Microsoft-Windows-CertPolEng
48 events across 1 channel
Event ID 0 — Entering Function FunctionName.
Description
Entering Function FunctionName.
Message #
Fields #
| Name | Description |
|---|---|
FunctionName AnsiString | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-CertPolEng",
"guid": "AF9CC194-E9A8-42BD-B0D1-834E9CFAB799",
"event_source_name": "",
"event_id": 0,
"version": 0,
"level": 4,
"task": 0,
"opcode": 0,
"keywords": 9223372036854775808,
"time_created": "2026-03-13T20:00:13.524244+00:00",
"event_record_id": 1,
"correlation": {
"ActivityID": "8B83AF9E-B321-0001-1AB0-838B21B3DC01"
},
"execution": {
"process_id": 968,
"thread_id": 2336
},
"channel": "Microsoft-Windows-CertPoleEng/Operational",
"computer": "LAB-DC01.ludus.domain",
"security": {
"user_id": "S-1-5-18"
}
},
"event_data": {
"FunctionName": "IntPstGetTrustAnchors"
},
"message": ""
}
Event ID 1 — Exiting Function FunctionName.
Description
Exiting Function FunctionName.
Message #
Fields #
| Name | Description |
|---|---|
FunctionName AnsiString | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-CertPolEng",
"guid": "AF9CC194-E9A8-42BD-B0D1-834E9CFAB799",
"event_source_name": "",
"event_id": 1,
"version": 0,
"level": 4,
"task": 0,
"opcode": 0,
"keywords": 9223372036854775808,
"time_created": "2026-03-13T20:00:13.524262+00:00",
"event_record_id": 6,
"correlation": {
"ActivityID": "8B83AF9E-B321-0001-1AB0-838B21B3DC01"
},
"execution": {
"process_id": 968,
"thread_id": 2336
},
"channel": "Microsoft-Windows-CertPoleEng/Operational",
"computer": "LAB-DC01.ludus.domain",
"security": {
"user_id": "S-1-5-18"
}
},
"event_data": {
"FunctionName": "CProviderRegistrationCache::IntGetTrustAnchors"
},
"message": ""
}
Event ID 2 — FunctionName failed with return code LastError.
Description
FunctionName failed with return code LastError.
Message #
Fields #
| Name | Description |
|---|---|
FunctionName AnsiString | — |
LastError UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-CertPolEng",
"guid": "AF9CC194-E9A8-42BD-B0D1-834E9CFAB799",
"event_source_name": "",
"event_id": 2,
"version": 0,
"level": 2,
"task": 0,
"opcode": 0,
"keywords": 9223372036854775808,
"time_created": "2026-03-13T20:00:13.524258+00:00",
"event_record_id": 4,
"correlation": {
"ActivityID": "8B83AF9E-B321-0001-1AB0-838B21B3DC01"
},
"execution": {
"process_id": 968,
"thread_id": 2336
},
"channel": "Microsoft-Windows-CertPoleEng/Operational",
"computer": "LAB-DC01.ludus.domain",
"security": {
"user_id": "S-1-5-18"
}
},
"event_data": {
"FunctionName": "IntGetTrustAnchors(actual error)",
"LastError": 3221685484
},
"message": ""
}
Event ID 3 — FunctionName returned LastError.
Event ID 4 — Not running inside LSA
Description
Not running inside LSA.
Message #
Event ID 5 — Running inside LSA
Description
Running inside LSA.
Message #
Example Event #
{
"system": {
"provider": "Microsoft-Windows-CertPolEng",
"guid": "AF9CC194-E9A8-42BD-B0D1-834E9CFAB799",
"event_source_name": "",
"event_id": 5,
"version": 0,
"level": 4,
"task": 0,
"opcode": 0,
"keywords": 9223372036854775808,
"time_created": "2026-03-14T16:28:40.910557+00:00",
"event_record_id": 10,
"correlation": {
"ActivityID": "0DD0D01B-52DE-45C4-BB8D-BF1723FA1D6F"
},
"execution": {
"process_id": 1092,
"thread_id": 3352
},
"channel": "Microsoft-Windows-CertPoleEng/Operational",
"computer": "LAB-WIN11.ludus.domain",
"security": {
"user_id": "S-1-5-18"
}
},
"event_data": {},
"message": ""
}
Event ID 6 — Cert Store changes are detected
Description
Cert Store changes are detected.
Message #
Event ID 7 — No online providers are installed
Description
No online providers are installed.
Message #
Event ID 8 — There are no trust anchors for the providers
Description
There are no trust anchors for the providers.
Message #
Event ID 9 — Total number of TrustRoot Found Number.
Event ID 10 — Target name is TargetName, HostName is HostName.
Event ID 11 — PSTGetCertificate called, number of select criteria are NumOfCriteria, bIsClient parameter is bClient.
Event ID 12 — Opening Machine Store?
Event ID 13 — Expired cert found
Description
Expired cert found.
Message #
Event ID 14 — Unable to find Provider From Certificate: Error LastError.
Event ID 15 — Calling LRPC cert renewal Interface psz.
Event ID 16 — Expired Certificate were found, will call CertSelectCertificateChains again
Description
Expired Certificate were found, will call CertSelectCertificateChains again.
Message #
Event ID 17 — No matching Certificate were found
Description
No matching Certificate were found.
Message #
Event ID 18 — Will Special case for Homegroup self sign certificates
Description
Will Special case for Homegroup self sign certificates.
Message #
Event ID 19 — GetCertificates returning Number certificates.
Event ID 20 — RequestIssuancePolicy Is Specified
Description
RequestIssuancePolicy Is Specified.
Message #
Event ID 21 — Certificate is Self Signed
Description
Certificate is Self Signed.
Message #
Event ID 22 — Certificate found in HomeGroup Container
Description
Certificate found in HomeGroup Container.
Message #
Event ID 23 — Checking if the Certificate is from one of the Providers
Description
Checking if the Certificate is from one of the Providers.
Message #
Event ID 24 — Cert Subject name is psz.
Event ID 25 — UserName is psz.
Event ID 26 — Failed to Connect to psz.
Event ID 27 — CProviderEntry::ReadInfoFromRegistry LRPC Entrypoint is missing for provider Provider.
Event ID 28 — Failed to Open Provider Root Key Number.
Event ID 29 — Failed to Query Provider Root Key Number.
Event ID 30 — Failed to Query SubKey SubKey, Error LastError.
Event ID 31 — Invalid Provider GUID SubKey.
Event ID 32 — CertVerifyCertificateChainPolicy Failed Status is LastError, ChainIndex ChainIndex, lElementIndex lElementIndex.
Event ID 33 — Failed to open LSA Registry Root Key Number.
Event ID 34 — Pku2u is disabled by policy
Description
Pku2u is disabled by policy.
Message #
Example Event #
{
"system": {
"provider": "Microsoft-Windows-CertPolEng",
"guid": "AF9CC194-E9A8-42BD-B0D1-834E9CFAB799",
"event_source_name": "",
"event_id": 34,
"version": 0,
"level": 4,
"task": 0,
"opcode": 0,
"keywords": 9223372036854775808,
"time_created": "2026-03-13T20:00:13.524248+00:00",
"event_record_id": 3,
"correlation": {
"ActivityID": "8B83AF9E-B321-0001-1AB0-838B21B3DC01"
},
"execution": {
"process_id": 968,
"thread_id": 2336
},
"channel": "Microsoft-Windows-CertPoleEng/Operational",
"computer": "LAB-DC01.ludus.domain",
"security": {
"user_id": "S-1-5-18"
}
},
"event_data": {},
"message": ""
}
Event ID 35 — Failed to open StoreName certificate store.
Event ID 36 — Failed to validate certificate.
Event ID 37 — Failed to validate certificate.
Description
Failed to validate certificate. The hash comparison failed.
Message #
Event ID 38 — UPN and client RDN are missing
Description
UPN and client RDN are missing.
Message #
Event ID 39 — The client name doesn't match the UPN.
Event ID 40 — The client name is psz.
Event ID 41 — The client name matched the UPN.
Event ID 42 — Certificate validation succeeded as the hash comparison succeeded
Description
Certificate validation succeeded as the hash comparison succeeded.
Message #
Event ID 43 — Unable to find the certificate in the HomeGroup Container
Description
Unable to find the certificate in the HomeGroup Container.
Message #
Event ID 44 — The certificate chains to an untrusted root
Description
The certificate chains to an untrusted root.
Message #
Event ID 45 — The supplied or saved credman credential with username UserName is not a UPN.
Event ID 46 — Provider Provider is not enabled.
Description
Provider Provider is not enabled.
Message #
Fields #
| Name | Description |
|---|---|
Provider GUID | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-CertPolEng",
"guid": "AF9CC194-E9A8-42BD-B0D1-834E9CFAB799",
"event_source_name": "",
"event_id": 46,
"version": 0,
"level": 2,
"task": 0,
"opcode": 0,
"keywords": 9223372036854775808,
"time_created": "2026-03-14T16:28:40.869270+00:00",
"event_record_id": 5,
"correlation": {
"ActivityID": "0DD0D01B-52DE-45C4-BB8D-BF1723FA1D6F"
},
"execution": {
"process_id": 1092,
"thread_id": 3352
},
"channel": "Microsoft-Windows-CertPoleEng/Operational",
"computer": "LAB-WIN11.ludus.domain",
"security": {
"user_id": "S-1-5-18"
}
},
"event_data": {
"Provider": "6D0F37E4-4FAC-4E44-9C07-6B8343FE4953"
},
"message": ""
}