MZ@ !L!This program cannot be run in DOS mode. $Rؕ3}3}3}H̴3}H̱3}Rich3}PEL!   @.rsrc@@0H 8Ph?@ABCDE(F@GXHpI~0H`x      0 @ P ` p             0 @ P ` p   p\N<:x&#$%(dX.h3D8(<?ADHGdlJMORPWT]"xbtf`i*m  MUI_*4nYgX2b^Jmw)ie8 MUI en-USSMB Server SharesSMB Server SharesuThis counter set displays information about SMB server shares that are shared using SMB protocol version 2 or higher.Received Bytes/secReceived Bytes/secThe rate at which bytes are being received for requests related to this share. This value includes application data as well as SMB protocol data (such as packet headers).PA Requests/sec Requests/sec<The rate at which requests are being received for this shareTree Connect CountTree Connect Count1The current number of tree connects to this shareCurrent Open File CountCurrent Open File Count@The number of file handles that are currently open in this sharePAThe rate, in seconds, at which bytes are being sent from the SMB File Server related to this share to its clients. This value includes both data bytes and protocol bytes.Sent Bytes/secSent Bytes/sec@The sum of Sent Bytes/sec and Received Bytes/sec for this share.Transferred Bytes/secTransferred Bytes/seceThe number of requests related to this share that are waiting to be processed by the SMB File Server.Current Pending RequestsCurrent Pending RequestsPAThe average number of seconds that elapse between the time at which the SMB File Server receives a request for this share and the time at which the SMB File Server sends the corresponding response.Avg. sec/RequestAvg. sec/Request3Write requests processed/sec related to this share.Write Requests/secWrite Requests/secThe average number of seconds that elapse between the time at which a write request to this share is received and the time at which the SMB File Server sends the corresponding response.Avg. sec/WritePAAvg. sec/WriteCThe rate, in seconds, at which data is being written to this share.Write Bytes/secWrite Bytes/sec2Read requests processed/sec related to this share.Read Requests/secRead Requests/secThe average number of seconds that elapse between the time at which a read request to this share is received and the time at which the SMB File Server sends the corresponding response. Avg. sec/Read Avg. sec/ReadBThe rate, in seconds, at which data is being read from this share.Read Bytes/secRead Bytes/secThe number of files that have been opened by the SMB File Server on behalf of its clients on this share since the server started.Total File Open CountPATotal File Open CountfThe rate, in seconds, at which files are being opened for the SMB File Server s clients on this share.Files Opened/secFiles Opened/secHThe number of durable file handles that are currently open on this shareCurrent Durable Open File CountCurrent Durable Open File CountThe number of durable opens on this share that have been recovered after a temporary network disconnect since the SMB File Server started.!Total Durable Handle Reopen Count!Total Durable Handle Reopen CountThe number of durable opens on this share that could not be recovered after a temporary network disconnect since the SMB File Server Started.(Total Failed Durable Handle Reopen Count(Total Failed Durable Handle Reopen CountEThe percentage of total opens for which clients requested resiliency.% Resilient Handles% Resilient HandlesThe number of resilient opens on this share that have been recovered after a temporary network disconnect since the SMB File Server started.#Total Resilient Handle Reopen Count#Total Resilient Handle Reopen CountThe number of resilient opens on this share that could not be recovered after a temporary network disconnect since the SMB File Server Started.*Total Failed Resilient Handle Reopen Count*Total Failed Resilient Handle Reopen CountHThe percentage of total handles for which clients requested persistency.% Persistent Handles% Persistent HandlesThe number of persistent opens on this share that have been recovered after a temporary network disconnect since the SMB File Server started.$Total Persistent Handle Reopen Count$Total Persistent Handle Reopen CountThe number of persistent opens on this share that could not be recovered after a temporary network disconnect since the SMB File Server Started.+Total Failed Persistent Handle Reopen Count+Total Failed Persistent Handle Reopen CountNThe rate, in seconds, at which metadata requests are being sent to this share.Metadata Requests/secMetadata Requests/secThe average number of seconds that elapse between the time at which a read or write request to this share is received and the time at which the SMB File Server processes the request.Avg. sec/Data RequestAvg. sec/Data Request6The average number of bytes per read or write request.Avg. Data Bytes/RequestAvg. Data Bytes/Request-The average number of bytes per read request.Avg. Bytes/ReadAvg. Bytes/Read.The average number of bytes per write request.Avg. Bytes/WriteAvg. Bytes/WriteDThe average number of read requests that were queued for this share.Avg. Read Queue LengthAvg. Read Queue LengthEThe average number of write requests that were queued for this share.Avg. Write Queue LengthAvg. Write Queue LengthNThe average number of read and write requests that were queued for this share.Avg. Data Queue LengthAvg. Data Queue LengthPThe rate, in seconds, at which data is being written to or read from this share.Data Bytes/secPAData Bytes/secRThe rate, in seconds, at which read or write requests are received for this share.Data Requests/secData Requests/secGThe current number of read or write requests outstanding on this share.Current Data Queue LengthCurrent Data Queue LengthPAfThis counter set displays information about SMB server sessions using SMB protocol version 2 or higherSMB Server SessionsSMB Server SessionsThe rate at which bytes are being received for requests in this session. This value includes application data as well as SMB protocol data (such as packet headers).Received Bytes/secReceived Bytes/sec=The rate at which requests are being received in this session Requests/sec Requests/sec+The number of tree connects in this sessionTree Connect CountTree Connect CountBThe number of file handles that are currently open in this sessionCurrent Open File CountCurrent Open File CountThe rate, in seconds, at which bytes are being sent from the SMB File Server in this session to the client. This value includes both data bytes and protocol bytes.Sent Bytes/secSent Bytes/secBThe sum of Sent Bytes/sec and Received Bytes/sec for this session.Transferred Bytes/secTransferred Bytes/sec_The number of requests in this session that are waiting to be processed by the SMB File Server.Current Pending RequestsCurrent Pending RequestsThe average number of seconds that elapse between the time at which the SMB File Server receives a request in this session and the time at which the SMB File Server sends the corresponding response.Avg. sec/RequestAvg. sec/Request-Write requests processed/sec in this session.Write Requests/secPAWrite Requests/secThe average number of seconds that elapse between the time at which a write request in this session is received and the time at which the SMB File Server sends the corresponding response.Avg. sec/WriteAvg. sec/WriteEThe rate, in seconds, at which data is being written in this session.Write Bytes/secWrite Bytes/sec,Read requests processed/sec in this session.Read Requests/secRead Requests/secThe average number of seconds that elapse between the time at which a read request in this session is received and the time at which the SMB File Server sends the corresponding response. Avg. sec/Read Avg. sec/ReadBThe rate, in seconds, at which data is being read in this session.Read Bytes/secRead Bytes/secThe number of files that have been opened by the SMB File Server on behalf of its clients in this session since the server started.Total File Open CountTotal File Open CountFThe rate, in seconds, at which files are being opened in this session.Files Opened/secFiles Opened/secJThe number of durable file handles that are currently open in this sessionCurrent Durable Open File CountCurrent Durable Open File CountThe number of durable opens in this session that have been recovered after a temporary network disconnect since the SMB File Server started.PA!Total Durable Handle Reopen Count!Total Durable Handle Reopen CountThe number of durable opens in this session that could not be recovered after a temporary network disconnect since the SMB File Server Started.(Total Failed Durable Handle Reopen Count(Total Failed Durable Handle Reopen CountEThe percentage of total opens for which clients requested resiliency.% Resilient Handles% Resilient HandlesThe number of resilient opens in this session that have been recovered after a temporary network disconnect since the SMB File Server started.#Total Resilient Handle Reopen Count#Total Resilient Handle Reopen CountThe number of resilient opens in this session that could not be recovered after a temporary network disconnect since the SMB File Server Started.PA*Total Failed Resilient Handle Reopen Count*Total Failed Resilient Handle Reopen CountFThe percentage of total opens for which clients requested persistency.% Persistent Handles% Persistent HandlesThe number of persistent opens in this session that have been recovered after a temporary network disconnect since the SMB File Server started.$Total Persistent Handle Reopen Count$Total Persistent Handle Reopen CountThe number of persistent opens in this session that could not be recovered after a temporary network disconnect since the SMB File Server Started.+Total Failed Persistent Handle Reopen Count+Total Failed Persistent Handle Reopen CountPAPThe rate, in seconds, at which metadata requests are being sent in this session.Metadata Requests/secMetadata Requests/secThe average number of seconds that elapse between the time at which a read or write request to this session is received and the time at which the SMB File Server processes the request.Avg. sec/Data RequestAvg. sec/Data Request6The average number of bytes per read or write request.Avg. Data Bytes/RequestAvg. Data Bytes/Request-The average number of bytes per read request.PAAvg. Bytes/ReadAvg. Bytes/Read.The average number of bytes per write request.Avg. Bytes/WriteAvg. Bytes/WriteEThe average number of read requests that were queued in this session.Avg. Read Queue LengthAvg. Read Queue LengthFThe average number of write requests that were queued in this session.Avg. Write Queue LengthAvg. Write Queue LengthOThe average number of read and write requests that were queued in this session.Avg. Data Queue LengthAvg. Data Queue LengthMThe rate, in seconds, at which data is being written or read in this session.Data Bytes/secData Bytes/secSThe rate, in seconds, at which read or write requests are received in this session.Data Requests/secData Requests/secIThe current number of read or write requests outstanding in this session.Current Data Queue LengthCurrent Data Queue LengthPA55<00` 0 0PPT&*X[8  P  Pq  L@@ ''8hțej\lqsz ̤$Audit Failure Info Start Stop Send Error Warning Information XMicrosoft-Windows-SMBServer/Performance TMicrosoft-Windows-SMBServer/Analytic XMicrosoft-Windows-SMBServer/Operational XMicrosoft-Windows-SMBServer/Diagnostic TMicrosoft-Windows-SMBServer/Security \Microsoft-Windows-SMBServer/Connectivity LMicrosoft-Windows-SMBServer/Audit PSMB2 Work Item Component Transition <SMB2 Work Item allocated 8SMB2 Work Item released PSMB2 Work Item activity id transfer \SMB2 Work Item external activity id stop <SMB2 Connection accepted TSMB2 Connection Disconnected by Peer @SMB2 Connection Terminated 8SMB2 Session Allocated PSmb Session Authentication Failure PSMB2 Session Authentication Success LSMB2 Session Bound to Connection 8SMB2 Session Terminated @SMB2 TreeConnect Allocated DSMB2 TreeConnect Disconnected @SMB2 TreeConnect Terminated SMB2 TreeConnect Failed due to Cluster Endpoint Initializing 4SMB2 Open established PSMB2 Open Disconnected - Preserved 4SMB2 Open Reconnected HSMB2 Open Suspended - Preserved ,SMB2 Open Closed 0SMB2 Open Timed Out 4SMB2 Open Terminated `SMB2 Open Clustered Client Failover Closed File handle for file "%8\%2" was invalidated by user %4 from computer %6 ,SMB2 Share Added 0SMB2 Share Modified 0SMB2 Share Deleted XS4U2Self authentication failure - The client could not be reauthenticated with S4U2Self to obtain claims. This may be expected if the account is not a domain account. SRV Disabled - The SMB1 negotiate request fails due to SMB1 is disabled. RKF failure - SRV2 failed to get acknowledgement from Resume Key filter for persistent handle request. The server received an unencrypted message from client %4. Message was rejected.%n%nGuidance:%n%nThis event indicates that a client is sending unencrypted data even though the SMB share requires encryption. tThe server received an incorrectly signed message from client %2. Message was rejected.%n%nGuidance:%n%nThis event indicates that a client is sending an incorrectly signed request. The server failed to validate negotiation from client %2. Connection was terminated. p The share denied access to the client.%n%nClient Name: %10%nClient Address: %6%nUser Name: %8%nSession ID: %17%nShare Name: %2%nShare Path: %4%nStatus: %16 (%15)%nMapped Access: %11%nGranted Access: %12%nSecurity Descriptor: %14%n%nGuidance:%n%nYou should expect access denied errors when a principal accesses a share without the necessary permissions. Usually, this indicates that the principal does not have direct security permissions or lacks membership in a group that has direct access permissions. To determine and correct the permissions on the specified share, an administrator can use the Security tab in File Explorer Properties dialog, the SMBSHARE Windows PowerShell module, or the NET SHARE command. You can also use the Effective Access tab in File Explorer to help diagnose the issue.%n%nApplications may generate access denied errors if they attempt to open files in a writable mode first, and then reopen the files in a read-only mode. In this case, no user action is required.%n%nIf access to the share is denied and this event is not logged, you can examine the file and folder NTFS/REFS permissions.%n%nThis error does not indicate a problem with authentication, only authorization. <The share denied anonymous access to the client.%n%nClient Name: %8%nClient Address: %6%nShare Name: %2%nShare Path: %4%n%nGuidance:%n%nYou should expect this error when a client attempts to connect to shares and does not provide any credentials. This indicates that the client is not providing a user name (and domain credentials, if necessary). By default, anonymous access to shares is denied.%n%nThis error does not always indicate a problem with authorization, but mainly authentication. It is more common with non-Windows clients. 8The server denied anonymous access to the client.%n%nClient Name: %4%n Client Address: %2%nSession ID: %5%n%nGuidance:%n%nYou should expect this error when a client attempts to connect to shares and does not provide any credentials. This indicates that the client is not providing a user name (and domain credentials, if necessary). By default, Windows Server denies anonymous access to shares.%n%nThis error does not always indicate a problem with authorization, but mainly authentication. It is more common with non-Windows clients. 0Endpoint added.%n%nName: %2%nDomain Name: %4%nTransport Name: %6%nTransport Flags: %7%n%nGuidance:%n%nYou should expect this event when the server starts listening on an interface, such as during system restart or when enabling a network adaptor. No user action is required. Endpoint removed.%n%nName: %2%nDomain Name: %4%nTransport Name: %6%n%nGuidance:%n%nYou should expect this event when the server stops listening on an interface, such as during shutdown or when disabling a network adaptor. No user action is required. The network name information changed.%n%nChange Type: %1%nNet Name: %3%nIP Address: %9%nFlags: %4%nInterface Index: %5%nCapability: %6%nLink Speed: %7%n%nGuidance:%n%nYou should expect this event on a Windows Failover Cluster node during failover operations, at system startup, or during network configuration. No user action is required. Endpoint coming online.%n%nEndpoint Name: %2%nTransport Name: %4%n%nGuidance:%n%nYou should expect this event on a Windows Failover Cluster node during failover operations. No user action is required. Endpoint going offline.%n%nEndpoint Name: %2%nTransport Name: %4%n%nGuidance:%n%nYou should expect this event on a Windows Failover Cluster node during failover operations. No user action is required. Decrypt call failed.%n%nClient Name: %2%nClient Address: %4%nSession ID: %7%nStatus: %6 (%5)%n%nGuidance:%n%nThis event commonly occurs because a previous SMB session no longer exists. It may also be caused by packets that are altered on the network between the computers due to either errors or a "man-in-the-middle" attack. `Reopen failed.%n%nClient Name: %7%nClient Address: %9%nUser Name: %13%nSession ID: %14%nShare Name: %11%nFile Name: %16%nResume Key: %20%nStatus: %2 (%1)%nRKF Status: %4 (%3)%nDurable: %17%nResilient: %18%nPersistent: %19%nReason: %21%n%nGuidance:%n%nThe client attempted to reopen a continuously available handle, but the attempt failed. This typically indicates a problem with the network or underlying file being re-opened. Handle scavenged.%n%nShare Name: %7%nFile Name: %9%nResume Key: %5%nPersistent File ID: %3%nVolatile File ID: %4%nDurable: %1%nResilient or Persistent: %2%n%nGuidance:%n%nThe server closed a handle that was previously reserved for a client after 60 seconds. You should expect this event on a computer that is continuously available where a client did not gracefully close its session. For instance, this may occur when the client unexpectedly restarted. Backchannel invalidation of session completed.%n%nSession ID: %1%nStatus: %3 (%2)%nTask Status: %5 (%4)%n%nGuidance:%n%nYou should expect this event on a computer that is continuously available. No user action is required Backchannel invalidation of file completed.%n%nResume Key: %1%nStatus: %3 (%2)%nTask Status: %5 (%4)%n%nGuidance:%n%nYou should expect this event on a computer that is continuously available. No user action is required ,File system operation has taken longer than expected.%n%nClient Name: %8%nClient Address: %10%nUser Name: %6%nSession ID: %3%nShare Name: %12%nFile Name: %14%nCommand: %1%nDuration (in milliseconds): %15%nWarning Threshold (in milliseconds): %16%n%nGuidance:%n%nThe underlying file system has taken too long to respond to an operation. This typically indicates a problem with the storage and not SMB. LmCompatibilityLevel value is different from the default.%n%nConfigured LM Compatibility Level: %1%nDefault LM Compatibility Level: %2%n%nGuidance:%n%nLAN Manager (LM) authentication is the protocol used to authenticate Windows clients for network operations. This includes joining a domain, accessing network resources, and authenticating users or computers. This determines which challenge/response authentication protocol is negotiated between the client and the server computers. Specifically, the LM authentication level determines which authentication protocols the client will try to negotiate or the server will accept. The value set for LmCompatibilityLevel determines which challenge/response authentication protocol is used for network logons. This value affects the level of authentication protocol that clients use, the level of session security negotiated, and the level of authentication accepted by servers.%n%nValue (Setting) - Description%n%n0 (Send LM & NTLM responses) - Clients use LM and NTLM authentication and never use NTLMv2 session security. Domain controllers accept LM, NTLM, and NTLMv2 authentication.%n%n1 (Send LM & NTLM - use NTLMv2 session security if negotiated) - Clients use LM and NTLM authentication, and use NTLMv2 session security if the server supports it. Domain controllers accept LM, NTLM, and NTLMv2 authentication.%n%n2 (Send NTLM response only) - Clients use NTLM authentication only and use NTLMv2 session security if the server supports it. Domain controllers accept LM, NTLM, and NTLMv2 authentication.%n%n3 (Send NTLM v2 response only) - Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it. Domain controllers accept LM, NTLM, and NTLMv2 authentication.%n%n4 (Send NTLMv2 response only/refuse LM) - Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it. Domain controllers refuse LM and accept only NTLM and NTLMv2 authentication.%n%n5 (Send NTLM v2 response only/refuse LM & NTLM) - Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it. Domain controllers refuse LM and NTLM and accept only NTLMv2 authentication.%n%nIncompatibly configured LmCompatibility levels between a client and server (such as 0 on a client and 5 on a server) prevent access to the server. Non-Microsoft clients and servers also provide these configuration settings. 0File and printer sharing firewall rule enabled.%n%nGuidance:%n%nYou should expect this event when Windows Firewall is configured to enable the File and Printer Sharing rule, which allows inbound SMB traffic. This event occurs on a computer that has custom shares configured. One or more shares present on this server have access based enumeration enabled.%n%nGuidance:%n%nYou should expect this event when enabling access-based enumeration on one or more shares by using either Server Manager or the Set-SmbShare Windows PowerShell cmdlet. Access-based enumeration can raise CPU utilization when clients connect to shares with folders containing many peer-level resources to which a user does not have access. You can control the CPU utilization by configuring the ABELevel value in the Windows registry:%n%nHKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters\ABELevel [DWORD]%n%nYou can set the value for ABELevel to greater depths to minimize CPU overhead, but doing so diminishes the effectiveness of access-based enumeration:%n%nValue = 0: access-based enumeration is enabled for all levels%n%nValue = 1: access-based enumeration is enabled for a depth of 1 (example: \server\share)%n%nValue = 2: access-based enumeration is enabled for a depth of 2 (example: \server\share\folder)%n%nYou can continue setting values for multiple depth levels. SMB2 and SMB3 have been disabled on this server. This results in reduced functionality and performance.%n%nRegistry Key: HKLM\System\CurrentControlSet\Services\LanmanServer\Parameters%nRegistry Value: Smb2%nDefault Value: 1 (or not present)%nCurrent Value: 0%n%nGuidance:%n%nYou should expect this event when disabling SMB2/SMB3. Microsoft does not recommend disabling SMB2/SMB3. When SMB3 is disabled, you cannot use features such as SMB Transparent Failover, SMB Scale Out, SMB Multichannel, SMB Direct (RDMA), SMB Encryption, VSS for SMB file shares, and SMB Directory Leasing. In most scenarios, SMB provides a troubleshooting workaround as an alternative to disabling SMB2/SMB3. Use the Set-SmbServerConfiguration Windows PowerShell cmdlet to enable SMB2/SMB3. One or more named pipes or shares have been marked for access by anonymous users. This increases the security risk of the computer by allowing unauthenticated users to connect to this server.%n%nRegistry Key: HKLM\System\CurrentControlSet\Services\LanmanServer\Parameters%nRegistry Values: NullSessionPipes, NullSessionShares%nDefault Value: Empty (or not present)%nCurrent Value: Non-empty%n%nGuidance:%n%nYou should expect this event when modifying the default values of NullSessionShares and NullSessionPipes. On a typical file server, these settings do not exist or do not contain values, which is the most secure configuration. By default, domain controllers populate the NullSessionShares entry with netlogon, samr, and lsarpc to allow legacy access methods. TFile leasing has been disabled for the SMB2 and SMB3 protocols. This reduces functionality and can decrease performance.%n%nRegistry Key: HKLM\System\CurrentControlSet\Services\LanmanServer\Parameters%nRegistry Value: DisableLeasing%nDefault Value: 0 (or not present)%nCurrent Value: non-zero%n%nGuidance:%n%nYou should expect this event when disabling SMB 3 Leasing. Microsoft does not recommend disabling SMB Leasing. Once disabled, traffic from client to server may increase since metadata and data may no longer be retrieved from a local cache. The file and printer sharing firewall ports are currently closed. This is the default configuration for a system that is not sharing content or is on a Public network.%n%nGuidance:%n%nYou should expect this event when Windows Firewall is not configured to enable the File and Printer Sharing rule, which allows inbound SMB traffic. This event occurs on a computer that does not have custom shares configured. Clients cannot access SMB shares on this computer until SMB traffic is allowed through the firewall. $An MDL read or write completion request failed.%n%nServer Name: %2%nShare Name: %4%nFile Name: %6%nIsRead: %7%nStatus: %8%n%nGuidance:%n%nThe SMB server sends MDL completion requests to a file system upon completion of a buffered I/O to release system resources. The file system and its filter drivers must not fail MDL completion requests. Failures may result in memory leaks and degraded system performance and stability. Non-Microsoft file system filter drivers are the most common cause of failed MDL completion requests. The server detected a problem and has captured a live kernel dump to collect debug information.%n%nReason: %1%nDump Location: %SystemRoot%\LiveKernelReports%n%nGuidance:%n%nThe server supports the Live Dump feature, where the detection of a problem results in a kernel memory dump, but no bugcheck and reboot. This allows Microsoft Support to examine memory dumps without requiring a reboot or manual intervention. The reason code indicates the type of problem that was detected.%n%nStalled I/O%n%nAn I/O is taking an unreasonably long time to complete. Malfunctioning third-party file system minifilter drivers are a common source of this problem. Other causes include failed disks or a client-driven I/O workload that greatly exceeds the server's capacity. The server detected a problem but was unable to capture a live kernel dump to collect debug information.%n%nReason: %1%n%nGuidance:%n%nThe server supports the Live Dump feature, where the detection of a problem results in a kernel memory dump, but no bugcheck and reboot. This allows Microsoft Support to examine memory dumps without requiring a reboot or manual intervention. The reason code indicates the type of problem that was detected. In this case, the server's request to create a live kernel dump was rejected. This is usually due to the live kernel dump throttle, which prevents frequent dumps from consuming too much disk space. Either wait for the throttle limit to expire (by default, 7 days), or contact Microsoft Support for steps to override the throttle. This event is written to the log no more than once per day. The problem that caused the server to the request a live kernel dump may be occuring more frequently.%n%nStalled I/O%n%nAn I/O is taking an unreasonably long time to complete. Malfunctioning third-party file system minifilter drivers are a common source of this problem. Other causes include failed disks or a client-driven I/O workload that greatly exceeds the server's capacity. CA failure - Failed to set continuously available property on a new or existing file share as the file share is not a cluster share. lCA failure - Failed to set continuously available property on a new or existing file share as Resume Key filter is not started or has failed to attach to the underlying volume. The server failed to reserve the next ID region in the cluster registry. @Packet Fragment (%2 bytes) SMB1 access%n%nClient Address: %1%n%nGuidance:%n%nThis event indicates that a client attempted to access the server using SMB1. To stop auditing SMB1 access, use the Windows PowerShell cmdlet Set-SmbServerConfiguration. ,Packet (%4 bytes) 0SMB Session Authentication Failure%n%nClient Name: %11%nClient Address: %6%nUser Name: %9%nSession ID: %7%nStatus: %4 (%3)%n%nGuidance:%n%nYou should expect this error when attempting to connect to shares using incorrect credentials.%n%nThis error does not always indicate a problem with authorization, but mainly authentication. It is more common with non-Windows clients.%n%nThis error can occur when using incorrect usernames and passwords with NTLM, mismatched LmCompatibility settings between client and server, duplicate Kerberos service principal names, incorrect Kerberos ticket-granting service tickets, or Guest accounts without Guest access enabled A client attempted to access the server using SMB1 and was rejected because SMB1 file sharing support is disabled or has been uninstalled.%n%nGuidance:%n%nAn administrator has disabled or uninstalled server support for SMB1. Clients running Windows XP / Windows Server 2003 R2 and earlier will not be able to access this server. Clients running Windows Vista / Windows Server 2008 and later no longer require SMB1. To determine which clients are attempting to access this server using SMB1, use the Windows PowerShell cmdlet Set-SmbServerConfiguration to enable SMB1 access auditing. The server received an unencrypted message from client when encryption was required. Message was rejected.%n%nClient Name: %4%nClient Address: %8%nUser Name: %6%nSession ID: %9%nShare Name: %2%n%nGuidance:%n%nThis event indicates that a client is sending unencrypted data even though the SMB share requires encryption. The server rejected an incorrectly signed message.%n%nClient Name: %2%nClient Address: %6%nUser Name: %4%nSession ID: %7%n%nGuidance:%n%nThis event indicates that a client is sending an incorrectly signed request. The server rejected an invalid negotiation request. Connection was terminated.%n%nClient Name: %2%nClient Address: %6%nUser Name: %4%nSession ID: %13%nExpected Dialect: %7%nExpected Capabilities: %8%nExpected Security Mode: %9%nReceived Dialect: %10%nReceived Capabilities: %11%nReceived Security Mode: %12%n%nGuidance:%n%nThis event indicates that a client is attempting to negotiate a second connection using a mismatched dialect or capabilities. 8SMB2 Request Negotiate @SMB2 Request Session Setup 0SMB2 Request Logoff <SMB2 Request Tree Connect DSMB2 Request Tree Disconnect ,SMB2 Request Echo 0SMB2 Request Cancel 0SMB2 Request Create 0SMB2 Request Close 0SMB2 Request Flush ,SMB2 Request Read 0SMB2 Request Write <SMB2 Request Break Oplock HSMB2 Request Notify Break Lease TSMB2 Request Acknowledge Break Lease ,SMB2 Request Lock 0SMB2 Request Ioctl DSMB2 Request Query Directory @SMB2 Request Change Notify 8SMB2 Request Query Info 4SMB2 Request Set Info 8SMB2 Response Negotiate @SMB2 Response Session Setup 4SMB2 Response Logoff @SMB2 Response Tree Connect DSMB2 Response Tree Disconnect 0SMB2 Response Echo 4SMB2 Response Create 0SMB2 Response Close 0SMB2 Response Flush 0SMB2 Response Read 0SMB2 Response Write @SMB2 Response Break Oplock TSMB2 Response Acknowledge Break Lease 0SMB2 Response Lock 0SMB2 Response Ioctl DSMB2 Response Query Directory @SMB2 Response Change Notify <SMB2 Response Query Info 8SMB2 Response Set Info 0SMB2 Response Error Stalled I/O Tdi Wsk Rdma Add Update Remove None 8Reconnect durable file ,RKF resume create 4Build create response 4VS_VERSION_INFOP%P%?StringFileInfo040904B0LCompanyNameMicrosoft CorporationTFileDescriptionSmb 2.0 Server driver1FileVersion6.3.9600.20625 (winblue_ltsb_escrow.221003-0335)2 InternalNameSRV2.SYS.LegalCopyright Microsoft Corporation. All rights reserved.B OriginalFilenameSRV2.SYS.MUIj%ProductNameMicrosoft Windows Operating SystemBProductVersion6.3.9600.20625DVarFileInfo$Translation PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD