTS

,WRITE RESTRICTED

dENTERPRISE READ-ONLY DOMAIN CONTROLLERS BETA

@Medium Plus Mandatory Level

$CONSOLE LOGON

DThis Organization Certificate

<ALL APPLICATION PACKAGES

DAPPLICATION PACKAGE AUTHORITY

<Your Internet connection

�Your Internet connection, including incoming connections from the Internet

@Your home or work networks

4Your pictures library

0Your videos library

0Your music library

8Your documents library

<Your Windows credentials

pSoftware and hardware certificates or a smart card

,Removable storage

,USER MODE DRIVERS

$Claims Valid

<Compound Identity Present

LMicrosoft Account Authentication

`Authentication authority asserted identity

<Service asserted identity

$Local account

lLocal account and member of Administrators group

,Your Appointments

$Your Contacts

(DefaultAccount

DSystem Managed Accounts Group

DCloud Account Authentication

0Key trust identity

\Key property multi-factor authentication

<Key property attestation

<Fresh public key identity

PALL RESTRICTED APPLICATION PACKAGES

4Window Manager Group

$Device Owners

(LsaSetupDomain

4A lookup request was made that required connectivity to a domain controller in domain %1. The LSA was unable to find a domain controller in the domain and thus failed the request. Please check connectivity and secure channel setup from this domain controller to the domain %2.

 A lookup request was made that required connectivity to the domain controller %1. The local LSA was unable to contact the LSA on the remote domain controller. Please check connectivity and secure channel setup from this domain controller to the domain controller %2.

pA lookup request was made that required the lookup services on the remote domain controller %1. The remote domain controller failed the request thus the local LSA failed the original lookup request. Please check connectivity and secure channel setup from this domain controller to the domain controller %2.

The LSA was unable to register its RPC interface over the TCP/IP interface. Please make sure that the protocol is properly installed.

�The LSA was unable to notify UBPM during startup with status %1.

xThe schannel security package has loaded successfully.

xA fatal error occurred while opening the system %1 cryptographic module. Operations that require the SSL or TLS cryptographic protocols will not work correctly. The error code is %2.

�Creating a TLS %3 credential.%n The SSPI client process is %2 (PID: %1).

�The TLS %1 credential's private key has the following properties:%n%n   CSP name: %2%n   CSP type: %3%n   Key name: %4%n   Key Type: %5%n   Key Flags: %6%n%n The attached data contains the certificate.

dThe TLS %3 credential's certificate does not have a private key information property attached to it. This most often occurs when a certificate is backed up incorrectly and then later restored. This message can also indicate a certificate enrollment failure.%n The SSPI client process is %2 (PID: %1).

�A fatal error occurred when attempting to access the TLS %3 credential private key. The error code returned from the cryptographic module is %4. The internal error state is %5.%n The SSPI client process is %2 (PID: %1).

A fatal error occurred while creating a TLS %3 credential. The internal error state is %4.%n The SSPI client process is %2 (PID: %1).

�The TLS %3 specified certificate's chain could not be retrieved:%n%n   Failure Status: %4%n   Flags: %5%n%n The attached data contains the certificate.%n The SSPI client process is %2 (PID: %1).

No supported cipher suites were found when initiating a TLS connection. This indicates a configuration problem with the client application and/or the installed cryptographic modules. The TLS connection request has failed.%n The SSPI client process is %2 (PID: %1).

�An %3 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The TLS connection request has failed.%n The SSPI client process is %2 (PID: %1).

HThe remote server has requested TLS client authentication, but no suitable client certificate could be found. An anonymous connection will be attempted. This TLS connection request may succeed or fail, depending on the server's policy settings.%n The SSPI client process is %2 (PID: %1).

�The certificate received from the remote server has not validated correctly. The error code is %3. The TLS connection request has failed. The attached data contains the server certificate.%n The SSPI client process is %2 (PID: %1).

�The certificate received from the remote client application has not validated correctly. The error code is %3. The attached data contains the client certificate.%n The SSPI client process is %2 (PID: %1).

�The certificate received from the remote client application is not suitable for direct mapping to a client system account, possibly because the authority that issuing the certificate is not sufficiently trusted. The error code is %3. The attached data contains the client certificate.%n The SSPI client process is %2 (PID: %1).

LThe certificate received from the remote client application was not successfully mapped to a client system account. The error code is %3. This is not necessarily a fatal error, as the server application may still find the certificate acceptable.%n The SSPI client process is %2 (PID: %1).

`A TLS %1 handshake completed successfully. The negotiated cryptographic parameters are as follows.%n%n   Protocol version: %2%n   CipherSuite: %3%n   Exchange strength: %4 bits%n   Context handle: %5%n   Target name: %6%n   Local certificate subject name: %7%n   Remote certificate subject name: %8

�The certificate received from the remote server has either expired or is not yet valid. The TLS connection request has failed. The attached data contains the server certificate.%n The SSPI client process is %2 (PID: %1).

xThe certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The TLS connection request has failed. The attached data contains the server certificate.%n The SSPI client process is %2 (PID: %1).

LThe certificate received from the remote server has been revoked. This means that the certificate authority that issued the certificate has invalidated it. The TLS connection request has failed. The attached data contains the server certificate.%n The SSPI client process is %2 (PID: %1).

�The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is %3. The TLS connection request has failed. The attached data contains the server certificate.%n The SSPI client process is %2 (PID: %1).

DWhen asking for client authentication, this server sends a list of trusted certificate authorities to the client. The client uses this list to choose a client certificate that is trusted by the server. Currently, this server trusts so many certificate authorities that the list has grown too long. This list has thus been truncated. The administrator of this machine should review the certificate authorities trusted for client authentication and remove those that do not really need to be trusted.%n The SSPI client process is %2 (PID: %1).

4No suitable default server credential exists on this system. This will prevent server applications that expect to make use of the system default credentials from accepting SSL connections. An example of such an application is the directory server. Applications that manage their own credentials, such as the internet information server, are not affected by this.%n The SSPI client process is %2 (PID: %1).

,A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is %3.%n The SSPI client process is %2 (PID: %1).

�A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal alert code is %3.%n%n   Target name: %5%n%n The SSPI client process is %2 (PID: %1).%nThe TLS alert registry can be found at http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-6

8The TLS %3 specified certificate's chain is incomplete:%n%n   Failure Status: %4%n%n This can cause trust validation failures or interoperability problems. For more information see KB 954755%n The attached data contains the certificate.%n The SSPI client process is %2 (PID: %1).

�Could not retrieve an OCSP response.%n%n   The Failure Reason is: %1%n    The OCSP Url is: %2%n   The previous OCSP response contained the following times:%n      ThisUpdate: %3%n      NextUpdate: %4%n%nThe attached data contains the certificate.

The Security System detected an authentication error for the server %1. The failure code from authentication protocol %2 was %3.

The Security System could not establish a secured connection with the server %1. No authentication protocol was available.

XThe Security System was unable to authenticate to the server %1 because the server has completed the authentication, but the client authentication protocol %2 has not.

�The Security System received an authentication attempt with an unknown authentication protocol. The request has failed.

�The Security System has selected %2 for the authentication protocol to server %1.

The Security System has received an authentication attempt, and determined that the protocol %1 preferred by the client is acceptable.

�The Security System has received an authentication request directly for authentication protocol %1.

�The Security System has received an authentication request that could not be decoded. The request has failed.

�The Security System has received an authentication attempt, and determined that the protocol %1 is the common protocol.

(The Security System has detected a downgrade attempt when contacting the 3-part SPN %n%n %1 %n%n with error code %2. Authentication was denied.

�The Security System is auditing a downgrade attempt when contacting the 3-part SPN %n%n %1 %n%n with error code %2.

TLogon cache was disabled. Intermittent authentication failures may result during periods of network latency or interrupts. Please contact your system administrator.

,A failed logon attempt has caused a logon cache entry for user %1 to be deleted. The authentication package was %2, and the error message was %3.

�A logon cache entry for user %1 was the oldest entry and was removed. The timestamp of this entry was %2.

�Verification of the DTLS connection request failed.%n The SSPI client process is %2 (PID: %1).

�DTLS record was rejected because it is outside of current receive window.%n The SSPI client process is %2 (PID: %1).

A DTLS record was rejected because it is a duplicate of a previously received record.%n The SSPI client process is %2 (PID: %1).

�The retransmission of DTLS handshake messages has been requested.%n The SSPI client process is %2 (PID: %1).

�The key material used to protect TLS Session Tickets was not found at %3.%n The SSPI client process is %2 (PID: %1).

Start

Stop

Critical

Error

Warning

 Information

<Security Package Manager

Locator

0SPNEGO (Negotiator)

 Logon Cache

LSA Logon

0LSA SID-Name Lookup

Max

client

server

@Enterprise Credential Data

4Local Credential Data

4Microsoft-Windows-LSA

System

 Operational

 Diagnostic

LMicrosoft-Windows-Authentication

tMicrosoft-Windows-Authentication/ProtectedUser-Client

�Microsoft-Windows-Authentication/ProtectedUserFailures-DomainController

�Microsoft-Windows-Authentication/ProtectedUserSuccesses-DomainController

�Microsoft-Windows-Authentication/AuthenticationPolicyFailures-DomainController

@LogonSession alive after interactive user logoff. Indicates a possible token leak in one of the services. %nLogon ID:%1%nAccount Name:%2%nDomain Name:%3%n

�4VS_VERSION_INFO��
�|O
�|O?�StringFileInfo�040904B0LCompanyNameMicrosoft CorporationFFileDescriptionLSA Server DLLn'FileVersion10.0.20348.3804 (WinBuild.160101.0800)6InternalNamelsasrv.dll�.LegalCopyright� Microsoft Corporation. All rights reserved.FOriginalFilenamelsasrv.dll.muij%ProductNameMicrosoft� Windows� Operating SystemDProductVersion10.0.20348.3804DVarFileInfo$Translation	�PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING