Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-CertificateServicesClient-AutoEnrollment",
    "guid": "{F0DB7EF8-B6F3-4005-9937-FEB77B9E1B43}",
    "event_source_name": "AutoEnrollment",
    "event_id": 6,
    "version": 0,
    "level": 2,
    "task": 0,
    "opcode": 0,
    "keywords": 36028797018963968,
    "time_created": "2022-04-07T08:15:12.653840+00:00",
    "event_record_id": 112,
    "correlation": {},
    "execution": {
      "process_id": 0,
      "thread_id": 0
    },
    "channel": "Application",
    "computer": "WIN-FPV0DSIC9O6.lab.local",
    "security": {
      "user_id": ""
    }
  },
  "event_data": {
    "Context": "local system",
    "ErrorCode": "0x8007054b",
    "ErrorMsg": "The specified domain either does not exist or could not be contacted.\r\n"
  },
  "message": "Automatic certificate enrollment for local system failed (0x8007054b) The specified domain either does not exist or could not be contacted.\r\n."
}

References #

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Fields #

Fields #

Fields #

Description

Automatic certificate enrollment for Context failed to download certificates for StoreName store from LdapStore (ErrorCode). ErrorMsg.

Message #

Automatic certificate enrollment for %1 failed to download certificates for %2 store from %3 (%4). %5

Fields #

Description

Automatic certificate enrollment for {Context} started.

Message #

Automatic certificate enrollment for {Context} started.

Fields #

Description

Automatic certificate enrollment for {Context} completed.

Message #

Automatic certificate enrollment for {Context} completed.

Fields #

Description

Automatic certificate enrollment for {Context} invoked the enrollment API.

Message #

Automatic certificate enrollment for {Context} invoked the enrollment API.

Fields #

Description

Automatic certificate enrollment for {Context} returned from the enrollment API.

Message #

Automatic certificate enrollment for {Context} returned from the enrollment API.

Fields #

Description

Automatic certificate enrollment for Context failed (ErrorCode) ErrorMsg.

Message #

Automatic certificate enrollment for %1 failed (%2) %3.

Fields #

Description

Automatic certificate enrollment for Context failed to contact the active directory (ErrorCode). ErrorMsg Enrollment will not be performed.

Message #

Automatic certificate enrollment for %1 failed to contact the active directory (%2). %3 Enrollment will not be performed.

Fields #

Description

Certificate for Context with Thumbprint ObjId is about to expire or already expired.

Message #

Certificate for %1 with Thumbprint %2 is about to expire or already expired.

Fields #

Description

Automatic certificate enrollment for {Context} failed to download certificates for {StoreName} store from {LdapStore} ({ErrorCode}). {ErrorMsg}.

Message #

Automatic certificate enrollment for {Context} failed to download certificates for {StoreName} store from {LdapStore} ({ErrorCode}). {ErrorMsg}

Fields #

Description

Automatic certificate enrollment for Context started.

Message #

Automatic certificate enrollment for %1 started.

Fields #

Description

Automatic certificate enrollment for Context completed.

Message #

Automatic certificate enrollment for %1 completed.

Fields #

Description

Automatic certificate enrollment for Context invoked the enrollment API.

Message #

Automatic certificate enrollment for %1 invoked the enrollment API.

Fields #

Description

Automatic certificate enrollment for Context returned from the enrollment API.

Message #

Automatic certificate enrollment for %1 returned from the enrollment API.

Fields #

Description

Automatic certificate enrollment for {Context} failed ({ErrorCode}) {ErrorMsg}.

Message #

Automatic certificate enrollment for {Context} failed ({ErrorCode}) {ErrorMsg}.

Fields #