Message

%1

Fields

Fields

Message

%1

Fields

Fields

Message

%1

Fields

Fields

Message

%1

Fields

Fields

Message

%1

Fields

Fields

Message

%1

Fields

Fields

Message

%1

Fields

Message

%1

Fields

Message

%1

Fields

Message

%1

Fields

Fields

Message

%1

Fields

Fields

Message

%1

Fields

Fields

Fields

Message

Started operation '%1'.

Fields

Fields

Message

Operation '%1' ended with result: '%2'.

Fields

Message

A new ActivityID has been generated.

Fields

Message

Remote attestation initiated.

Message

Remote attestation completed.
OperationMode: %1
Status: %2
Substatus: %3

Fields

Fields

Message

ClientAttestationHttpRequestSend: ActivityID %1

Fields

Fields

Message

ClientAttestationHttpResponseReceived: %1

Fields

Fields

Message

ClientAttestationHttpError: %1

Fields

Fields

Message

The remote attestation request failed because this host is not included in the authorized list of host endorsement keys (EKs) on the attestation server. Error: %1. To add this host to the authorized list of host EKs, perform the following steps:
    1. On this host, run the Get-PlatformIdentifier cmdlet to retrieve the host EK in the form of a XML file.
    2. On the Attestation server, run the Add-HgsAttestationTpmHost cmdlet, specifying the file generated in the previous step.
Event IDs 1007 and 3007 represent the same event.

Fields

Fields

Message

The remote attestation request failed because the host did not start with Secure Boot enabled or the Secure Boot settings and TPM measurements did not match a valid baseline host. Error: %1. To ensure a successful attestation request, verify that the host configuration matches a valid baseline host. If this is a baseline host, you must first perform the following steps:
    1.  On this host, run the Get-HgsAttestationBaselinePolicy cmdlet to generate a policy file.
    2. On the attestation server, run the Add-HgsAttestationTpmPolicy cmdlet, specifying the policy file generated by the Get-HgsAttestationBaselinePolicy cmdlet. This adds the policy as a valid baseline TPM policy.
Event IDs 1008 and 3008 represent the same event.

Fields

Fields

Message

The remote attestation request failed because this host's Code Integrity policy does not match a valid Code Integrity policy on the attestation server. Error: %1. To ensure a successful attestation request, verify that this host is configured with a valid Code Integrity policy. For help, refer to http://go.microsoft.com/fwlink/?LinkId=734772
Event IDs 1009 and 3009 represent the same event.

Fields

Fields

Message

The remote attestation request failed because this host is not part of an Active Directory host group which is authorized by the attestation server. Error: %1. To ensure a successful attestation request, verify that the host is a member of an authorized Active Directory host group. If the Active Directory host group is not authorized by the Attestation server, you must first perform the following steps:
    1. On the attestation server, run the Add-HgsAttestationHostGroup cmdlet to add it as a valid Active Directory host group.
Event IDs 1010 and 3010 represent the same event.

Fields

Fields

Message

Determining TPM endorsement key failed. Error: %1

Fields

Fields

Message

The remote attestation request failed because of a TPM error. Try clearing and reprovisioning the TPM. Error: %1
Event IDs 1013 and 3013 represent the same event.

Fields

Fields

Message

Connection to %1 failed. Reconnecting to another IP.

Fields

Message

Switching to Active Directory attestation mode.

Fields

Message

Connecting to Remote Attestation service at %1

Fields

Fields

Message

Reconnecting to Remote Attestation service at %1

Fields

Message

Remote attestation succeeded and returned a health certificate with the thumbprint %1.

Fields

Message

The remote attestation request failed because the Remote Attestation Service could not be reached.
Event IDs 1019 and 3019 represent the same event.

Fields

Message

The remote attestation request failed. Error: %1. For help, see http://go.microsoft.com/fwlink/?LinkId=735076
Event IDs 1020 and 3020 represent the same event.

Fields

Fields

Message

The remote attestation request failed because this host was not booted correctly. Error: %1. To ensure a successful attestation request, verify that the host's most recent boot was a full boot.
Event IDs 1021 and 3021 represent the same event.

Fields

Fields

Message

The remote attestation request failed because at least one Debug Mode is enabled among Hypervisor, Boot, UEFI, and Kernel.
Event IDs 1022 and 3022 represent the same event.

Fields

Message

Determining TPM endorsement key failed. Switching to Active Directory attestation mode.

Fields

Message

The remote attestation request failed because this host was not configured properly. Error: %1. To ensure a successful attestation request, verify that the host's configuration contains an attestation service URL that is valid.
Event IDs 1024 and 3024 represent the same event.

Fields

Fields

Message

The remote attestation request failed because Isolated User Mode could not be detected.  Verify that the Isolated User Mode feature is installed and that Virtualization Based Security has not been disabled manually or by local/domain-level policy.
Event IDs 1025 and 3025 represent the same event.

Fields

Fields

Message

The remote attestation request failed because the TPM measurements were not valid.  This can happen when the host utilizes unsupported TPM configurations, the Host Guardian Service client version is not supported by the server, or an attempt to tamper with the TPM Measurements was made.  Some PXE boot environments can also cause this issue; for help, refer to http://go.microsoft.com/fwlink/?LinkId=734770
Event IDs 1026 and 3026 represent the same event.

Fields

Message

The remote attestation request failed because the Host Guardian Service did not return a health certificate, but no reason was given.
Event IDs 1027 and 3027 represent the same event.

Message

The remote attestation request failed because the host did not start with pagefile encryption enabled.
Event IDs 1028 and 3028 represent the same event.

Message

The remote attestation request failed because IOMMU was not required by the hypervisor. Verify that IOMMU is enabled and that it is explicity required for Virtual Secure Mode to launch. For help, refer to http://go.microsoft.com/fwlink/?LinkId=734842
Event IDs 1029 and 3029 represent the same event.

Message

The remote attestation request failed because the host did not start with BitLocker enabled.
Event IDs 1030 and 3030 represent the same event.

Message

The remote attestation request failed because code integrity was not required by the hypervisor. Verify that code integrity is enabled and that it is being enforced by the hypervisor. For help, please refer to http://go.microsoft.com/fwlink/?LinkId=734841
Event IDs 1031 and 3031 represent the same event.

Message

The remote attestation request failed but no reason was given. This typically indicates that the Host Guardian Service has not been fully configured with valid attestation policies.  If policies have been registered with the Host Guardian Service already, verify the functionality of the server and try again.
Event IDs 1032 and 3032 represent the same event.

Message

Switching to TPM attestation mode.

Message

The remote attestation request failed because the Host Guardian Service is using TPM-based attestation, but this host lacks the required TPM 2.0 module.
Event IDs 1034 and 3034 represent the same event.

Fields

Message

The remote attestation request failed because the Host Guardian Service could not be contacted.  This happens when the request can reach the server but the service either does not respond or responds with an unknown HTTP error.  Verify that the Host Guardian Service is registered, started, and fully operational.
Error: %1
Event IDs 1035 and 3035 represent the same event.

Fields

Fields

Message

The remote attestation request failed because it could not authenticate to the Host Guardian Service.  This can occur when using HTTPS with an invalid or untrusted certificate, or when using Active Directory-based attestation without configuring trust between this host's domain and the Host Guardian Service domain, preventing NTLM and Kerberos authentication from succeeding.
Error: %1
Event IDs 1036 and 3036 represent the same event.

Fields

Message

The remote attestation request failed because the host started with hibernation enabled. For help, refer to http://go.microsoft.com/fwlink/?LinkId=824147
Event IDs 1037 and 3037 represent the same event.

Message

The remote attestation request failed because the host started with dumps enabled. For help, refer to http://go.microsoft.com/fwlink/?LinkId=824148
Event IDs 1038 and 3038 represent the same event.

Message

The remote attestation request failed because the host did not start with dump encryption enabled. For help, refer to http://go.microsoft.com/fwlink/?LinkId=824149
Event IDs 1039 and 3039 represent the same event.

Fields

Message

The remote attestation request failed because the host's dump encryption key protector does not match any registered with the attestation server. Error:%1. If this is a valid host, you must first perform the following steps:
    1. On the host, configure dump encryption with a certificate.
    2. On the Attestation server, run the Add-HgsAttestationDumpPolicy cmdlet, specifying the SHA256 hash of the public key blob configured on the host.
Event IDs 1040 and 3040 represent the same event.

Fields

Message

Local attestation initiated.

Message

No local health signing certificate was found.  Attempting to generate a new certificate.

Message

Remote attestation failed due to an invalid payload received by the Host Guardian Service. Event IDs 1043 and 3043 represent the same event.

Fields

Message

The endorsement key certificate could not be found in the TPM. The endorsement public key may be used instead. Error: %1
Event IDs 1044 and 3044 represent the same event.

Fields

Fields

Message

The issuing intermediate certificate could not be found in the TPM for the endorsement key certificate. The intermediate certificate is necessary for nested attestation; otherwise, this event may be ignored. Error: %1

Fields

Fields

Message

The remote attestation request failed because the host key is not inclued in the authorized list of host keys on the attestation server. Error: %1. To add the host key to the authorized list of host keys, perform the following steps:
    1. On this host, run the Get-HgsAttestationHostKey cmdlet to retrieve the necessary key material.
    2. On the Attestation server, run the Add-HgsAttestationHostKey cmdlet, specifying the file generatetd in the previous step.
EventIDs 1046 and 3046 represent the same event.

Fields

Message

The requested WMI operation failed because access is denied. You must be a member of the local 'Administrators' or 'NT VIRTUAL MACHINE\Virtual Machines' groups.

Fields

Message

The required value '%1' in registry key '%2' was not found.

Fields

Message

Successfully opened Shielded VM Local Certificates store.

Message

No health signing certificate was found. Attempting to generate a new certificate.

Fields

Message

The Host Guardian Service Client is unable to retrieve the encryption key (IDK) because Virtualization Based Security is not running on this system. To resolve this issue, enable Virtualization Based Security and try again:

%1

Fields

Fields

Message

Unable to retrieve the local health certificate: %1

Fields

Fields

Message

Failed to roll the transport key: %1

Fields

Message

No signing certificates were found in the Shielded VM Local Certificates store.

Message

No encryption certificates were found in the Shielded VM Local Certificates store.

Message

Initiating unwrap of key protector.

Message

Initiating creation of a new of key protector.

Message

Adding a guardian with signing certificate %1 and encryption certificate %2 to a key protector.

Fields

Message

Initiating privileged unwrap of key protector.

Message

Instantiating Host Guardian Service client in %1 mode.

Fields

Fields

Message

The Host Guardian Service Client failed to unwrap a Key Protector on behalf of a calling process. This event will normally correspond to a failure to startup a shielded virtual machine. Consult the description for further details. This could be related to an attestation issue, a Key Protection Server issue, or a network connectivity issue:

%1

Fields

Message

The Host Guardian Service Client successfully unwrapped a Key Protector on behalf of a calling process.

Message

The signing certificate need set 'DigitalSignature' key usage.

Message

The encryption certificate need set 'DataEncipherment' key usage.

Message

Failures rolling the transport key as the health certificate is invalid. ErrorCode: %1, Validation Status: %2, Message: %3

Fields

Fields

Message

Raw certificate dump. Length(bytes)=%1 --> %2

Fields

Message

The Host Guardian Service Client reused a cached health certificate issued in %1 mode that is valid until %2.

Fields

Message

The Host Guardian Service Client could not contact the Host Guardian Service.  The client will reattempt the operation using the following settings:

AttestationServerUrl: %1
KeyProtectionServerUrl: %2

Fields

Message

The remote attestation request failed because this host is not included in the authorized list of host endorsement keys (EKs) on the attestation server. Error: %1. To add this host to the authorized list of host EKs, perform the following steps:
    1. On this host, run the Get-PlatformIdentifier cmdlet to retrieve the host EK in the form of a XML file.
    2. On the Attestation server, run the Add-HgsAttestationTpmHost cmdlet, specifying the file generated in the previous step.
Event IDs 1007 and 3007 represent the same event.

Fields

Message

The remote attestation request failed because the host did not start with Secure Boot enabled or the Secure Boot settings and TPM measurements did not match a valid baseline host. Error: %1. To ensure a successful attestation request, verify that the host configuration matches a valid baseline host. If this is a baseline host, you must first perform the following steps:
    1.  On this host, run the Get-HgsAttestationBaselinePolicy cmdlet to generate a policy file.
    2. On the attestation server, run the Add-HgsAttestationTpmPolicy cmdlet, specifying the policy file generated by the Get-HgsAttestationBaselinePolicy cmdlet. This adds the policy as a valid baseline TPM policy.
Event IDs 1008 and 3008 represent the same event.

Fields

Message

The remote attestation request failed because this host's Code Integrity policy does not match a valid Code Integrity policy on the attestation server. Error: %1. To ensure a successful attestation request, verify that this host is configured with a valid Code Integrity policy. For help, refer to http://go.microsoft.com/fwlink/?LinkId=734772
Event IDs 1009 and 3009 represent the same event.

Fields

Message

The remote attestation request failed because this host is not part of an Active Directory host group which is authorized by the attestation server. Error: %1. To ensure a successful attestation request, verify that the host is a member of an authorized Active Directory host group. If the Active Directory host group is not authorized by the Attestation server, you must first perform the following steps:
    1. On the attestation server, run the Add-HgsAttestationHostGroup cmdlet to add it as a valid Active Directory host group.
Event IDs 1010 and 3010 represent the same event.

Fields

Message

The remote attestation request failed because of a TPM error. Try clearing and reprovisioning the TPM. Error: %1
Event IDs 1013 and 3013 represent the same event.

Fields

Message

The remote attestation request failed because the Remote Attestation Service could not be reached.
Event IDs 1019 and 3019 represent the same event.

Message

The remote attestation request failed. Error: %1. For help, see http://go.microsoft.com/fwlink/?LinkId=735076
Event IDs 1020 and 3020 represent the same event.

Fields

Message

The remote attestation request failed because this host was not booted correctly. Error: %1. To ensure a successful attestation request, verify that the host's most recent boot was a full boot.
Event IDs 1021 and 3021 represent the same event.

Fields

Message

The remote attestation request failed because at least one Debug Mode is enabled among Hypervisor, Boot, UEFI, and Kernel.
Event IDs 1022 and 3022 represent the same event.

Fields

Message

The remote attestation request failed because this host was not configured properly. Error: %1. To ensure a successful attestation request, verify that the host's configuration contains an attestation service URL that is valid.
Event IDs 1024 and 3024 represent the same event.

Fields

Message

The remote attestation request failed because Isolated User Mode could not be detected.  Verify that the Isolated User Mode feature is installed and that Virtualization Based Security has not been disabled manually or by local/domain-level policy.
Event IDs 1025 and 3025 represent the same event.

Fields

Message

The remote attestation request failed because the TPM measurements were not valid.  This can happen when the host utilizes unsupported TPM configurations, the Host Guardian Service client version is not supported by the server, or an attempt to tamper with the TPM Measurements was made.  Some PXE boot environments can also cause this issue; for help, refer to http://go.microsoft.com/fwlink/?LinkId=734770
Event IDs 1026 and 3026 represent the same event.

Fields

Message

The remote attestation request failed because the Host Guardian Service did not return a health certificate, but no reason was given.
Event IDs 1027 and 3027 represent the same event.

Message

The remote attestation request failed because the host did not start with pagefile encryption enabled.
Event IDs 1028 and 3028 represent the same event.

Message

The remote attestation request failed because IOMMU was not required by the hypervisor. Verify that IOMMU is enabled and that it is explicity required for Virtual Secure Mode to launch. For help, refer to http://go.microsoft.com/fwlink/?LinkId=734842
Event IDs 1029 and 3029 represent the same event.

Message

The remote attestation request failed because the host did not start with BitLocker enabled.
Event IDs 1030 and 3030 represent the same event.

Message

The remote attestation request failed because code integrity was not required by the hypervisor. Verify that code integrity is enabled and that it is being enforced by the hypervisor. For help, please refer to http://go.microsoft.com/fwlink/?LinkId=734841
Event IDs 1031 and 3031 represent the same event.

Message

The remote attestation request failed but no reason was given. This typically indicates that the Host Guardian Service has not been fully configured with valid attestation policies.  If policies have been registered with the Host Guardian Service already, verify the functionality of the server and try again.
Event IDs 1032 and 3032 represent the same event.

Message

The remote attestation request failed because the Host Guardian Service is using TPM-based attestation, but this host lacks the required TPM 2.0 module.
Event IDs 1034 and 3034 represent the same event.

Message

The remote attestation request failed because the Host Guardian Service could not be contacted.  This happens when the request can reach the server but the service either does not respond or responds with an unknown HTTP error.  Verify that the Host Guardian Service is registered, started, and fully operational.
Error: %1
Event IDs 1035 and 3035 represent the same event.

Fields

Message

The remote attestation request failed because it could not authenticate to the Host Guardian Service.  This can occur when using HTTPS with an invalid or untrusted certificate, or when using Active Directory-based attestation without configuring trust between this host's domain and the Host Guardian Service domain, preventing NTLM and Kerberos authentication from succeeding.
Error: %1
Event IDs 1036 and 3036 represent the same event.

Fields

Message

The remote attestation request failed because the host started with hibernation enabled. For help, refer to http://go.microsoft.com/fwlink/?LinkId=824147
Event IDs 1037 and 3037 represent the same event.

Message

The remote attestation request failed because the host started with dumps enabled. For help, refer to http://go.microsoft.com/fwlink/?LinkId=824148
Event IDs 1038 and 3038 represent the same event.

Message

The remote attestation request failed because the host did not start with dump encryption enabled. For help, refer to http://go.microsoft.com/fwlink/?LinkId=824149
Event IDs 1039 and 3039 represent the same event.

Message

The remote attestation request failed because the host's dump encryption key protector does not match any registered with the attestation server. Error:%1. If this is a valid host, you must first perform the following steps:
    1. On the host, configure dump encryption with a certificate.
    2. On the Attestation server, run the Add-HgsAttestationDumpPolicy cmdlet, specifying the SHA256 hash of the public key blob configured on the host.
Event IDs 1040 and 3040 represent the same event.

Fields

Message

Remote attestation failed due to an invalid payload received by the Host Guardian Service. Event IDs 1043 and 3043 represent the same event.

Message

The endorsement key certificate could not be found in the TPM. The endorsement public key may be used instead. Error: %1
Event IDs 1044 and 3044 represent the same event.

Fields

Message

The remote attestation request failed because the host key is not inclued in the authorized list of host keys on the attestation server. Error: %1. To add the host key to the authorized list of host keys, perform the following steps:
    1. On this host, run the Get-HgsAttestationHostKey cmdlet to retrieve the necessary key material.
    2. On the Attestation server, run the Add-HgsAttestationHostKey cmdlet, specifying the file generatetd in the previous step.
EventIDs 1046 and 3046 represent the same event.

Fields

Message

The HGAttest API completed the operation with status code: %2. Operation: %1

Fields

Fields

Message

The URL provided for SHS attestation is invalid. URL: %1

Fields

Message

Attestation is not supported in this configuration.

Message

Remote attestation for a Certified Virtual Secure Mode Identity Signing Key is currently not supported.

Message

Remote attestation for a CA Intermediate Certificate is currently not supported.

Fields

Message

This host attempted a remote attestation in %1 mode, but the targeted HGS server is operating in %2 mode.

Fields

Fields

Message

A host key was set from certificate with thumbprint %1.

Fields

Fields

Message

A host key was removed. It was from certificate with thumbprint %1.

Fields