Microsoft-Windows-DeviceSetupManager

102 events across 4 channels

Event ID	Title	Channel
10	DSM service feature %1 is %2.	Admin
11	DSM service is idle and waiting for %1.	Admin
20	DSM service is running in special OOBE based on OS product policy.	Admin
21	Auto download settings have been committed in OOBE: Store App Updates %1, …	Admin
30	Device container %1 is queued for setup.	Admin
40	%1 search started.	Admin
41	%1 search completed.	Admin
42	%1 search failed with error %2.	Admin
43	Driver update search is being cancelled.	Admin
44	%1 search was cancelled.	Admin
50		Operational
50	Driver recovery on reboot task is %1.	Admin
51		Operational
51	Driver recovery action is requested since it was queued for the next reboot.	Admin
52		Operational
52	Driver recovery request is received.	Admin
100	DSM service started, mode is %1, last session (or boot) was %2 seconds ago.	Admin
101	DSM Service is shutting down.	Admin
102	DSM Service dll has loaded.	Debug
103	DSM Service dll is unloading.	Debug
104	DSM Service failed to start, result=.	Admin
105	DSM Service is entering a retry sequence because soft (retryable) errors were …	Admin
106	DSM Service is leaving the retry state, there have been %1 retry cycles in this …	Admin
107	DSM service has shut down.	Admin
108	The DSM service has entered service state '.	Debug
109	DSM service has entered service mode '.	Admin
110	Job (%2) has started for device container '%1', type=%3.	Debug
111	Job (%2) has completed for device container '%1', status=%3.	Debug
112	Device container '.	Admin
120	Driver update(s) was downloaded for device '.	Admin
121	Driver install failed, result=.	Admin
122	Access to drivers on Windows Update was blocked by policy	Admin
123	DSM service was delayed by %1 seconds for a driver query/download/install on …	Admin
124	Driver %1 was installed on device '%2' in %3 ms.	Admin
125	Driver install on device '.	Admin
126	Device '.	Admin
127	Device '.	Admin
130	Metadata package %1 was staged for device container %2 in %3 ms.	Admin
131	Metadata staging failed, result=.	Admin
132	Metadata package search for device container %1 on Windows Metadata and Internet …	Admin
133	Metadata package %1 download for device container %2 failed with error %3.	Admin
134	Metadata package search for device container %1 completed.	Admin
135	Metadata package search for device container %1 completed.	Admin
136	Metadata package %1 was blocked.	Admin
137	Signature verification failed for metadata package %1 from metadata store, error …	Admin
138	Metadata package %1 was not fully staged due to signature verification: %2 for …	Admin
150	The device '.	Admin
151	The device '.	Admin
152	Removal of device node '.	Admin
160	Software %1 was installed for device '%2' in %3 ms.	Admin
161	Software %1 was not newer, Version: '%2.	Admin
162	Software %1 failed installation with error %2.	Admin
163	Software %1 failed installation with error %2 and process exit code %3.	Admin
164	Software %1 had non-critical error %2 during installation, will retry later.	Admin
165	Software %1 is being launched with command line: '%2'.	Admin
166	Device '%1' requested Store App for '%2'.	Admin
167	Product for pfn %1 located: ProductId: %2, IsFramework: %3.	Admin
168	Uninstalling existing pfn %1 failed with error %2.	Admin
169	Store product %1 is already installed and is being checked for updates.	Admin
170	Store product %1 is being installed.	Admin
171	ProductId %1 done processing, install %2 completed with error %3.	Admin
172	Store product %1 install (%2) failed with error %3.	Admin
180	Retrieving entitlement for Store product %1 failed with error %2.	Admin
190	Property heuristics for device container '.	Admin
191	Property heuristics for device container '.	Admin
200	Connection to the Windows Update service could not be established.	Admin
201	Connection to the Windows Metadata and Internet Services (WMIS) could not be …	Admin
202	The Network List Manager reports no connectivity to the internet.	Admin
203	The Network List Manager reports connection to the internet has been …	Admin
220	Registered the handler %3 for the app %2 to handle notifications from the device …	Operational
221	App %2 already has a handler registered for the device container %1.	Debug
222	Device container %1 and app %2 specify background task information, but …	Debug
223	Unregistered for the Print background task after uninstalling the app %1.	Debug
224	Unregistered for the Mobile Operator background task after uninstalling the app …	Debug
230	Requested download of the app %2 from the store for device %1.	Debug
231	Successfully installed the app %2 from the store for device %1.	Debug
232	Encountered error trying to install app %2 from the store for device %1.	Debug
233	Encountered error trying to install app %2 from the store for device %1.	Debug
234	Driver update(s) was installed on device '.	Admin
300	Device container '.	Operational
301	Device setup for device container '.	Operational
302	Device metadata that contains an extension namespace has been parsed for …	Operational
400		Analytic
401		Analytic
402		Analytic
403		Analytic
404		Analytic
405		Analytic
406		Analytic
407		Analytic
408		Analytic
409		Analytic
410		Analytic
411		Analytic
412		Analytic
413		Analytic
7710	ENTER: Searching WU for driver updates.	Analytic
7711	EXIT: Searching WU for driver updates.	Analytic
7712	ENTER: Downloading driver update from WU.	Analytic
7713	EXIT: Downloading driver update from WU.	Analytic
7714	ENTER: Installing driver update from WU.	Analytic
7715	EXIT: Installing driver update from WU.	Analytic

Event ID 10 — DSM service feature %1 is %2.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin

Message

DSM service feature %1 is %2.

Fields

Name	Description
`Prop_FeatureId`	—
`Prop_FeatureEnablement`	—

Event ID 11 — DSM service is idle and waiting for %1.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin

Message

DSM service is idle and waiting for %1.

Fields

Name	Description
`Prop_IdleWait`	—

Event ID 20 — DSM service is running in special OOBE based on OS product policy.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin

Message

DSM service is running in special OOBE based on OS product policy.

Event ID 21 — Auto download settings have been committed in OOBE: Store App Updates %1, Windows Updates %2.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin

Message

Auto download settings have been committed in OOBE: Store App Updates %1, Windows Updates %2.

Fields

Name	Description
`Prop_AppUpdatesEnablement`	—
`Prop_WindowsUpdatesEnablement`	—

Event ID 30 — Device container %1 is queued for setup.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin

Message

Device container %1 is queued for setup.

Fields

Name	Description
`Prop_ContainerId`	—

Event ID 40 — %1 search started.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin

Message

%1 search started.

Fields

Name	Description
`Prop_ServerSelection`	—

Event ID 41 — %1 search completed.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin

Message

%1 search completed.

Fields

Name	Description
`Prop_ServerSelection`	—

Event ID 42 — %1 search failed with error %2.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin

Message

%1 search failed with error %2.

Fields

Name	Description
`Prop_ServerSelection`	—
`HRESULT`	—

Event ID 43 — Driver update search is being cancelled.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin

Message

Driver update search is being cancelled.

Event ID 44 — %1 search was cancelled.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin

Message

%1 search was cancelled.

Fields

Name	Description
`Prop_ServerSelection`	—

Event ID 50 —

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Operational

Fields

Name	Description
`Prop_TaskEnablement`	—

Event ID 50 — Driver recovery on reboot task is %1.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin

Message

Driver recovery on reboot task is %1.

Fields

Name	Description
`Prop_TaskEnablement`	—

Event ID 51 —

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Operational

Event ID 51 — Driver recovery action is requested since it was queued for the next reboot.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin

Message

Driver recovery action is requested since it was queued for the next reboot.

Event ID 52 —

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Operational

Fields

Name	Description
`Prop_DriverRecoveryRequest`	—

Event ID 52 — Driver recovery request is received.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin

Message

Driver recovery request is received. Last trigger: %1.

Fields

Name	Description
`Prop_DriverRecoveryRequest`	—

Event ID 100 — DSM service started, mode is %1, last session (or boot) was %2 seconds ago.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin
Level: 4
Samples: 1

Message

DSM service started, mode is %1, last session (or boot) was %2 seconds ago.

Fields

Name	Description
`Prop_CoreServiceMode`	—
`Prop_Event_Window_Seconds`	—

Example Event

system:
  provider: Microsoft-Windows-DeviceSetupManager
  guid: FCBB06BB-6A2A-46E3-ABAA-246CB4E508B2
  event_source_name: ''
  event_id: 100
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 4611686018427387904
  time_created: '2023-11-06T06:25:40.195484+00:00'
  event_record_id: 71
  correlation: {}
  execution:
    process_id: 1856
    thread_id: 2020
  channel: Microsoft-Windows-DeviceSetupManager/Admin
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-18
event_data:
  Prop_CoreServiceMode: 3
  Prop_Event_Window_Seconds: 0
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 101 — DSM Service is shutting down.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin
Level: 4
Samples: 1

Message

DSM Service is shutting down. Service uptime was %1 seconds, active worktime was %2 ms.

Fields

Name	Description
`Prop_UpTime_Seconds`	—
`Prop_WorkTime_MilliSeconds`	—

Example Event

system:
  provider: Microsoft-Windows-DeviceSetupManager
  guid: FCBB06BB-6A2A-46E3-ABAA-246CB4E508B2
  event_source_name: ''
  event_id: 101
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 4611686018427387904
  time_created: '2023-11-05T22:31:27.668358+00:00'
  event_record_id: 80
  correlation:
    ActivityID: 59A0D65F-1037-0002-780C-A1593710DA01
  execution:
    process_id: 3256
    thread_id: 5088
  channel: Microsoft-Windows-DeviceSetupManager/Admin
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-18
event_data:
  Prop_UpTime_Seconds: 45
  Prop_WorkTime_MilliSeconds: 943
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 102 — DSM Service dll has loaded.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Debug

Message

DSM Service dll has loaded.

Event ID 103 — DSM Service dll is unloading.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Debug

Message

DSM Service dll is unloading.

Event ID 104 — DSM Service failed to start, result=.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin

Message

DSM Service failed to start, result=%1.

Fields

Name	Description
`HRESULT`	—

Event ID 105 — DSM Service is entering a retry sequence because soft (retryable) errors were encountered

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin
Level: 4
Samples: 1

Message

DSM Service is entering a retry sequence because soft (retryable) errors were encountered.

Fields

Name	Description
`Prop_RetryCycleCount`	—

Example Event

system:
  provider: Microsoft-Windows-DeviceSetupManager
  guid: FCBB06BB-6A2A-46E3-ABAA-246CB4E508B2
  event_source_name: ''
  event_id: 105
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 4611686018427387904
  time_created: '2023-10-25T22:48:32.040193+00:00'
  event_record_id: 61
  correlation: {}
  execution:
    process_id: 1028
    thread_id: 2344
  channel: Microsoft-Windows-DeviceSetupManager/Admin
  computer: WinDevEval
  security:
    user_id: S-1-5-18
event_data: {}
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 106 — DSM Service is leaving the retry state, there have been %1 retry cycles in this session.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin
Level: 4
Samples: 1

Message

DSM Service is leaving the retry state, there have been %1 retry cycles in this session.

Fields

Name	Description
`Prop_RetryCycleCount`	—

Example Event

system:
  provider: Microsoft-Windows-DeviceSetupManager
  guid: FCBB06BB-6A2A-46E3-ABAA-246CB4E508B2
  event_source_name: ''
  event_id: 106
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 4611686018427387904
  time_created: '2023-10-25T22:49:06.917617+00:00'
  event_record_id: 63
  correlation: {}
  execution:
    process_id: 1028
    thread_id: 2344
  channel: Microsoft-Windows-DeviceSetupManager/Admin
  computer: WinDevEval
  security:
    user_id: S-1-5-18
event_data:
  Prop_RetryCycleCount: 1
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 107 — DSM service has shut down.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin

Message

DSM service has shut down.

Event ID 108 — The DSM service has entered service state '.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Debug

Message

DSM service has entered service state '%1'.

Fields

Name	Description
`Prop_CoreServiceState`	—

Event ID 109 — DSM service has entered service mode '.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin
Level: 4
Samples: 1

Message

DSM service has entered service mode '%1'.

Fields

Name	Description
`Prop_CoreServiceMode`	—

Example Event

system:
  provider: Microsoft-Windows-DeviceSetupManager
  guid: FCBB06BB-6A2A-46E3-ABAA-246CB4E508B2
  event_source_name: ''
  event_id: 109
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 4611686018427387904
  time_created: '2023-11-06T06:25:39.185383+00:00'
  event_record_id: 70
  correlation: {}
  execution:
    process_id: 1856
    thread_id: 2020
  channel: Microsoft-Windows-DeviceSetupManager/Admin
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-18
event_data:
  Prop_CoreServiceMode: 3
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 110 — Job (%2) has started for device container '%1', type=%3.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Debug

Message

Job (%2) has started for device container '%1', type=%3.

Fields

Name	Description
`Prop_ContainerId`	—
`Prop_JobId`	—
`Prop_JobType`	—

Event ID 111 — Job (%2) has completed for device container '%1', status=%3.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Debug

Message

Job (%2) has completed for device container '%1', status=%3.

Fields

Name	Description
`Prop_ContainerId`	—
`Prop_JobId`	—
`Prop_JobStatus`	—

Event ID 112 — Device container '.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin
Level: 4
Samples: 1

Message

Device container '%1' (%2) has been serviced, processed %3 tasks, and wrote %4 properties in %5 ms.

Fields

Name	Description
`Prop_DeviceName`	—
`Prop_ContainerId`	—
`Prop_TaskCount`	—
`Prop_PropertyCount`	—
`Prop_WorkTime_MilliSeconds`	—

Example Event

system:
  provider: Microsoft-Windows-DeviceSetupManager
  guid: FCBB06BB-6A2A-46E3-ABAA-246CB4E508B2
  event_source_name: ''
  event_id: 112
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 4611686018427387904
  time_created: '2023-11-05T22:30:42.670052+00:00'
  event_record_id: 79
  correlation: {}
  execution:
    process_id: 3256
    thread_id: 4616
  channel: Microsoft-Windows-DeviceSetupManager/Admin
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-18
event_data:
  Prop_DeviceName: Generic Monitor
  Prop_ContainerId: 1074B24D-B986-5A01-B420-B3D39C2F9286
  Prop_TaskCount: 4
  Prop_PropertyCount: 34
  Prop_WorkTime_MilliSeconds: 928
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 120 — Driver update(s) was downloaded for device '.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin

Message

Driver update(s) was downloaded for device '%1' in %2 ms.

Fields

Name	Description
`Prop_PackageId`	—
`Prop_MilliSeconds`	—

Event ID 121 — Driver install failed, result=.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin

Message

Driver update(s) install on device '%1' failed with error %2.

Fields

Name	Description
`Prop_DevnodeId`	—
`HRESULT`	—

Event ID 122 — Access to drivers on Windows Update was blocked by policy

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin

Message

Access to drivers on Windows Update was blocked by policy.

Fields

Name	Description
`Prop_DevnodeId`	—

Event ID 123 — DSM service was delayed by %1 seconds for a driver query/download/install on device '%2'.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin
Level: 3
Samples: 1

Message

DSM service was delayed by %1 seconds for a driver query/download/install on device '%2'.

Fields

Name	Description
`Prop_Seconds`	—
`Prop_DeviceId`	—

Example Event

system:
  provider: Microsoft-Windows-DeviceSetupManager
  guid: FCBB06BB-6A2A-46E3-ABAA-246CB4E508B2
  event_source_name: ''
  event_id: 123
  version: 0
  level: 3
  task: 0
  opcode: 0
  keywords: 4611686018427387904
  time_created: '2023-10-25T21:25:33.223885+00:00'
  event_record_id: 10
  correlation: {}
  execution:
    process_id: 2076
    thread_id: 3168
  channel: Microsoft-Windows-DeviceSetupManager/Admin
  computer: WinDevEval
  security:
    user_id: S-1-5-18
event_data:
  Prop_Seconds: 36
  Prop_DeviceId: PCI\VEN_15AD&DEV_0740&SUBSYS_074015AD&REV_10\3&61AAA01&0&3F
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 124 — Driver %1 was installed on device '%2' in %3 ms.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin

Message

Driver %1 was installed on device '%2' in %3 ms.

Fields

Name	Description
`Prop_PackageId`	—
`Prop_DeviceInstanceId`	—
`Prop_MilliSeconds`	—

Event ID 125 — Driver install on device '.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin

Message

Driver install on device '%1' was blocked by PnP restriction policy.

Fields

Name	Description
`Prop_DevnodeId`	—

Event ID 126 — Device '.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin
Level: 4
Samples: 1

Message

Device '%1' matched driver update %2.

Fields

Name	Description
`Prop_DeviceInstanceId`	—
`Prop_PackageId`	—

Example Event

system:
  provider: Microsoft-Windows-DeviceSetupManager
  guid: FCBB06BB-6A2A-46E3-ABAA-246CB4E508B2
  event_source_name: ''
  event_id: 126
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 4611686018427387904
  time_created: '2023-10-25T21:25:25.745333+00:00'
  event_record_id: 8
  correlation: {}
  execution:
    process_id: 2076
    thread_id: 3168
  channel: Microsoft-Windows-DeviceSetupManager/Admin
  computer: WinDevEval
  security:
    user_id: S-1-5-18
event_data:
  Prop_DeviceInstanceId: PCI\VEN_15AD&DEV_0740&SUBSYS_074015AD&REV_10\3&61AAA01&0&3F
  Prop_PackageId: b5857a80-fd07-4a9d-9adf-2a3a6db94b7e
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 127 — Device '.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin

Message

Device '%1' does not match any driver updates that are not optional.

Fields

Name	Description
`Prop_DevnodeId`	—

Event ID 130 — Metadata package %1 was staged for device container %2 in %3 ms.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin

Message

Metadata package %1 was staged for device container %2 in %3 ms.

Fields

Name	Description
`Prop_MetadataPackageId`	—
`Prop_ContainerId`	—
`Prop_StageTimeMilliSeconds`	—

Event ID 131 — Metadata staging failed, result=.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin
Level: 2
Samples: 1

Message

Metadata package staging for device container %1 failed with error %2.

Fields

Name	Description
`Prop_ContainerId`	—
`HRESULT`	—

Example Event

system:
  provider: Microsoft-Windows-DeviceSetupManager
  guid: FCBB06BB-6A2A-46E3-ABAA-246CB4E508B2
  event_source_name: ''
  event_id: 131
  version: 0
  level: 2
  task: 0
  opcode: 0
  keywords: 4611686018427387904
  time_created: '2023-10-25T21:34:20.832199+00:00'
  event_record_id: 21
  correlation: {}
  execution:
    process_id: 6296
    thread_id: 5380
  channel: Microsoft-Windows-DeviceSetupManager/Admin
  computer: WinDevEval
  security:
    user_id: S-1-5-18
event_data:
  Prop_ContainerId: '{00000000-0000-0000-FFFF-FFFFFFFFFFFF}'
  HRESULT: 2147943623
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 132 — Metadata package search for device container %1 on Windows Metadata and Internet Services (WMIS) failed with error %2, HTTP status code: %3.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin

Message

Metadata package search for device container %1 on Windows Metadata and Internet Services (WMIS) failed with error %2, HTTP status code: %3.

Fields

Name	Description
`Prop_ContainerId`	—
`HRESULT`	—
`HTTPCode`	—

Event ID 133 — Metadata package %1 download for device container %2 failed with error %3.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin

Message

Metadata package %1 download for device container %2 failed with error %3.

Fields

Name	Description
`Prop_PackageId`	—
`Prop_ContainerId`	—
`HRESULT`	—

Event ID 134 — Metadata package search for device container %1 completed.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin

Message

Metadata package search for device container %1 completed. Found package %2.

Fields

Name	Description
`Prop_ContainerId`	—
`Prop_PackageId`	—

Event ID 135 — Metadata package search for device container %1 completed.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin

Message

Metadata package search for device container %1 completed. No package is found.

Fields

Name	Description
`Prop_ContainerId`	—

Event ID 136 — Metadata package %1 was blocked.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin

Message

Metadata package %1 was blocked.

Fields

Name	Description
`Prop_PackageId`	—

Event ID 137 — Signature verification failed for metadata package %1 from metadata store, error %2.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin

Message

Signature verification failed for metadata package %1 from metadata store, error %2.

Fields

Name	Description
`Prop_PackageId`	—
`Error`	—

Event ID 138 — Metadata package %1 was not fully staged due to signature verification: %2 for '%3' had result %4, %5 for '%6' had result %7.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin

Message

Metadata package %1 was not fully staged due to signature verification: %2 for '%3' had result %4, %5 for '%6' had result %7.

Fields

Name	Description
`Prop_PackageId`	—
`Prop_IsLegacySigCheckForFile1`	—
`Prop_FileName1`	—
`HRESULT1`	—
`Prop_IsLegacySigCheckForFile2`	—
`Prop_FileName2`	—
`HRESULT2`	—

Event ID 150 — The device '.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin

Message

Device '%1' (%2) was removed.

Fields

Name	Description
`Prop_DeviceName`	—
`Prop_ContainerId`	—

Event ID 151 — The device '.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin

Message

Device '%1' (%2) failed to respond to a device removal request.

Fields

Name	Description
`Prop_DeviceName`	—
`Prop_ContainerId`	—

Event ID 152 — Removal of device node '.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin

Message

Device '%1' (%2) removal failed with error %3.

Fields

Name	Description
`Prop_DeviceName`	—
`Prop_ContainerId`	—
`HRESULT`	—

Event ID 160 — Software %1 was installed for device '%2' in %3 ms.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin

Message

Software %1 was installed for device '%2' in %3 ms.

Fields

Name	Description
`Prop_SoftwareName`	—
`Prop_DeviceInstanceId`	—
`Prop_InstallTime`	—

Event ID 161 — Software %1 was not newer, Version: '%2.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin

Message

Software %1 was not newer, Version: '%2.%3.%4.%5'. Current Version: '%6.%7.%8.%9'.

Fields

Name	Description
`Prop_SoftwareName`	—
`Prop_HiHighPartNew`	—
`Prop_LoHighPartNew`	—
`Prop_HiLowPartNew`	—
`Prop_LoLowPartNew`	—
`Prop_HiHighPartOld`	—
`Prop_LoHighPartOld`	—
`Prop_HiLowPartOld`	—
`Prop_LoLowPartOld`	—

Event ID 162 — Software %1 failed installation with error %2.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin

Message

Software %1 failed installation with error %2.

Fields

Name	Description
`Prop_SoftwareName`	—
`Prop_DeviceInstanceId`	—
`HRESULT`	—

Event ID 163 — Software %1 failed installation with error %2 and process exit code %3.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin

Message

Software %1 failed installation with error %2 and process exit code %3.

Fields

Name	Description
`Prop_SoftwareName`	—
`Prop_DeviceInstanceId`	—
`Error`	—
`HRESULT`	—

Event ID 164 — Software %1 had non-critical error %2 during installation, will retry later.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin

Message

Software %1 had non-critical error %2 during installation, will retry later.

Fields

Name	Description
`Prop_SoftwareName`	—
`Prop_DeviceInstanceId`	—
`HRESULT`	—

Event ID 165 — Software %1 is being launched with command line: '%2'.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin

Message

Software %1 is being launched with command line: '%2'.

Fields

Name	Description
`Prop_SoftwareName`	—
`Prop_CommandLine`	—

Event ID 166 — Device '%1' requested Store App for '%2'.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin

Message

Device '%1' requested Store App for '%2'.

Fields

Name	Description
`Prop_DeviceInstanceId`	—
`Prop_SoftwareLinks`	—

Event ID 167 — Product for pfn %1 located: ProductId: %2, IsFramework: %3.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin

Message

Product for pfn %1 located: ProductId: %2, IsFramework: %3.

Fields

Name	Description
`IsFramework`	1 located: ProductId.
`Prop_ProductId`	—
`Prop_SoftwarePfn`	—

Event ID 168 — Uninstalling existing pfn %1 failed with error %2.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin

Message

Uninstalling existing pfn %1 failed with error %2.

Fields

Name	Description
`Prop_SoftwarePfn`	—
`ErrorCode`	—

Event ID 169 — Store product %1 is already installed and is being checked for updates.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin

Message

Store product %1 is already installed and is being checked for updates.

Fields

Name	Description
`Prop_ProductId`	—

Event ID 170 — Store product %1 is being installed.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin

Message

Store product %1 is being installed.

Fields

Name	Description
`Prop_ProductId`	—

Event ID 171 — ProductId %1 done processing, install %2 completed with error %3.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin

Message

ProductId %1 done processing, install %2 completed with error %3.

Fields

Name	Description
`Prop_ProductId`	—
`Prop_InstallType`	—

Event ID 172 — Store product %1 install (%2) failed with error %3.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin

Message

Store product %1 install (%2) failed with error %3.

Fields

Name	Description
`Prop_ProductId`	—
`Prop_InstallType`	—
`HRESULT`	—

Event ID 180 — Retrieving entitlement for Store product %1 failed with error %2.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin

Message

Retrieving entitlement for Store product %1 failed with error %2.

Fields

Name	Description
`Prop_ProductId`	—
`ErrorCode`	—

Event ID 190 — Property heuristics for device container '.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin

Message

Property heuristics for device container '%1' (%2) completed in %3 ms.

Fields

Name	Description
`Prop_DeviceName`	—
`Prop_ContainerId`	—
`Prop_MilliSeconds`	—

Event ID 191 — Property heuristics for device container '.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin

Message

Property heuristics for device container '%1' (%2) failed with error %3.

Fields

Name	Description
`Prop_DeviceName`	—
`Prop_ContainerId`	—
`HRESULT`	—
`Prop_MilliSeconds`	—

Event ID 200 — Connection to the Windows Update service could not be established.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin
Level: 3
Samples: 1

Message

Connection to the Windows Update service could not be established.

Example Event

system:
  provider: Microsoft-Windows-DeviceSetupManager
  guid: FCBB06BB-6A2A-46E3-ABAA-246CB4E508B2
  event_source_name: ''
  event_id: 200
  version: 0
  level: 3
  task: 0
  opcode: 0
  keywords: 4611686018427387904
  time_created: '2023-10-25T22:48:31.260287+00:00'
  event_record_id: 56
  correlation: {}
  execution:
    process_id: 1028
    thread_id: 2300
  channel: Microsoft-Windows-DeviceSetupManager/Admin
  computer: WinDevEval
  security:
    user_id: S-1-5-18
event_data: {}
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 201 — Connection to the Windows Metadata and Internet Services (WMIS) could not be established.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin
Level: 3
Samples: 1

Message

Connection to the Windows Metadata and Internet Services (WMIS) could not be established.

Example Event

system:
  provider: Microsoft-Windows-DeviceSetupManager
  guid: FCBB06BB-6A2A-46E3-ABAA-246CB4E508B2
  event_source_name: ''
  event_id: 201
  version: 0
  level: 3
  task: 0
  opcode: 0
  keywords: 4611686018427387904
  time_created: '2023-10-25T22:48:32.032702+00:00'
  event_record_id: 59
  correlation: {}
  execution:
    process_id: 1028
    thread_id: 2344
  channel: Microsoft-Windows-DeviceSetupManager/Admin
  computer: WinDevEval
  security:
    user_id: S-1-5-18
event_data: {}
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 202 — The Network List Manager reports no connectivity to the internet.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin
Level: 3
Samples: 1

Message

The Network List Manager reports no connectivity to the internet.

Example Event

system:
  provider: Microsoft-Windows-DeviceSetupManager
  guid: FCBB06BB-6A2A-46E3-ABAA-246CB4E508B2
  event_source_name: ''
  event_id: 202
  version: 0
  level: 3
  task: 0
  opcode: 0
  keywords: 4611686018427387904
  time_created: '2023-10-25T22:48:32.030724+00:00'
  event_record_id: 58
  correlation: {}
  execution:
    process_id: 1028
    thread_id: 2344
  channel: Microsoft-Windows-DeviceSetupManager/Admin
  computer: WinDevEval
  security:
    user_id: S-1-5-18
event_data: {}
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 203 — The Network List Manager reports connection to the internet has been established.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin

Message

The Network List Manager reports connection to the internet has been established.

Event ID 220 — Registered the handler %3 for the app %2 to handle notifications from the device container %1.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Operational

Message

Registered the handler %3 for the app %2 to handle notifications from the device container %1.

Fields

Name	Description
`Prop_ContainerId`	—
`Prop_PackageId`	—
`Prop_NotificationHandler`	—

Event ID 221 — App %2 already has a handler registered for the device container %1.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Debug

Message

App %2 already has a handler registered for the device container %1.

Fields

Name	Description
`Prop_ContainerId`	—
`Prop_PackageId`	—

Event ID 222 — Device container %1 and app %2 specify background task information, but registration failed with error %3.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Debug

Message

Device container %1 and app %2 specify background task information, but registration failed with error %3.

Fields

Name	Description
`Prop_ContainerId`	—
`Prop_PackageId`	—
`HRESULT`	—

Event ID 223 — Unregistered for the Print background task after uninstalling the app %1.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Debug

Message

Unregistered for the Print background task after uninstalling the app %1.

Fields

Name	Description
`Prop_PackageId`	—

Event ID 224 — Unregistered for the Mobile Operator background task after uninstalling the app %1.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Debug

Message

Unregistered for the Mobile Operator background task after uninstalling the app %1.

Fields

Name	Description
`Prop_PackageId`	—

Event ID 230 — Requested download of the app %2 from the store for device %1.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Debug

Message

Requested download of the app %2 from the store for device %1.

Fields

Name	Description
`Prop_ContainerId`	—
`Prop_PackageId`	—

Event ID 231 — Successfully installed the app %2 from the store for device %1.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Debug

Message

Successfully installed the app %2 from the store for device %1.

Fields

Name	Description
`Prop_ContainerId`	—
`Prop_PackageId`	—

Event ID 232 — Encountered error trying to install app %2 from the store for device %1.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Debug

Message

Encountered error trying to install app %2 from the store for device %1.  This operation will be retried when the device is reconnected or the user logs on again.

Fields

Name	Description
`Prop_ContainerId`	—
`Prop_PackageId`	—

Event ID 233 — Encountered error trying to install app %2 from the store for device %1.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Debug

Message

Encountered error trying to install app %2 from the store for device %1.

Fields

Name	Description
`Prop_ContainerId`	—
`Prop_PackageId`	—

Event ID 234 — Driver update(s) was installed on device '.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Admin
Level: 4
Samples: 1

Message

Driver update(s) was installed on device '%1' in %2 ms.

Fields

Name	Description
`Prop_DevnodeId`	—
`Prop_MilliSeconds`	—

Example Event

system:
  provider: Microsoft-Windows-DeviceSetupManager
  guid: FCBB06BB-6A2A-46E3-ABAA-246CB4E508B2
  event_source_name: ''
  event_id: 234
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 4611686018427387904
  time_created: '2023-10-25T21:25:33.223883+00:00'
  event_record_id: 9
  correlation: {}
  execution:
    process_id: 2076
    thread_id: 3168
  channel: Microsoft-Windows-DeviceSetupManager/Admin
  computer: WinDevEval
  security:
    user_id: S-1-5-18
event_data:
  Prop_DevnodeId: PCI\VEN_15AD&DEV_0740&SUBSYS_074015AD&REV_10\3&61AAA01&0&3F
  Prop_MilliSeconds: 36967
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 300 — Device container '.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Operational
Level: 4
Samples: 1

Message

Device container '%1' has entered the ready state.

Fields

Name	Description
`Prop_ContainerId`	—

Example Event

system:
  provider: Microsoft-Windows-DeviceSetupManager
  guid: FCBB06BB-6A2A-46E3-ABAA-246CB4E508B2
  event_source_name: ''
  event_id: 300
  version: 0
  level: 4
  task: 0
  opcode: 10
  keywords: 9223372036854775808
  time_created: '2023-10-25T22:50:55.529095+00:00'
  event_record_id: 19
  correlation: {}
  execution:
    process_id: 3156
    thread_id: 4092
  channel: Microsoft-Windows-DeviceSetupManager/Operational
  computer: WinDevEval
  security:
    user_id: S-1-5-18
event_data:
  Prop_ContainerId: '{FF3C9BFC-6A33-58E1-8CFA-A12CE4352D2F}'
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 301 — Device setup for device container '.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Operational
Level: 4
Samples: 1

Message

Device setup for device container '%1' has been completed.

Fields

Name	Description
`Prop_ContainerId`	—

Example Event

system:
  provider: Microsoft-Windows-DeviceSetupManager
  guid: FCBB06BB-6A2A-46E3-ABAA-246CB4E508B2
  event_source_name: ''
  event_id: 301
  version: 0
  level: 4
  task: 0
  opcode: 11
  keywords: 9223372036854775808
  time_created: '2023-11-05T22:30:42.666470+00:00'
  event_record_id: 22
  correlation: {}
  execution:
    process_id: 3256
    thread_id: 4616
  channel: Microsoft-Windows-DeviceSetupManager/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-18
event_data:
  Prop_ContainerId: '{1074B24D-B986-5A01-B420-B3D39C2F9286}'
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 302 — Device metadata that contains an extension namespace has been parsed for container '.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Operational

Message

Device metadata that contains an extension namespace has been parsed for device container '%1', ExtensionNamespace = '%2', Culture = '%3'.

Fields

Name	Description
`Prop_ContainerId`	—
`Prop_ServiceInfoNamespace`	—
`Prop_CultureCode`	—

Event ID 400 —

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Analytic

Fields

Name	Description
`Prop_ContainerId`	—

Event ID 401 —

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Analytic

Fields

Name	Description
`Prop_ContainerId`	—

Event ID 402 —

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Analytic

Fields

Name	Description
`Prop_DevnodeId`	—

Event ID 403 —

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Analytic

Fields

Name	Description
`Prop_DevnodeId`	—
`HRESULT`	—

Event ID 404 —

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Analytic

Fields

Name	Description
`Prop_PackagePath`	—

Event ID 405 —

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Analytic

Fields

Name	Description
`Prop_PackagePath`	—

Event ID 406 —

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Analytic

Fields

Name	Description
`Prop_DevnodeId`	—

Event ID 407 —

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Analytic

Fields

Name	Description
`Prop_DevnodeId`	—
`HRESULT`	—

Event ID 408 —

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Analytic

Fields

Name	Description
`Prop_ContainerId`	—

Event ID 409 —

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Analytic

Fields

Name	Description
`Prop_ContainerId`	—

Event ID 410 —

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Analytic

Fields

Name	Description
`Prop_DevnodeId`	—

Event ID 411 —

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Analytic

Fields

Name	Description
`Prop_DevnodeId`	—
`HRESULT`	—

Event ID 412 —

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Analytic

Fields

Name	Description
`Prop_DevnodeId`	—

Event ID 413 —

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Analytic

Fields

Name	Description
`Prop_DevnodeId`	—

Event ID 7710 — ENTER: Searching WU for driver updates.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Analytic

Message

ENTER: Searching WU for driver updates.

Event ID 7711 — EXIT: Searching WU for driver updates.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Analytic

Message

EXIT: Searching WU for driver updates.

Event ID 7712 — ENTER: Downloading driver update from WU.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Analytic

Message

ENTER: Downloading driver update from WU.

Event ID 7713 — EXIT: Downloading driver update from WU.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Analytic

Message

EXIT: Downloading driver update from WU.

Event ID 7714 — ENTER: Installing driver update from WU.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Analytic

Message

ENTER: Installing driver update from WU.

Event ID 7715 — EXIT: Installing driver update from WU.

Provider: Microsoft-Windows-DeviceSetupManager
Channel: Analytic

Message

EXIT: Installing driver update from WU.