Event ID 120 — Diagnostic module DiagnosticModuleId (DiagnosticModuleImageName) finished troubleshooting scenario ScenarioId, instance InstanceId, original activity ID OriginalActivityId.
Description
Diagnostic module () finished troubleshooting scenario , instance , original activity ID . It set resolution for user in session with expiration date . The resolution was queued to start later.
Message #
Fields #
| Name | Description |
|---|---|
ScenarioId GUID | — |
InstanceId GUID | — |
OriginalActivityId GUID | — |
DiagnosticModuleImageName UnicodeString | — |
ResolutionId GUID | — |
ResolutionSID SID | — |
ResolutionSessionId UInt32 | — |
ResolutionExpirationDate FILETIME | — |
DiagnosticModuleId GUID | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Diagnosis-DPS",
"guid": "6BBA3851-2C7E-4DEA-8F54-31E5AFD029E3",
"event_source_name": "",
"event_id": 120,
"version": 0,
"level": 4,
"task": 1,
"opcode": 16,
"keywords": 4611686052787126272,
"time_created": "2023-10-25T22:50:15.569431+00:00",
"event_record_id": 34,
"correlation": {
"ActivityID": "13443185-CF4B-4989-8B2A-A73BBD6A6B1A"
},
"execution": {
"process_id": 2912,
"thread_id": 3572
},
"channel": "Microsoft-Windows-Diagnosis-DPS/Operational",
"computer": "WinDevEval",
"security": {
"user_id": "S-1-5-19"
}
},
"event_data": {
"ScenarioId": "3A5D4378-9D2F-4393-B1E5-34F5FA9A1140",
"InstanceId": "13443185-CF4B-4989-8B2A-A73BBD6A6B1A",
"OriginalActivityId": "8E76E1FB-2E89-4557-8E7A-927267F0975C",
"DiagnosticModuleImageName": "%SystemRoot%\\system32\\diagperf.dll",
"ResolutionId": "B171AB1C-60E9-4301-A338-BEAB1C70B3E9",
"ResolutionSID": "S-1-1-0",
"ResolutionSessionId": 0,
"ResolutionExpirationDate": "2024-01-23T22:50:15.559312Z",
"DiagnosticModuleId": "B171AB1C-60E9-4301-A338-BEAB1C70B3E9"
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline