networkloadbalancing-core-diagnostic.events.man - Clustering and High-Availability - Site Home

Hi,

You should save the below text in a file named networkloadbalancing-core-diagnostic.events.man

Important: this is an unsupported script, please use this script at your own risk. Microsoft’s Customer Support Services (CSS/PSS) will not support issues associated with this script.

<?xml version='1.0' encoding='utf-8' standalone='yes'?>

<assembly

xmlns="urn:schemas-microsoft-com:asm.v3"

xmlns:win="http://manifests.microsoft.com/win/2004/08/windows/events"

xmlns:xsd="http://www.w3.org/2001/XMLSchema"

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

manifestVersion="1.0"

<assemblyIdentity

buildType="$(build.buildType)"

language="neutral"

name="Microsoft-Windows-NetworkLoadBalancing-Core-Diagnostic-Events"

processorArchitecture="$(build.processorArchitecture)"

publicKeyToken="$(Build.WindowsPublicKeyToken)"

version="$(build.version)"

versionScope="nonSxS"

<provider

guid="{DEF02E30-3290-4b2d-BC28-D2B0EDADF411}"

message="$(string.NLB.Diagnostics.ProviderName)"

messageFileName="%SystemRoot%\System32\drivers\nlb.sys"

name="Microsoft-Windows-NLB-Diagnostic"

resourceFileName="%SystemRoot%\System32\drivers\nlb.sys"

symbol="MICROSOFT_NETWORK_LOAD_BALANCING_DIAGNOSTIC_PUBLISHER"

<channel

chid="NlbTrace"

enabled="false"

isolation="System"

message="$(string.NLB.Diagnostics.DiagnosticChannel)"

name="Microsoft-Windows-NLB/Diagnostic"

symbol="NLB_TRACE_CHANNEL"

type="Analytic"

<retention>false</retention>

</logging>

</publishing>

</channel>

</channels>

<tasks>

<task

message="$(string.FilteringTaskMsg.1)"

name="Task.Filtering.SendAccept"

symbol="TaskFilteringSendAccept"

value="101"

<task

message="$(string.FilteringTaskMsg.2)"

name="Task.Filtering.SendDrop"

symbol="TaskFilteringSendDrop"

value="102"

<task

message="$(string.FilteringTaskMsg.3)"

name="Task.Filtering.ReceiveAccept"

symbol="TaskFilteringReceiveAccept"

value="103"

<task

message="$(string.FilteringTaskMsg.4)"

name="Task.Filtering.ReceiveDrop"

symbol="TaskFilteringReceiveDrop"

value="104"

</tasks>

<keyword

mask="0x0000000000000001"

message="$(string.Keyword.NLB)"

name="NLB"

<keyword

mask="0x0000000000000002"

message="$(string.Keyword.Filtering)"

name="Filtering"

<keyword

mask="0x0000000000000004"

message="$(string.Keyword.Hook)"

name="Hook"

<keyword

mask="0x0000000000000008"

message="$(string.Keyword.Send)"

name="Send"

<keyword

mask="0x0000000000000010"

message="$(string.Keyword.Receive)"

name="Receive"

<keyword

mask="0x0000000000000020"

message="$(string.Keyword.Accept)"

name="Accept"

<keyword

mask="0x0000000000000040"

message="$(string.Keyword.Drop)"

name="Drop"

</keywords>

<maps>

<map

message="$(string.NLB_ACCEPT_DROP_REASON.0)"

value="0"

<map

message="$(string.NLB_ACCEPT_DROP_REASON.1)"

value="1"

<map

message="$(string.NLB_ACCEPT_DROP_REASON.2)"

value="2"

<map

message="$(string.NLB_ACCEPT_DROP_REASON.3)"

value="3"

<map

message="$(string.NLB_ACCEPT_DROP_REASON.4)"

value="4"

<map

message="$(string.NLB_ACCEPT_DROP_REASON.5)"

value="5"

<map

message="$(string.NLB_ACCEPT_DROP_REASON.6)"

value="6"

<map

message="$(string.NLB_ACCEPT_DROP_REASON.7)"

value="7"

<map

message="$(string.NLB_ACCEPT_DROP_REASON.8)"

value="8"

<map

message="$(string.NLB_ACCEPT_DROP_REASON.9)"

value="9"

<map

message="$(string.NLB_ACCEPT_DROP_REASON.10)"

value="10"

<map

message="$(string.NLB_ACCEPT_DROP_REASON.11)"

value="11"

<map

message="$(string.NLB_ACCEPT_DROP_REASON.12)"

value="12"

<map

message="$(string.NLB_ACCEPT_DROP_REASON.13)"

value="13"

<map

message="$(string.NLB_ACCEPT_DROP_REASON.14)"

value="14"

<map

message="$(string.NLB_ACCEPT_DROP_REASON.15)"

value="15"

<map

message="$(string.NLB_ACCEPT_DROP_REASON.16)"

value="16"

<map

message="$(string.NLB_ACCEPT_DROP_REASON.17)"

value="17"

<map

message="$(string.NLB_ACCEPT_DROP_REASON.18)"

value="18"

<map

message="$(string.NLB_ACCEPT_DROP_REASON.19)"

value="19"

<map

message="$(string.NLB_ACCEPT_DROP_REASON.20)"

value="20"

<map

message="$(string.NLB_ACCEPT_DROP_REASON.21)"

value="21"

<map

message="$(string.NLB_ACCEPT_DROP_REASON.22)"

value="22"

<map

message="$(string.NLB_ACCEPT_DROP_REASON.23)"

value="23"

<map

message="$(string.NLB_ACCEPT_DROP_REASON.24)"

value="24"

<map

message="$(string.NLB_ACCEPT_DROP_REASON.25)"

value="25"

<map

message="$(string.NLB_ACCEPT_DROP_REASON.26)"

value="26"

<map

message="$(string.NLB_ACCEPT_DROP_REASON.100)"

value="100"

<map

message="$(string.NLB_ACCEPT_DROP_REASON.200)"

value="200"

</valueMap>

<map

message="$(string.NLB_IP_PROTOCOL.IP)"

value="0"

<map

message="$(string.NLB_IP_PROTOCOL.ICMPv4)"

value="1"

<map

message="$(string.NLB_IP_PROTOCOL.IGMP)"

value="2"

<map

message="$(string.NLB_IP_PROTOCOL.GGP)"

value="3"

<map

message="$(string.NLB_IP_PROTOCOL.TCP)"

value="6"

<map

message="$(string.NLB_IP_PROTOCOL.EGP)"

value="8"

<map

message="$(string.NLB_IP_PROTOCOL.PUP)"

value="12"

<map

message="$(string.NLB_IP_PROTOCOL.UDP)"

value="17"

<map

message="$(string.NLB_IP_PROTOCOL.HMP)"

value="20"

<map

message="$(string.NLB_IP_PROTOCOL.IDP)"

value="22"

<map

message="$(string.NLB_IP_PROTOCOL.RDP)"

value="27"

<map

message="$(string.NLB_IP_PROTOCOL.IPv6)"

value="41"

<map

message="$(string.NLB_IP_PROTOCOL.GRE)"

value="47"

<map

message="$(string.NLB_IP_PROTOCOL.ESP)"

value="50"

<map

message="$(string.NLB_IP_PROTOCOL.AH)"

value="51"

<map

message="$(string.NLB_IP_PROTOCOL.ICMPv6)"

value="58"

<map

message="$(string.NLB_IP_PROTOCOL.RVD)"

value="66"

<map

message="$(string.NLB_IP_PROTOCOL.RAW)"

value="255"

<map

message="$(string.NLB_IP_PROTOCOL.NLB_PPTP)"

value="99"

<map

message="$(string.NLB_IP_PROTOCOL.NLB_IPSEC_FRAGMENT)"

value="217"

</valueMap>

<map

message="$(string.NLB_PACKET_FLAGS.001)"

value="0x001"

<map

message="$(string.NLB_PACKET_FLAGS.002)"

value="0x002"

<map

message="$(string.NLB_PACKET_FLAGS.004)"

value="0x004"

<map

message="$(string.NLB_PACKET_FLAGS.100)"

value="0x100"

</bitMap>

</maps>

<data

inType="win:GUID"

name="InterfaceGUID"

<data

inType="win:UInt32"

map="NLB_ACCEPT_DROP_REASON"

name="Reason"

<data

inType="win:UInt32"

name="SourceIPLength"

<data

inType="win:Binary"

length="SourceIPLength"

name="SourceIP"

outType="win:SocketAddress"

<data

inType="win:UInt32"

name="DestinationIPLength"

<data

inType="win:Binary"

length="DestinationIPLength"

name="DestinationIP"

outType="win:SocketAddress"

<data

inType="win:UInt8"

map="NLB_IP_PROTOCOL"

name="Protocol"

<data

inType="win:HexInt32"

map="NLB_PACKET_FLAGS"

name="Flags"

<data

inType="win:HexInt32"

name="Data"

<data

inType="win:UInt16"

name="HashSourcePort"

<data

inType="win:UInt16"

name="HashDestinationPort"

<data

inType="win:UInt16"

map="NLB_IP_PROTOCOL"

name="HashProtocol"

<data

inType="win:UInt8"

name="Bucket"

<data

inType="win:HexInt64"

name="CurrentBucketMap"

</template>

<data

inType="win:GUID"

name="InterfaceGUID"

<data

inType="win:UInt32"

map="NLB_ACCEPT_DROP_REASON"

name="Reason"

<data

inType="win:UInt32"

name="SourceIPLength"

<data

inType="win:Binary"

length="SourceIPLength"

name="SourceIP"

outType="win:SocketAddress"

<data

inType="win:UInt32"

name="DestinationIPLength"

<data

inType="win:Binary"

length="DestinationIPLength"

name="DestinationIP"

outType="win:SocketAddress"

<data

inType="win:UInt8"

map="NLB_IP_PROTOCOL"

name="Protocol"

<data

inType="win:HexInt32"

map="NLB_PACKET_FLAGS"

name="Flags"

<data

inType="win:HexInt32"

name="Data"

</template>

<data

inType="win:GUID"

name="InterfaceGUID"

<data

inType="win:UInt32"

map="NLB_ACCEPT_DROP_REASON"

name="Reason"

<data

inType="win:UInt32"

name="SourceIPLength"

<data

inType="win:Binary"

length="SourceIPLength"

name="SourceIP"

outType="win:SocketAddress"

<data

inType="win:UInt32"

name="DestinationIPLength"

<data

inType="win:Binary"

length="DestinationIPLength"

name="DestinationIP"

outType="win:SocketAddress"

<data

inType="win:UInt32"

name="HookSourceIPLength"

<data

inType="win:Binary"

length="HookSourceIPLength"

name="HookSourceIP"

outType="win:SocketAddress"

<data

inType="win:UInt32"

name="HookDestinationIPLength"

<data

inType="win:Binary"

length="HookDestinationIPLength"

name="HookDestinationIP"

outType="win:SocketAddress"

<data

inType="win:UInt8"

map="NLB_IP_PROTOCOL"

name="Protocol"

<data

inType="win:HexInt32"

map="NLB_PACKET_FLAGS"

name="Flags"

<data

inType="win:UInt8"

name="Bucket"

<data

inType="win:HexInt64"

name="CurrentBucketMap"

</template>

<data

inType="win:GUID"

name="InterfaceGUID"

<data

inType="win:UInt32"

map="NLB_ACCEPT_DROP_REASON"

name="Reason"

<data

inType="win:UInt32"

name="SourceIPLength"

<data

inType="win:Binary"

length="SourceIPLength"

name="SourceIP"

outType="win:SocketAddress"

<data

inType="win:UInt32"

name="DestinationIPLength"

<data

inType="win:Binary"

length="DestinationIPLength"

name="DestinationIP"

outType="win:SocketAddress"

<data

inType="win:UInt32"

name="HookSourceIPLength"

<data

inType="win:Binary"

length="HookSourceIPLength"

name="HookSourceIP"

outType="win:SocketAddress"

<data

inType="win:UInt32"

name="HookDestinationIPLength"

<data

inType="win:Binary"

length="HookDestinationIPLength"

name="HookDestinationIP"

outType="win:SocketAddress"

<data

inType="win:UInt8"

map="NLB_IP_PROTOCOL"

name="Protocol"

<data

inType="win:HexInt32"

map="NLB_PACKET_FLAGS"

name="Flags"

</template>

</templates>

<event

channel="NlbTrace"

keywords="NLB Filtering Receive Accept"

level="win:Informational"

message="$(string.NlbTrace.Message.001)"

symbol="FilteringReceiveAccept"

task="Task.Filtering.ReceiveAccept"

template="FilteringReceive"

value="0x001"

<event

channel="NlbTrace"

keywords="NLB Filtering Receive Drop"

level="win:Informational"

message="$(string.NlbTrace.Message.002)"

symbol="FilteringReceiveDrop"

task="Task.Filtering.ReceiveDrop"

template="FilteringReceive"

value="0x002"

<event

channel="NlbTrace"

keywords="NLB Filtering Receive Accept Hook"

level="win:Informational"

message="$(string.NlbTrace.Message.003)"

symbol="FilteringReceiveAcceptHook"

task="Task.Filtering.ReceiveAccept"

template="FilteringReceiveHook"

value="0x003"

<event

channel="NlbTrace"

keywords="NLB Filtering Receive Drop Hook"

level="win:Informational"

message="$(string.NlbTrace.Message.004)"

symbol="FilteringReceiveDropHook"

task="Task.Filtering.ReceiveDrop"

template="FilteringReceiveHook"

value="0x004"

<event

channel="NlbTrace"

keywords="NLB Filtering Send Accept"

level="win:Informational"

message="$(string.NlbTrace.Message.005)"

symbol="FilteringSendAccept"

task="Task.Filtering.SendAccept"

template="FilteringSend"

value="0x005"

<event

channel="NlbTrace"

keywords="NLB Filtering Send Drop"

level="win:Informational"

message="$(string.NlbTrace.Message.006)"

symbol="FilteringSendDrop"

task="Task.Filtering.SendDrop"

template="FilteringSend"

value="0x006"

<event

channel="NlbTrace"

keywords="NLB Filtering Send Accept Hook"

level="win:Informational"

message="$(string.NlbTrace.Message.007)"

symbol="FilteringSendAcceptHook"

task="Task.Filtering.SendAccept"

template="FilteringSendHook"

value="0x007"

<event

channel="NlbTrace"

keywords="NLB Filtering Send Drop Hook"

level="win:Informational"

message="$(string.NlbTrace.Message.008)"

symbol="FilteringSendDropHook"

task="Task.Filtering.SendDrop"

template="FilteringSendHook"

value="0x008"

</events>

</provider>

</events>

</instrumentation>

<string

id="NLB.Diagnostics.ProviderName"

value="Microsoft-Windows-NLB"

<string

id="NLB.Diagnostics.DiagnosticChannel"

value="Microsoft-Windows-NLB/Diagnostic"

<string

id="NLB_ACCEPT_DROP_REASON.0"

value="Load Module Inactive"

<string

id="NLB_ACCEPT_DROP_REASON.1"

value="Cluster Stopped"

<string

id="NLB_ACCEPT_DROP_REASON.2"

value="Port Rule Disabled"

<string

id="NLB_ACCEPT_DROP_REASON.3"

value="Connection Dirty"

<string

id="NLB_ACCEPT_DROP_REASON.4"

value="Owned Elsewhere"

<string

id="NLB_ACCEPT_DROP_REASON.5"

value="BDA Teaming Refused"

<string

id="NLB_ACCEPT_DROP_REASON.6"

value="DIP"

<string

id="NLB_ACCEPT_DROP_REASON.7"

value="Hook"

<string

id="NLB_ACCEPT_DROP_REASON.8"

value="Unconditional Ownership"

<string

id="NLB_ACCEPT_DROP_REASON.9"

value="Found Matching Descriptor"

<string

id="NLB_ACCEPT_DROP_REASON.10"

value="Passthrough Mode"

<string

id="NLB_ACCEPT_DROP_REASON.11"

value="DIP"

<string

id="NLB_ACCEPT_DROP_REASON.12"

value="Broadcast"

<string

id="NLB_ACCEPT_DROP_REASON.13"

value="Remote Control Request"

<string

id="NLB_ACCEPT_DROP_REASON.14"

value="Remote Control Response"

<string

id="NLB_ACCEPT_DROP_REASON.15"

value="Hook"

<string

id="NLB_ACCEPT_DROP_REASON.16"

value="Unfiltered"

<string

id="NLB_ACCEPT_DROP_REASON.17"

value="No Affinity"

<string

id="NLB_ACCEPT_DROP_REASON.18"

value="Stickiness List Immutable"

<string

id="NLB_ACCEPT_DROP_REASON.19"

value="Not Owner No Affinity"

<string

id="NLB_ACCEPT_DROP_REASON.20"

value="Owner Exception"

<string

id="NLB_ACCEPT_DROP_REASON.21"

value="Owner No Exception"

<string

id="NLB_ACCEPT_DROP_REASON.22"

value="Not Owner Affinity"

<string

id="NLB_ACCEPT_DROP_REASON.23"

value="Fragment"

<string

id="NLB_ACCEPT_DROP_REASON.24"

value="NetBT Spoofing Failed"

<string

id="NLB_ACCEPT_DROP_REASON.25"

value="DAD Prevention"

<string

id="NLB_ACCEPT_DROP_REASON.26"

value="DAD Prevention"

<string

id="NLB_ACCEPT_DROP_REASON.100"

value="Accept"

<string

id="NLB_ACCEPT_DROP_REASON.200"

value="Drop"

<string

id="NLB_IP_PROTOCOL.IP"

value="IP"

<string

id="NLB_IP_PROTOCOL.ICMPv4"

value="ICMPv4"

<string

id="NLB_IP_PROTOCOL.IGMP"

value="IGMP"

<string

id="NLB_IP_PROTOCOL.GGP"

value="GGP"

<string

id="NLB_IP_PROTOCOL.TCP"

value="TCP"

<string

id="NLB_IP_PROTOCOL.EGP"

value="EGP"

<string

id="NLB_IP_PROTOCOL.PUP"

value="PUP"

<string

id="NLB_IP_PROTOCOL.UDP"

value="UDP"

<string

id="NLB_IP_PROTOCOL.HMP"

value="HMP"

<string

id="NLB_IP_PROTOCOL.IDP"

value="IDP"

<string

id="NLB_IP_PROTOCOL.RDP"

value="RDP"

<string

id="NLB_IP_PROTOCOL.IPv6"

value="IPv6"

<string

id="NLB_IP_PROTOCOL.GRE"

value="GRE"

<string

id="NLB_IP_PROTOCOL.ESP"

value="ESP"

<string

id="NLB_IP_PROTOCOL.AH"

value="AH"

<string

id="NLB_IP_PROTOCOL.ICMPv6"

value="ICMPv6"

<string

id="NLB_IP_PROTOCOL.RVD"

value="RVD"

<string

id="NLB_IP_PROTOCOL.RAW"

value="RAW"

<string

id="NLB_IP_PROTOCOL.NLB_PPTP"

value="NLB_PPTP"

<string

id="NLB_IP_PROTOCOL.NLB_IPSEC_FRAGMENT"

value="NLB_IPSEC_FRAGMENT"

<string

id="NLB_PACKET_FLAGS.100"

value="Stateful"

<string

id="NLB_PACKET_FLAGS.001"

value="Fragment"

<string

id="NLB_PACKET_FLAGS.002"

value="Connection Up"

<string

id="NLB_PACKET_FLAGS.004"

value="Connection Down"

<string

id="FilteringTaskMsg.1"

value="Filtering Send Accept"

<string

id="FilteringTaskMsg.2"

value="Filtering Send Drop"

<string

id="FilteringTaskMsg.3"

value="Filtering Receive Accept"

<string

id="FilteringTaskMsg.4"

value="Filtering Receive Drop"

<string

id="Keyword.NLB"

value="NLB"

<string

id="Keyword.Filtering"

value="Filtering"

<string

id="Keyword.Hook"

value="Hook"

<string

id="Keyword.Send"

value="Send"

<string

id="Keyword.Receive"

value="Receive"

<string

id="Keyword.Accept"

value="Accept"

<string

id="Keyword.Drop"

value="Drop"

<string

id="NlbTrace.Message.001"

value="NLB cluster on interface %1 received traffic from %4 destined to %6 [protocol: %7 (%9), flags: %8]. This cluster node will accept this traffic (reason: %2). Source port %10, destination port %11, and protocol %12 have been used for the accept/drop decision."

<string

id="NlbTrace.Message.002"

value="NLB cluster on interface %1 received traffic from %4 destined to %6 [protocol: %7 (%9), flags: %8]. This cluster node will drop this traffic (reason: %2). Source port %10, destination port %11, and protocol %12 have been used for the accept/drop decision."

<string

id="NlbTrace.Message.003"

value="NLB cluster on interface %1 received traffic from %4 destined to %6. This cluster node will accept this traffic (reason: %2). An application registered hook requested that source %8, destination %10, and protocol %11 be used for the accept/drop decision."

<string

id="NlbTrace.Message.004"

value="NLB cluster on interface %1 received traffic from %4 destined to %6. This cluster node will drop this traffic (reason: %2). An application registered hook requested that source %8, destination %10, and protocol %11 be used for the accept/drop decision."

<string

id="NlbTrace.Message.005"

value="NLB cluster on interface %1 intercepted outgoing traffic from %4 destined to %6 [protocol: %7 (%9), flags: %8]. This cluster node will send this traffic (reason: %2)."

<string

id="NlbTrace.Message.006"

value="NLB cluster on interface %1 intercepted outgoing traffic from %4 destined to %6 [protocol: %7 (%9), flags: %8]. This cluster node will drop this traffic (reason: %2)."

<string

id="NlbTrace.Message.007"

value="NLB cluster on interface %1 intercepted outgoing traffic from %4 destined to %6. This cluster node will send this traffic (reason: %2). An application registered hook requested that source %8, destination %10, and protocol %11 be used for the accept/drop decision."

<string

id="NlbTrace.Message.008"

value="NLB cluster on interface %1 intercepted outgoing traffic from %4 destined to %6. This cluster node will drop this traffic (reason: %2). An application registered hook requested that source %8, destination %10, and protocol %11 be used for the accept/drop decision."

</stringTable>

</resources>

</localization>

</assembly>