The following Table summarizes the Forefront TMG Event IDs.
This table was put into graphs with event information of the Forefront SCOM Management Pack 7.0. We hope you find it useful.
Credits to Jan Tiedemann, Microsoft Forefront Sr. Premier Field Engineer, who prepared this table:
Message
EventIDs
Severity
Category
The Microsoft Firewall failed to log information to the SQL database
21204
Error
Logging: SQL Database
The Microsoft Firewall service was unable to connect to the SQL database
21203, 21202
The Microsoft Firewall service was unable to open an ADO connection
7
The TMG Server Web Filter failed to log information to the SQL database
The TMG Server Web Filter was unable to connect to the SQL database
21202, 21203
The TMG Server Web Proxy was unable to open an ADO connection
The Microsoft Firewall service failed to log information to the MSDE database
8
Logging: SQL Server Express Database
The Microsoft Firewall service was unable to connect to the MSDE database
21192
The TMG Server Web Filter failed to log information to the MSDE database
The TMG Server Web Filter was unable to connect to the MSDE database
All log records from the log queue were successfully formatted and moved to the appropriate formatted store
23415
Logging: Text-File
Invalid TMG Server log directory
21002, 21004
The action to retrieve the TMG Server log directory failed
21001
The log generation rate exceeds the log formatting rate
23414
The Microsoft Firewall service failed to log information because the Firewall log does not exist
4
The Microsoft Firewall service failed to log information to a text file
5
The TMG Server Web Proxy failed to log information because the Web Proxy log does not exist
The TMG Server Web Proxy failed to log information to a text file
TMG server failed to initialize the log queue
23411, 23412
TMG server failed to log network traffic
23413
A load balanced network has no network adapter and is behind another load balanced network
21230
Warning
NLB-Server Component
A network adapter was found but it does not have a static IP address that can be used as a dedicated IP
21114
A network that is load balanced has a Virtual IP but this Virtual IP belongs to another network
21234
A network that is load balanced is behind a network that is not load balanced
21231
A networks Virtual IP set is the same as the Dedicated IP of a network adapter
21241
A Virtual IP and a Dedicated IP do not have the same subnet mask or are in different subnets
21242
A web server name indicated by a web publishing rule couldnt be resolved
21243
An inconsistency between the Network Load Balancing configuration and the network rules was detected
21215
An NLB network adapter may be used for intraarray communication
21269
Network Load Balancing cannot be configured properly because there is no suitable network adapter
21113
The connection with the Windows Management Instrumentation WMI is broken
21275
The Firewall service failed to apply the Network Load Balancing configuration on the local computer
21107
The network adapter has an illegal IP address configuration
21115
A disk cache failed to initialize
14176
Server Component: Cache
All cache drives failed to initialize properly
14164
Failed to reduce the size of cache file
14196
The cache was not properly initialized
14172
There is inconsistency in some cache files
14165
TMG Server failed to initialize the cache because the Network services account does not have sufficient permissions for the root folder and the Urlcache folder on a cache drive
21334
TMG Server failed to write content to the cache file
14197
TMG Server will not be able save all the run-time configuration information of a cache disk when you shut down TMG Server
14195
While restoring cache data, objects with conflicting information were detected
14169
A fatal error occurred while attempting to access a certificate private key
12260
Server Component: Publishing
A RADIUS server did not respond
21288
A server publishing rule failed
21150
A server publishing rule failed because a runtime error occurred while processing the rule
21151
A server publishing rule failed because a session cannot be created for the server
14089
A server publishing rule failed because the listening IP addresses specified for the rule are not valid
21217
A server publishing rule failed because the protocol specified cannot be used for publishing
14092
A server publishing rule failed because there was no valid network listener
21174
A server publishing rule was unable to bind a socket for the server
14090, 21311
A server publishing rule was unable to bind a socket for the server because the port is already in use
14163, 21312
A Web publishing rule failed because the Web listener selected for the rule is not valid
21216
A Web publishing rule stopped forwarding requests to published servers in a Web farm because there are currently no online servers that can accept requests
10150
A Web server published by a rule rejected a request because TMG Server does not delegate the credentials required by the Web server for authentication
21330
An LDAP server did not respond
21286
The connection to a RADIUS server was restored
21289
Information
The connection to an LDAP server was restored
21287
The name of a published Web server could not be resolved
21313
The name of a RADIUS server cannot be resolved
21301
The reference to the protocol from a server publishing rule could not be read
14159
The RPC filter cannot use the defined port
20023
The RPC filter failed to start listening on some of the publishing rules
20024
The SSL server certificate used by a published server expired or is not yet valid
23406
The Web site published by a rule rejected the type of credentials that TMG Server tried to delegate
21314
TMG Server could not delegate credentials using Kerberos constrained delegation
21315
TMG Server failed to initialize server publishing because an internal error occurred
14095
TMG Server failed to read one or more server publishing rules from the stored configuration because an internal error occurred
14097
TMG Server failed to read the parameters of a publishing rule from the stored configuration
14098
TMG Server failed to read the server publishing rules from the stored configuration because an internal error occurred
14096
A content download job was stopped
13107
Server Component: VPN
An invalid request to be released from quarantine was sent from a VPN NAP client
23456
Changes made to the VPN configuration require the computer to be restarted
14112
Changes to the network will take effect only after restarting the computer
21167
DHCP cannot be used on multi-server arrays to assign IP addresses to VPN clients or remote endpoint servers
21247
Failed to enable the Routing and Remote Access service
14106
Failed to read the Routing and Remote Access service configuration from the registry
14103
Failed to resolve a remote gateway address specified for VPN site-to-site network
21255
Failed to save the Routing and Remote Access service configuration in the registry
14102
Failed to save VPN configuration, the IPsec pre-shared key for this server may be unavailable
21258
Failed to start the Routing and Remote Access service
14104
Failed to stop the Routing and Remote Access service
14105
IPSecPol could not be detected on the TMG Server computer
21195
No connection owner is specified for a VPN site-to-site network
21244
One or more previously unavailable array member is not handling VPN connections
21246
Quarantine in the Remote Access Policy cannot be enabled
15109
The connection request policy for NPS may prevent new RADIUS clients from obtaining NPS (RADIUS) services
23455
The Firewall service cannot create the IPSec configuration for a network
21165
The Firewall service cannot remove the IPSec configuration for a network
21166
The IPsec tunnel is not functioning because the local endpoint was misconfigured
21245
The RADIUS Server List is empty
21098
The Remote Access Service configuration for VPN could not be completed
21199
The TMG Scheduler service was unable to connect to the Web Proxy filter
13109
TMG Server cannot locate a route to a remote site
21197
TMG Server could not query the status of the Remote Access Service
21176
TMG Server failed to disable the Remote Access service
21175
A web filter failed to reload its configuration
21177
Server Component: WebProxy
A web filter is not installed on this server
21237
Definitions for malware inspection could not be loaded during update
23468
Definitions for malware inspection could not be loaded when the Microsoft Firewall Service attempted to start
23486
Forefront TMG cannot route network traffic through a specific ISP link due to configuration problems
23421
Forefront TMG failed to reload the newly downloaded URL filtering database from the folder %1
30533
One or more licenses to subscription services have expired. For more information about the status of your licenses, check the Update Center
23471
Some certificates cannot be initialized
14177
The amount of disk space that the Malware Inspection Filter needs for the accumulation of content exceeded the available disk space
23460
The certification authority (CA) certificate that should be used to sign cloned SSL server certificates for destination servers has expired
23443
The certification authority (CA) certificate that will be used to sign cloned SSL server certificates for destination servers was successfully imported
23447
The client certificate was revoked due to an invalid or missing Certificate Revocation List CRL
21198
The HTTPS inspection configuration settings could not be loaded
23434
The imported certification authority (CA) certificate that should be used to sign cloned SSL server certificates for destination servers is not trusted by the local computer
23444
The imported certification authority (CA) certificate that should be used to sign cloned SSL server certificates for destination servers is not yet valid
23442
The IntraArrayAddress defined on this server is not in the Local Address Table LAT
14158
The Malware Inspection Filter failed to load a progress notification template file
23464
The maximum amount of disk space allowed for accumulation by the Malware Inspection Filter was exceeded
23459
The number of HTTP requests per minute from a specific source IP address exceeded the configured limit
21285
The TMG Server Web Proxy memory pool is low
31212
The Web Proxy filter could not initialize
14127
The Web Proxy filter failed to bind its socket to a port
14148
The Web Proxy filter failed to connect to one of the array members
14132
The Web Proxy filter failed to create a network socket
14198
The Web Proxy filter is not listening on the defined intraarray address on a specified port
14153
TMG Server cannot connect to a proxy server
14000
TMG Server detected a proxy server loop
14141
TMG Server failed to establish an SSL connection
14200
TMG Server failed to initialize due to a corrupted registry
14145
TMG Server failed to load a Web Filter DLL
14146
Web filters cannot be initialized or updated changes cannot be applied To resolve this error check recent changes made to Web filters configuration
21159
Web Proxy filter failed to listen to a socket
14149
A Forefront TMG computer may be subject to policy conflicts
23474
TMG Server
A missing enterprise policy preventing the TMG Server configuration agent from uploading the configuration to the TMG Server services
21254
A network adapter belongs to an enterprise network which is not included in an array level network
21266
A published RPC service cannot be reached
20021
A report could not be created
21023
A report could not be created due to low memory resources
21027
A report could not be published
21140
A report was not created
21026
A shortage of available memory caused the Firewall service to fail
14007
A shortage of available memory caused the Microsoft Firewall service to fail
11007
A shortage of available memory caused the Microsoft Forefront TMG Control service to fail
All of the local IP addresses that are specified for performing NAT to a specific network are not available
23409
An application filter could not be loaded
14060
An application filter is not installed on this server
21236
An application filter performed an illegal operation inside the Firewall service process
14056
An array network has more than one reference to an enterprise network
21221
An array network has reference to a non existent enterprise network
21220
An array network overlaps with another array network
21219
An enterprise network is not included in an array level network
21264
An enterprise network overlaps with another enterperise network
21218
An error occurred during an attempt to check for, download, or install definition updates
23450
An externally defined filter is registered to a Forefront TMG Windows Filtering Platform sub-layers
23473
An insecure configuration was detected
14087
Attempts to check for new definition updates failed consecutively
23481
Configuration changes made may result in loss of connectivity to the TMG Configuration Storage Server and therefore couldn't be applied
21257
Continuous changes to the configuration were detected
21267
Failed to connect to a COM server class on the local computer
21005
Failed to stop the service
14048
Failed to write the last daily summary date to the registry
21158
Failed to write the last monthly summary date to the registry
21157
Forefront TMG cannot route network traffic through a specific ISP link
23425
Forefront TMG cannot route network traffic to the internet
31234
Forefront TMG entered a state in which all traffic is blocked
23453
Forefront TMG is no longer configured to use Microsoft Update
23482
H323 filter failed to bind IP address for listening
20004
H323 filter invalid port configured for listening
20005
Initialization of the H323 performance counters failed
20062
Initializing the RAS client module failed
20059
Intra array account must be defined and enabled when working when the array members are in a workgroup
21225
Invalid parameters were specified for the ReportGen utility
21025
Listening for Q931 connections failed
20060
Low resources Memory allocation failed
20020
Memory allocation failed
20040
Microsoft Firewall Service could not create or access the accumulation folder
23417
Microsoft Firewall Service failed to create the configuration required for processing IPsec traffic
23454
New definition updates are available, but were not installed
23477
One or more licenses to subscription services are about to expire
31276
One or more licenses to subscription services have expired
One or more of the actions associated with an alert has failed due to configuration settings
14065
Registration with the H323 Gatekeeper failed
20066
Routing configurations for some intra array servers are not defined properly
21226
SOCKS filter failed to bind IP address for listening
20002
SOCKS filter invalid port configured for listening
20001
Software Update Required
23502
The action to connect to the TMG Server report data collector failed
21000
The action to copy the period summary from an array member failed
21020
The action to summarize all period summaries from the array failed
21022
The alert feature of the TMG Server Control service failed to logon to run a command
14072
The configuration required for correct processing of IPsec-secured traffic could not be applied
23452
The daily summaries could not be deleted
21017
The daily summaries could not be rolled up into a monthly summary
30974
The daily summaries for a specific period could not be rolled up into a single summary
21019
The daily summary was not created
30973
The email signaling that a report was generated could not be sent
21141
The Firewall service cannot connect to another proxy server
14058, 14059
The Firewall service cannot initialize the firewall engine driver
14009
The Firewall service cannot initialize WinSock
14002
The Firewall service detected a demand dial interface connection that was not created by TMG Server
21162
The Firewall service detected a possible configuration error in a demand dial interface
21163
The Firewall service detected a possible dial up connection configuration error
21164
The Firewall service detected that an upstream proxy server is not available
14061
The Firewall service encountered an illegal operation runtime error R6025 in a pure virtual function
14055
The Firewall service failed to load a security dynamic link library DLL
14015
The Firewall service failed to open a listener for Firewall clients
14035
The Firewall service requires Windows Server 2000 Service Pack 4 or Windows Server 2003
14014
The Firewall service stopped because an application filter module generated an exception code
14057
The FTP filter failed to parse the allowed FTP commands
21172
The Microsoft Firewall service could not start because it failed to connect to The TMG Server Control service
14070
The Microsoft Firewall service encountered a failure
11003, 11001, 11010
The Microsoft Firewall service encountered a system call failure
11005
The Microsoft Firewall Service failed to initialize
14001
The Microsoft Firewall service failed to start
11004, 11006, 11008
11009, 11002, 11000
The Microsoft Forefront TMG Control service encountered a failure
11003, 11010, 11001
The Microsoft Forefront TMG Control service encountered a system call failure
The Microsoft Forefront TMG Control service failed to start
11009, 11002, 11000, 11004, 11006, 14077, 14192, 11008
The Microsoft TMG Job Scheduler service could not start because it failed to connect to The TMG Server Control service
The monthly summaries could not be deleted
21018
The non TCP connection limit for a specific IP address was exceeded
15113
The number of denied connections from a specific source IP address exceeded the configured limit
21284
The number of denied TCP and non TCP packets per second exceeded the system limit
21282
The number of pending DNS name resolution requests exceeds the system defined maximum
21279
The number of TCP connections allowed from a specific source IP address exceeded the configured limit
15120
The number of TCP connections per minute from a specific source IP address exceeded the configured limit
15119
The percentage of threads used for pending DNS requests out of the total number of available threads is below the system defined maximum
21283
The registry hive could not be loaded
21260
The routing table for a network adapter includes IP address ranges that are not included in the array level network to which it is bound
21265
The service could not start because it failed to load RADIUS related configuration
21091
The size of the free non paged pool fell below the system defined minimum
21280
The size of the free non paged pool is above the system defined minimum
21281
The TMG Control service requires Windows Server 2000 with Service Pack 4 or Windows Server 2003
14025
The TMG Control service was stopped
14037
The TMG Firewall Service was stopped the evaluation period has expired
14032
The TMG Server configuration agent was unable to upload the configuration to the TMG Server services
21209
The TMG Server Control service configuration agent was unable to revert to last known configuration
21210
The TMG Server Standard Edition cannot run because either the server is using more than 4 processors or it is configured to use the Active Directory service
14109
TMG failed to load the firewall policy configuration
14020, 14018, 14019
TMG Server detected a network adapter connected to multiple networks
21125
TMG Server detected a network element containing an invalid address range
21096
TMG Server detected network elements that contain overlapping address ranges
21097
TMG Server detected routes through a network adapter that do not correlate with the network to which this adapter belongs
14147
TMG Server detected that an IP address was removed from a network
21139
TMG Server failed to activate the Firewall Engine
21094
TMG Server failed to connect to the Configuration Storage server
21238
TMG Server has detected RADIUS servers with identical names in the RADIUS Server List storage
21102
TMG Server has encountered an error while loading the RADIUS Server List
21100, 21099
TMG Server report or summary generation error
21152, 31031, 21028, 21153
Two array networks include the same enterprise network
21222
Unable to update local registry with changes made to the Central Storage
21212
Unexpected error the service has stopped responding to all requests
14079
Update Center Required Service Not Started
23513
Updating of the computer name or FQDN failed
21124
Windows user based authentication is required for the applied policy
15118