Microsoft-Windows-Provisioning-Diagnostics-Provider
114 events across 5 channels
Event ID 10 — Configuring ProvXML with category 'Message1'.
#Description
Configuring ProvXML with category 'Message1'.
Message #
Fields #
| Name | Description |
|---|---|
Message1 UnicodeString | — |
Message2 UnicodeString | ProvXML data |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Provisioning-Diagnostics-Provider",
"guid": "ED8B9BD3-F66E-4FF2-B86B-75C7925F72A9",
"event_source_name": "",
"event_id": 10,
"version": 0,
"level": 4,
"task": 0,
"opcode": 0,
"keywords": 9223372036854775808,
"time_created": "2023-11-06T06:25:52.831967+00:00",
"event_record_id": 113,
"correlation": {},
"execution": {
"process_id": 3584,
"thread_id": 3588
},
"channel": "Microsoft-Windows-Provisioning-Diagnostics-Provider/Admin",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-18"
}
},
"event_data": {
"Message1": "PowerSettings",
"Message2": "MCSF/Power/Controls/EnergyEstimationEnabled"
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 11 — ProvXML category 'Message1' completed successfully.
#Description
ProvXML category 'Message1' completed successfully. Message2.
Message #
Fields #
| Name | Description |
|---|---|
Message1 UnicodeString | — |
Message2 UnicodeString | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Provisioning-Diagnostics-Provider",
"guid": "ED8B9BD3-F66E-4FF2-B86B-75C7925F72A9",
"event_source_name": "",
"event_id": 11,
"version": 0,
"level": 4,
"task": 0,
"opcode": 0,
"keywords": 9223372036854775808,
"time_created": "2023-11-05T22:26:45.490065+00:00",
"event_record_id": 132,
"correlation": {
"ActivityID": "F590C418-1079-0003-3DF1-90F57910DA01"
},
"execution": {
"process_id": 3584,
"thread_id": 3588
},
"channel": "Microsoft-Windows-Provisioning-Diagnostics-Provider/Admin",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-18"
}
},
"event_data": {
"Message1": "PowerSettings",
"Message2": "Provisioning succeeded"
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 12 — ProvXML category 'Message1' failed with 'HRESULT' at CSP node 'Message2'.
Event ID 13 — Setting Message1 was ignored because it was not available on this OS build.
Event ID 20 — Applying package 'Message1' ID: Message2.
#Description
Applying package 'Message1' ID: Message2.
Message #
Fields #
| Name | Description |
|---|---|
Message1 UnicodeString | — |
Message2 UnicodeString | 1' ID. |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Provisioning-Diagnostics-Provider",
"guid": "ED8B9BD3-F66E-4FF2-B86B-75C7925F72A9",
"event_source_name": "",
"event_id": 20,
"version": 0,
"level": 4,
"task": 0,
"opcode": 0,
"keywords": 9223372036854775808,
"time_created": "2023-11-06T06:25:50.949676+00:00",
"event_record_id": 111,
"correlation": {},
"execution": {
"process_id": 3584,
"thread_id": 3588
},
"channel": "Microsoft-Windows-Provisioning-Diagnostics-Provider/Admin",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-18"
}
},
"event_data": {
"Message1": "Microsoft.Windows.Cosa.Desktop.Client.ppkg",
"Message2": "{c8a326e4-f518-4f14-b543-97a57e1a975e}"
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 21 — Package 'Message1' has completed.
Event ID 22 — Package 'Message1' failed with 'HRESULT'.
Event ID 23 — Skipping package 'Message1' ID: Message2.
Event ID 30 — Initiating provisioning turn '{Int1}'.
Event ID 31 — Provisioning turn '{Int1}' has completed.
Event ID 32 — Provisioning turn '{Int1}' failed with '{HRESULT}'.
Event ID 40 — Registry specified search path is invalid: Message1.
Event ID 41 — InitiateSystemShutdownEx succeeded.
Description
InitiateSystemShutdownEx succeeded.
Message #
Event ID 42 — InitiateSystemShutdownEx failed.
Event ID 43 — Start RebootSystem.
Description
Start RebootSystem ...
Message #
Event ID 44 — InitiateSystemShutdownEx succeeded.
Description
InitiateSystemShutdownEx succeeded.
Message #
Event ID 45 — InitiateSystemShutdownEx failed.
Event ID 60 — AddPackage initiated, pathCount = UInt1.
Event ID 61 — AddPackage succeeded, targetPath = Message1.
Event ID 62 — AddPackage failed.
Event ID 63 — RemovePackage initiated, package id = Message1.
Event ID 64 — RemovePackage succeeded, package id = Message1.
Event ID 65 — RemovePackage failed.
Event ID 66 — RemovePackageMetadata succeeded, package id = Message1.
Event ID 67 — RemovePackageMetadata failed.
Event ID 68 — RemoveResourceManagerPackageMetadataForCsp succeeded, package id = Message1.
Event ID 69 — RemoveResourceManagerPackageMetadataForCsp failed.
Event ID 70 — ApplyKnownPackages initiated, turn = Int1.
Event ID 71 — ApplyKnownPackages succeeded, turn = Int1.
Event ID 72 — ApplyKnownPackages failed.
Event ID 73 — PublishDeviceProvisioningLogs failed.
Event ID 73 —
Description
PublishDeviceProvisioningLogs failed. HRESULT =.
Fields #
| Name | Description |
|---|---|
HRESULT HexInt32 | — |
Event ID 74 — PublishDeviceProvisioningLogs succeeded.
Description
PublishDeviceProvisioningLogs succeeded.
Message #
Event ID 74 —
Description
PublishDeviceProvisioningLogs succeeded.
Event ID 75 — CleanupOOBEProvisioningLogs failed.
Event ID 75 —
Description
CleanupOOBEProvisioningLogs failed. HRESULT =.
Fields #
| Name | Description |
|---|---|
HRESULT HexInt32 | — |
Event ID 76 — CleanupOOBEProvisioningLogs succeeded.
Description
CleanupOOBEProvisioningLogs succeeded.
Message #
Event ID 76 —
Description
CleanupOOBEProvisioningLogs succeeded.
Event ID 80 — GetLastProvisioningResultsAsync succeeded, resultCount = UInt1.
Event ID 81 — GetLastProvisioningResultsAsync failed.
Event ID 82 — GetLastProvisioningCommandResultsAsync succeeded, resultCount = UInt1.
Event ID 83 — GetLastProvisioningCommandResultsAsync.
Event ID 90 — Settings detail.
#Description
Settings detail.
Message #
Fields #
| Name | Description |
|---|---|
Message1 UnicodeString | — |
Message2 UnicodeString | — |
Message3 UnicodeString | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Provisioning-Diagnostics-Provider",
"guid": "ED8B9BD3-F66E-4FF2-B86B-75C7925F72A9",
"event_source_name": "",
"event_id": 90,
"version": 0,
"level": 4,
"task": 0,
"opcode": 0,
"keywords": 9223372036854775808,
"time_created": "2023-11-06T06:25:42.966867+00:00",
"event_record_id": 89,
"correlation": {},
"execution": {
"process_id": 3584,
"thread_id": 3588
},
"channel": "Microsoft-Windows-Provisioning-Diagnostics-Provider/Admin",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-18"
}
},
"event_data": {
"Message1": "OOBE",
"Message2": "<Not Present>",
"Message3": "<Not Present>"
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 91 — RegisterForCspAlerts succeeded.
#Description
RegisterForCspAlerts succeeded. EnrollmentId = Message1.
Message #
Fields #
| Name | Description |
|---|---|
Message1 UnicodeString | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Provisioning-Diagnostics-Provider",
"guid": "ED8B9BD3-F66E-4FF2-B86B-75C7925F72A9",
"event_source_name": "",
"event_id": 91,
"version": 0,
"level": 4,
"task": 0,
"opcode": 0,
"keywords": 9223372036854775808,
"time_created": "2023-11-06T06:25:52.831884+00:00",
"event_record_id": 112,
"correlation": {},
"execution": {
"process_id": 3584,
"thread_id": 3588
},
"channel": "Microsoft-Windows-Provisioning-Diagnostics-Provider/Admin",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-18"
}
},
"event_data": {
"Message1": "{1e05dd5d-a022-46c5-963c-b20de341170f}"
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 92 — RegisterForCspAlerts Failed.
Event ID 93 — UpdatePendingResultInternal succeeded.
Event ID 94 — UpdatePendingResultInternal Failed.
Event ID 100 — AutoPilot policy [Message1] not found.
Event ID 101 — AutoPilotGetPolicyDwordByName succeeded: policy name = Message1; policy value = Int1.
Event ID 102 — AutoPilotGetPolicyDwordByName error: policy name = Message1; HRESULT = HRESULT.
Event ID 103 — AutoPilotGetPolicyStringByName succeeded: policy name = Message1; policy value = Message2.
Event ID 104 — AutoPilotGetPolicyStringByName error: policy name = Message1; HRESULT = HRESULT.
Event ID 105 — AutoPilotDisable succeeded.
Description
AutoPilotDisable succeeded.
Message #
Event ID 106 — AutoPilotDisable error: HRESULT = HRESULT.
Event ID 107 — AutoPilot state = Message1.
Event ID 108 — AutoPilotIsDisabled error: HRESULT = HRESULT.
Event ID 109 — AutoPilotGetOobeSettingsOverride succeeded: OOBE setting = Message1; state = Message2.
Event ID 110 — AutoPilotGetOobeSettingsOverride error: OOBE setting = Message1; HRESULT = HRESULT.
Event ID 111 — AutoPilotRetrieveSettings succeeded.
Description
AutoPilotRetrieveSettings succeeded.
Message #
Event ID 112 — AutoPilotRetrieveSettings error: HRESULT = HRESULT.
Event ID 113 — AutoPilot reported the DLL was unloaded while there were Int1 outstanding calls.
Event ID 114 — AutoPilotRetrieveSettings was skipped because this version of Windows does not support Azure Active Directory join.
Description
AutoPilotRetrieveSettings was skipped because this version of Windows does not support Azure Active Directory join.
Message #
Event ID 115 — Autopilot discovery failed to find a valid MDM.
Event ID 150 — AutoPilotManager started the MSA service for TPM attestation identity.
Description
AutoPilotManager started the MSA service for TPM attestation identity.
Message #
Event ID 151 — AutoPilotManager started the TPM task to update TPM attestation.
Description
AutoPilotManager started the TPM task to update TPM attestation.
Message #
Event ID 152 — AutoPilotManager reported TPM task is complete.
Description
AutoPilotManager reported TPM task is complete.
Message #
Event ID 153 — AutoPilotManager reported the state changed from InitialState to UpdateState.
Event ID 154 — AutoPilotManager failed to start MSA service.
Event ID 155 — AutoPilotManager failed to start TPM task.
Event ID 156 — AutoPilotManager reported that MSA TPM is not configured for hardware TPM attestation even though the profile indicates it is required.
Description
AutoPilotManager reported that MSA TPM is not configured for hardware TPM attestation even though the profile indicates it is required. AutoPilot cannot proceed.
Message #
Event ID 157 — AutoPilotManager reported that TPM attestation lasted UInt1 microseconds.
Event ID 160 — AutoPilotRetrieveSettings beginning acquisition.
Description
AutoPilotRetrieveSettings beginning acquisition.
Message #
Event ID 161 — AutoPilotManager retrieve settings succeeded.
Description
AutoPilotManager retrieve settings succeeded.
Message #
Event ID 162 — AutoPilotManager determined download is not required and the device is not provisioned.
Description
AutoPilotManager determined download is not required and the device is not provisioned. Clean or reset the device to change this.
Message #
Event ID 163 — AutoPilotManager determined download is not required and the device is already provisioned.
Description
AutoPilotManager determined download is not required and the device is already provisioned. Clean or reset the device to change this.
Message #
Event ID 164 — AutoPilotManager determined Internet is available to attempt policy download.
Description
AutoPilotManager determined Internet is available to attempt policy download.
Message #
Event ID 165 — AutoPilotManager determined Internet is not available; policy download will queue when available.
Description
AutoPilotManager determined Internet is not available; policy download will queue when available.
Message #
Event ID 166 — AutoPilotManager reported Internet is now available.
Description
AutoPilotManager reported Internet is now available.
Message #
Event ID 167 — AutoPilotManager reported Internet is still not available.
Description
AutoPilotManager reported Internet is still not available.
Message #
Event ID 168 — AutoPilotManager reported MSA TPM device identity was updated.
Description
AutoPilotManager reported MSA TPM device identity was updated.
Message #
Event ID 169 — AutoPilotManager set TPM identity confirmed.
Description
AutoPilotManager set TPM identity confirmed.
Message #
Event ID 170 — AutoPilotManager set AutoPilot profile as available.
Description
AutoPilotManager set AutoPilot profile as available.
Message #
Event ID 171 — AutoPilotManager failed to set TPM identity confirmed.
Event ID 172 — AutoPilotManager failed to set AutoPilot profile as available.
Event ID 173 — AutoPilotManager failed to register for network availability.
Event ID 174 — AutoPilotManager failed to register for device identity availability.
Event ID 175 — AutoPilotManager failed to register for device identity task update.
Event ID 176 — MSA TPM keystate has been updated.
Event ID 177 — TPM attestation retry is being attempted.
Event ID 178 — AutoPilotManager began device enrollment with internal state Int1.
Event ID 179 — AutoPilotManager began device enrollment phase State.
Event ID 180 — AutoPilotManager failed during device enrollment phase State.
Event ID 181 — AutoPilotManager completed device enrollment phase State.
Event ID 182 — AutoPilotManager reported that the retry timer event was set to UInt1 milliseconds.
Event ID 183 — AutoPilotManager reported that the retry timer event occurred
Description
AutoPilotManager reported that the retry timer event occurred.
Message #
Event ID 184 — AutoPilotManager failed to register for MSA keystate update availability.
Event ID 300 — AutoPilotManager device enrollment reported an initialization failure.
Event ID 301 — AutoPilotManager device enrollment reported a blocking failure.
Event ID 302 — AutoPilotManager device enrollment failed during stage State with error HRESULT.
Event ID 303 — AutoPilotManager device enrollment succeeded.
Event ID 310 — AutoPilot configuration file path: AutoPilot_configuration_file_path.
Event ID 311 — Failed to load AutoPilot configuration file, HRESULT = HRESULT.
Event ID 312 — Failed to parse AutoPilot configuration file, HRESULT = HRESULT.
Event ID 313 — Invalid ZtdCorrelationId found in Autopilot configuration file, HRESULT = HRESULT.
Event ID 1000 — Management service starting.
Description
Management service starting.
Message #
Event ID 1001 — Management service started.
Description
Management service started.
Message #
Event ID 1002 — Management service failed to start.
Event ID 1003 — Management service failed to register.
Description
Management service failed to register.
Message #
Event ID 1004 — Management service shutdown.
Description
Management service shutdown.
Message #
Event ID 1005 — Management service WIL error was reported.
Event ID 1006 — Management service call Message1 is deprecated!
Event ID 1007 — Management service cleared the local Autopilot cached state.
Description
Management service cleared the local Autopilot cached state.
Message #
Event ID 1008 — Management service failed to clear the local Autopilot cached state.
Event ID 2000 — Device rename has been blocked through MDM because machine is domain joined
Description
Device rename has been blocked through MDM because machine is domain joined.