Fields

Fields

Fields

Fields

Fields

Fields

Fields

Example Event

system:
  provider: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
  guid: '{F0DB7EF8-B6F3-4005-9937-FEB77B9E1B43}'
  event_source_name: AutoEnrollment
  event_id: 6
  version: 0
  level: 2
  task: 0
  opcode: 0
  keywords: 36028797018963968
  time_created: '2022-04-07T08:15:12.653840+00:00'
  event_record_id: 112
  correlation: {}
  execution:
    process_id: 0
    thread_id: 0
  channel: Application
  computer: WIN-FPV0DSIC9O6.sigma.fr
  security:
    user_id: ''
event_data:
  Context: local system
  ErrorCode: '0x8007054b'
  ErrorMsg: "The specified domain either does not exist or could not be contacted.\r\n"
message: "Automatic certificate enrollment for local system failed (0x8007054b) The
  specified domain either does not exist or could not be contacted.\r\n."

References

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Fields

Fields

Message

Automatic certificate enrollment for %1 failed to download certificates for %2 store from %3 (%4). %5

Fields

Message

Automatic certificate enrollment for {Context} started.

Fields

Message

Automatic certificate enrollment for {Context} completed.

Fields

Message

Automatic certificate enrollment for {Context} invoked the enrollment API.

Fields

Message

Automatic certificate enrollment for {Context} returned from the enrollment API.

Fields

Message

Automatic certificate enrollment for %1 failed (%2) %3.

Fields

Message

Automatic certificate enrollment for %1 failed to contact the active directory (%2). %3 Enrollment will not be performed.

Fields

Message

Certificate for %1 with Thumbprint %2 is about to expire or already expired.

Fields

Message

Automatic certificate enrollment for {Context} failed to download certificates for {StoreName} store from {LdapStore} ({ErrorCode}). {ErrorMsg}

Fields

Message

Automatic certificate enrollment for %1 started.

Fields

Message

Automatic certificate enrollment for %1 completed.

Fields

Message

Automatic certificate enrollment for %1 invoked the enrollment API.

Fields

Message

Automatic certificate enrollment for %1 returned from the enrollment API.

Fields

Message

Automatic certificate enrollment for {Context} failed ({ErrorCode}) {ErrorMsg}.

Fields