Microsoft-Windows-PushNotifications-Platform

412 events across 4 channels

Event ID	Title	Channel
1	The Windows Push Notification Platform has encountered an error in File: %1, …	Debug
2	The Windows Push Notification Platform has started loading.	Debug
3	The Windows Push Notification Platform has been unloaded.	Debug
4	The Windows Push Notification Platform has been disabled due to Group Policy …	Debug
5	The Windows Push Notification Platform has been loaded.	Debug
6	The Windows Push Notification Platform has started unloading.	Debug
7	The Windows Push Notification Platform has launched as %1 with %2 privilege.	Debug
8	The Windows Push Notification Platform is switching into new %1 privilege.	Debug
9	The Windows Push Notification Platform has switched with error code %2, and …	Debug
10	The Windows Push Notification Platform has started defragging storage.	Debug
11	The Windows Push Notification Platform has finished defragging storage.	Debug
12	The Windows Push Notification Platform has determined new maximum number of …	Debug
13	The Windows Push Notification Platform has expanded its persistent header …	Debug
14	The Windows Push Notification Platform has switched to using an expanded …	Debug
15	The Windows Push Notification Platform has started loading file data: count …	Debug
16	The Windows Push Notification Platform has created a new memory-mapped file.	Debug
17	The Windows Push Notification Platform has detected that its persistent buffer …	Debug
18	The Windows Push Notification Platform has registered inbox applications.	Debug
19	The Windows Push Notification Platform has encountered an error in File: %1, …	Operational
20	The Windows Push Notification Platform has encountered error %2 opening file %1.	Operational
21	The Windows Push Notification Platform has started processing tile update …	Debug
22	The Windows Push Notification Platform has stopped processing tile update …	Debug
23	The Windows Push Notification Platform is setting URI %2 with recurrence %3 for …	Debug
24	The Windows Push Notification Platform has initiated a WNS connection.	Debug
25	The Windows Push Notification Platform is disconnecting from WNS.	Debug
26	ThreadPool: [.	Debug
27	ThreadPool: [.	Debug
28	ResourceManager has recevied a message: code [.	Debug
29	The Windows Push Notification Platform has started scavenging the image cache.	Debug
30	The Windows Push Notification Platform has finished scavenging the image cache.	Debug
31	The Windows Push Notification Platform has %1 entries in the image cache.	Debug
32	The Device has entered battery saver state: BATTERY_SAVINGS_ON	Debug
33	The Device has exited battery saver state: BATTERY_SAVINGS_OFF	Debug
34	The DcpProvider has been loaded successfully.	Debug
35	WNS Platform finished TraceLogging registration with code %1.	Debug
36	WNS Connection Provider finished TraceLogging registration with code %1.	Debug
37	The Windows Push Notification Platform is required to connect on startup, …	Operational
38	PDC intialization finished with ErrorCode.	Debug
39	PDC unintialization finished with ErrorCode.	Debug
40	PDC activation finished with ErrorCode: %1, PdcType: %2, PdcScenario: %3, …	Debug
41	PDC deactivation finished with ErrorCode: %1, PdcType: %2, PdcNetRef: %3, …	Debug
42	Cloud Notifications must be enabled in GP and MDM to receive push notifications.	Operational
1000	A Connection Provider is registered with Windows Push Notification Platform …	Debug
1001	The following Connection Provider is enabled with the parameters: %1 [CLSID] %2 …	Debug
1002	The Connection Provider with CLSID %1 was instantiated with the following flags …	Debug
1003	Connect request sent to the Connection Provider.	Operational
1004	Disconnect request sent the Connection Provider.	Operational
1005	The Connection Provider status changed to %1.	Operational
1006	Sending a channel request to the Connection Provider with parameters: %1 …	Operational
1007	The Connection Provider completed the channel request for transaction id %1.	Operational
1008	Sending a channel revoke request to the Connection Provider for channel id %1.	Operational
1010	%1 received for ChannelId %2 and AppUserModelId %3 with TrackingId %4, …	Operational
1011	Sending a request to the Connection Provider to renew a channel with parameters: …	Operational
1012	Setting batching configuration to the following state.	Debug
1013	Configuring notification delivery for AppUserModelId %4 with channel id %1.	Operational
1014	The Resource Manager was notified that display state changed to %1.	Debug
1015	Configuring notification policy for %1 [NotificationType] %2 [Enabled].	Operational
1016	The Resource Manager was notified of an update to the network cost.	Debug
1017	The Resource Manager was notified of an update to the data plan.	Debug
1018	The Resource Manager reset the Mobile Broadband Usage statistics.	Debug
1019	The Resource Manager was notified that user session state changed to %1.	Debug
1020	The Connection Provider status changed to a failure state: {Status}.	Operational
1021	The Connection Manager has failed to connect.	Operational
1022	ConnectWork is requesting ConnectionManager to connect.	Operational
1023	No internet connection available, %1 is queued for next network status change.	Operational
1024	Internet connection status changed to %1, submitting pending workitems: count = …	Operational
1025	A Power event was fired: %1 [PowerEventType] %2 [Enabled].	Operational
1100	Connecting to the Windows Push Notification Service.	Debug
1101	Windows Push Notification Service connection result.	Debug
1102	Sending Channel WNP Protocol command: %1 [TransactionId] %2 [ChannelId] %3 …	Debug
1103	Channel WNP Protocol command tracking information: %1 [TransactionId] %2 [TrID].	Debug
1104	Sending Revoke WNP Protocol command: %1 [ChannelId] %3 [Command] %4 [Namespace] …	Debug
1105	Sending Block/Unblock WNP Protocol command: %1 [ChannelId] %2 [NotificationType] …	Debug
1106	Sending Options WNP Protocol command: %1 [State] %3 [Command] %4 [Namespace] %5 …	Debug
1107	WNP Protocol command response: %1 [TrID] %2 [Error] %3 [ContextId] %4 [UserId].	Debug
1108	WNP Protocol delivered notification: %1 [Namespace] %2 [UserId] %3 [PayloadSize] …	Debug
1109	Disconnecting from the Windows Push Notification Service.	Debug
1110	Windows Push Notification Service disconnection result.	Debug
1112	Requesting Device Compact Ticket for the %1.	Debug
1113	Device Compact Ticket request completed with Device Id %1 for the %2.	Operational
1114	Sending Filter/Unfilter WNP Protocol command: %1 [NotificationType] %2 [Enabled] …	Debug
1115	Sending Ack WNP Protocol command: %1 [MsgId] %3 [Command] %4 [Namespace] %6 …	Debug
1116	Device Compact Ticket request failed with error %1 for the %2.	Operational
1117	Windows Push Notification Service was disconnected due to error: %1 and will now …	Operational
1118	Sending Challenge Response WNP Protocol command: %1 [Nonce] %2 [Response] %4 …	Debug
1201	WNP Transport Layer Connect call initiated for the %1.	Debug
1202	WNP Transport Layer Connect call completed for the %1.	Debug
1203	WNP Transport Layer SendCommand call initiated for TrID %1 on the %2.	Debug
1204	WNP Transport Layer SendCommand call completed for TrID %1 on the %2.	Debug
1205	WNP Transport Layer Disconnect call initiated for the %1.	Operational
1206	WNP Transport Layer Disconnect call completed for the %1.	Operational
1207	WNP Transport Layer resolving DNS initiated for host %2 for the %1.	Operational
1208	WNP Transport Layer resolving DNS completed for the %1 with code %2.	Operational
1209	WNP Transport Layer retrieving proxy information initiated for the …	Operational
1210	WNP Transport Layer retrieving proxy information completed for the …	Operational
1211	WNP Transport Layer initial server connection initiated to server %2 on port %3 …	Operational
1212	WNP Transport Layer initial server connection completed to server %2 on port %3 …	Operational
1213	WNP Transport Layer proxy connection initiated for the %1.	Operational
1214	WNP Transport Layer proxy connection completed to server %2 for the %1.	Operational
1215	WNP Transport Layer proxy negotiation initiated for the %1.	Operational
1216	WNP Transport Layer proxy negotiation completed for the %1.	Operational
1217	WNP Transport Layer TLS negotiation initiated for the %1.	Operational
1218	WNP Transport Layer TLS negotiation completed for the %1 with code %2.	Operational
1219	WNP Transport Layer sent %1 bytes on the %2.	Debug
1220	WNP Transport Layer received %1 bytes on the %2.	Debug
1223	WNP Transport Layer sent command: %1, Trid: %2, Namespace: %3, CV: %4 containing …	Operational
1224	WNP Transport Layer received %1 bytes of payload: %2.	Operational
1225	WNP Transport Layer received command: %1, Trid: %2, Namespace: %3, CV: %4 …	Operational
1226	WNP Transport Layer received proxy server response for the %3 of %1 bytes with …	Operational
1227	WNP Transport Layer received command when disconnected with Verb: %1, Trid: %2, …	Operational
1228	WNP Keep Alive Detector received OnConnected event from the test connection with …	Debug
1229	WNP Keep Alive Detector received OnReconnecting event from the test connection …	Debug
1230	WNP Keep Alive Detector received OnDisconnected event from the test connection …	Debug
1231	WNP Keep Alive Detector received KA hint from server: %1 seconds.	Debug
1232	WNP Keep Alive Detector updating cached Ka time with value: %2 seconds; type: …	Debug
1233	Fast reconnect triggered for previous WNS session (%1) on the %3.	Operational
1234	%2 TCP connection established over %1.	Debug
1235	WNP Keep Alive Detector resetting Idle Failed Interval.	Debug
1236	WNP Keep Alive Detector incrementing Idle-Succeeded count to %1.	Debug
1237	WNP Keep Alive Detector encountered failed idle interval of %1 seconds.	Debug
1238	WNP Keep Alive Detector starting Test Connection	Operational
1239	WNP Keep Alive Detector starting KA measurement with value: %2 seconds; type: …	Operational
1240	WNP Keep Alive Detector stopping KA measurement	Operational
1241	WNP Keep Alive Detector lost network over %1.	Operational
1242	WNP Transport Layer received Power Management event with type %1 on the %2.	Operational
1243	WNP Transport Layer received Power Management event with type %1 on the %2.	Debug
1244	Connection to the Windows Push Notification Service (%1:%2) failed because proxy …	Operational
1245	Connection to the Windows Push Notification Service (%1:%2) failed because the …	Admin
1246	WNP Transport Layer was disconnected from the Windows Push Notification Service …	Operational
1247	Connection to the Windows Push Notification Service failed because of a failure …	Admin
1248	Connection to the Windows Push Notification Service (%1:%2) failed because the …	Admin
1249	StopKeepAliveMeasurement was called from message loop.	Debug
1250	The KA measurement was never started.	Debug
1251	The test connection disconnect failed synchronously due to error.	Debug
1252	The KA value has converged.	Operational
1253	The test connection will be disconnected due to idle failure.	Debug
1254	WNP Transport Layer for %1 detected preferred interface change.	Operational
1255	WNP Transport Layer for %1 reacting to preferred interface change, disconnect …	Operational
1256	WNP Transport Layer for %1 reacting to preferred interface change, immediately …	Operational
1257	WNP Transport Layer for %1 called InitializeSecurityContext and got return code …	Operational
1258	WNP Transport Layer for %1 received asynchronous connection error %2.	Operational
1259	WNP Transport Layer for the Data Connection sending out of band keep alive (PNG) …	Operational
1260	WNP Transport Layer for the Data Connection received cellular state change WNF …	Operational
1261	Adding new user to the Windows Push Notification Service.	Operational
1262	Removing existing user from the Windows Push Notification Service.	Operational
1263	Replacing existing user from the Windows Push Notification Service.	Operational
1264	Adding new user to the Windows Push Notification Service completed.	Operational
1265	Removing existing user from the Windows Push Notification Service completed.	Operational
1266	Replacing existing user from the Windows Push Notification Service completed.	Operational
1267	WNP Transport Layer sent command: %1, Trid: %2, Namespace: %3, CV: %4 containing …	Operational
1268	WNP Transport Layer received command: %1, Trid: %2, Namespace: %3, CV: %4 …	Operational
1300	Started tracking connection establishment performance.	Debug
1301	Finished tracking connection establishment performance.	Debug
1302	PDC Intialization finished with error code [.	Debug
1303	PDC Unintialization finished with error code [.	Debug
1304	PDC Activation finished with error code [.	Debug
1305	PDC Deactivation finished with error code [.	Debug
1306	WNP protocol state for Device Id %1 is State %2 for the %3.	Debug
1307	WNP Connector state for Connector Id %1 is State %2 for the %3.	Debug
1308	WNP Transport Layer for Connector Id %1 requested NCSI probe for the %2 and got …	Debug
1309	WNP Transport Layer for Auth Manager requested NCSI probe for the %1 and got …	Debug
1310	WNP Transport Layer for %1 detected first fallback interface change.	Operational
1311	WNP Transport Layer for %1 detected second fallback interface change.	Operational
1312	WNP Transport Layer detected low WIFI signal quality level (value = %1); and …	Operational
1313	WNP Transport Layer detected a significant drop in WIFI signal quality (delta = …	Operational
1314	WNP Transport Layer detected a change in WIFI interface availability (event %1); …	Operational
1315	WNP Transport Layer detected a change in WIFI interface connectivity status …	Operational
1316		Operational
1316	WNS delivered notification dropped in CP: %1 [ErrorCode] %2 [Namespace] %3 …	Operational
1317		Operational
1317	%1 associated with ChannelId %2 and AppUserModelId %3 with X-WNS-MSG-ID %4 …	Operational
1318		Operational
1318	WNP Protocol delivered notification: %1 [Namespace] %2 [UserId] %3 [PayloadSize] …	Operational
2000	The Windows Push Notification Platform has received a channel request with the …	Debug
2001	The channel table has added a valid channel mapping: %1 [ChannelId] %2 …	Operational
2002	The channel table has removed a channel mapping: %1 [ChannelId] %2 …	Operational
2003	The channel table has updated a channel mapping: %1 [ChannelId] %2 …	Operational
2004	The channel table has returned a cached channel mapping: %1 [ChannelId] %2 …	Debug
2005	A cloud notification callback was added: %1 [AppUserModelId].	Debug
2006	A cloud notification callback was removed: %1 [AppUserModelId].	Debug
2007	A cloud notification could not be delivered to a callback due to an error: %1 …	Debug
2008	A cloud notification was delivered to a callback: %1 [AppUserModelId] %2 …	Debug
2009	A local notification was submitted to threadpool: %1 [AppUserModelId] %2 …	Debug
2010	A clear tile message was received from an application endpoint: %1 …	Debug
2011	A clear badge message was received from an application endpoint: %1 …	Debug
2012	A cancel toast message was received from an application endpoint: %1 …	Debug
2013	A clear toast message was received from an application endpoint: %1 …	Debug
2014	A remove toast message was received from an application endpoint: %1 …	Debug
2015	A channel request failed due to an error: %1 [AppUserModelId] %2 [ErrorCode].	Debug
2016	A clear mixview message was received from an application endpoint: %1 …	Debug
2025	A toast feedback callback was added: %1 [NotificationTrackingId].	Debug
2026	A toast feedback callback was removed: %1 [NotificationTrackingId].	Debug
2027	A toast feedback callback was invoked: %1 [NotificationTrackingId].	Debug
2028	A scheduled toast was added: %1 [PackageFullName] %2 [AppUserModelId].	Debug
2029	A scheduled toast was removed: %1 [PackageFullName] %2 [AppUserModelID].	Debug
2030	A scheduled toast is about to be raised: %1 [AppUserModelID] %2 [TimerId] %3 …	Debug
2031	A background task to application mapping has been added: %1 [AppUserModelID] %2 …	Debug
2032	A background task to application mapping has been removed: %1 [AppUserModelID] …	Debug
2033	A raw notification has activated a background task: %1 [AppUserModelID] %2 …	Operational
2034	A raw notification has activated a system task: %1 [AppUserModelID].	Debug
2035	A scheduled tile was added: %1 [PackageFullName] %2 [AppUserModelId] %3 …	Debug
2036	A scheduled tile was removed: %1 [PackageFullName] %2 [AppUserModelId] %3 …	Debug
2037	A scheduled tile is being raised: %1 [AppUserModelId] %2 [Cookie].	Debug
2038	A scheduled tile was removed because the number of scheduled tiles per app …	Debug
2039	A periodic update has been set: %1 [PackageFullName] %2 [AppUserModelId] %3 …	Debug
2040	A periodic update has been reset: %1 [PackageFullName] %2 [AppUserModelId] %3 …	Debug
2041	A periodic update has started polling URL: %1 [AppUserModelId] %2 [Type].	Debug
2042	A periodic update has finished polling URL: %1 [AppUserModelId] %2 [Type].	Debug
2043	A periodic update has rejected polling URL because size of notification exceeded …	Debug
2044	A periodic update has rejected polling URL due to mobile broadband connection …	Debug
2045	A periodic update has failed polling URL.	Debug
2046	A background task application mapping entry has been removed: %1 …	Debug
2047	Notification API call for %1 [AppUserModelId] failed.	Debug
2048	A raw notification has failed to activate a background task: %1 [AppUserModelID] …	Debug
2049	A periodic update has found HTTP Status Code rather than 200: %1 …	Debug
2050	A periodic update has failed polling URL because X-WNS-TAG header is invalid: %1 …	Debug
2051	A periodic update has failed polling URL because X-WNS-EXPIRY header is invalid: …	Debug
2052	A periodic update of Type %2 for AppUserModelId %1 at URL %3 has been skipped …	Debug
2053	A periodic update has failed polling URL because X-WNS-GROUP header is invalid: …	Operational
2100	A cloud notification was dropped because the following channel is not valid: %1 …	Debug
2101	A notification was dropped because the expiration time was in the past: %1 …	Debug
2102	A notification was dropped because of global settings: %1 [PolicyLevel] %2 …	Debug
2103	A notification was dropped because cloud notifications are disabled globally: %1 …	Debug
2104	A notification was dropped because of application settings: %1 [AppUserModelId] …	Debug
2105	A notification was dropped because the application does not have the network …	Debug
2106	A notification was dropped because the application does not have the capability …	Debug
2107	A notification was dropped because the current network is costly: %1 …	Debug
2108	A notification was dropped because the mobile broadband cap has been reached: %1 …	Debug
2109	Network traffic related to notifications was attributed to the following …	Debug
2110	A notification was dropped because cloud notifications are disabled for the …	Debug
2111	A notification was dropped because the application is not registered: %1 …	Debug
2112	A %3 notification with trackingid %2 is getting posted for the application %1 …	Debug
2150	An application setting was changed: %1 [AppUserModelId] %2 [SettingType] %3 …	Debug
2151	A group policy setting was changed.	Debug
2152	An application setting was queried: %1 [AppUserModelId] %2 [SettingType] %3 …	Debug
2153	A global setting was changed: %1 [SettingType] %2 [Enabled] %3 [PolicyLevel].	Debug
2154	A global setting was queried: %1 [SettingType] %2 [Enabled] %3 [PolicyLevel].	Debug
2155	The list of apps with capability: %1 [SettingType] was requested.	Debug
2156	Callback registered for %1 [SettingType] with Cookie %2 [Cookie Value].	Debug
2157	Callback unregistered : %1 [Cookie Value].	Debug
2158	End of clearing Tile Notification Queues and Image Cache.	Debug
2159	Mobile Broadband Tile Cap Queried: %1 [Cap Value (Bytes)].	Debug
2160	Mobile Broadband Tile Cap Changed: %1 [Cap Value (Bytes)].	Debug
2161	Mobile Broadband Tile Usage Queried: %1 [Usage Value (Bytes)].	Debug
2162	Mobile Broadband Reset Dates Queried.	Debug
2163	The list of apps with capability: %1 [SettingType] in Package: %2 …	Debug
2164	Start of clearing Tile Notification Queues and Image Cache.	Debug
2165	Mobile Broadband Cap Enforcement Callback invoked: %1 [Enabled].	Debug
2166	Toasts have been Temporarily Suspended until %1 [UTC FILETIME].	Debug
2167	Toast Temporary Suspend Time was queried: Is Suspended?	Debug
2168	Toast Wakeup Timer has fired.	Debug
2169	The list of Polling apps in Package: %1 [PackageFamilyName] was requested.	Debug
2170	A Setting Sync was scheduled: %1 [PackageFamilyName] %2 [Collection ID].	Debug
2171	A call to the settings endpoint happened to unblock all channels for all types.	Operational
2200	A channel request was not allowed because of global settings: %1 [PolicyLevel] …	Debug
2201	A channel request was not allowed because the application does not have the …	Debug
2202	A %2 notification with NotificationTrackingId %1 was dropped because appropriate …	Debug
2203	A %3 notification with NotificationTrackingId %2 is being delivered to …	Debug
2250	Notification channels associated with a package are able to receive raw …	Debug
2300	The following application was added to the lock screen: %1 [PackageFullName] %2 …	Debug
2301	The following application was removed from the lock screen: %1 [PackageFullName] …	Debug
2400	System application was registered with the following paramaeters: %1 …	Debug
2401	System application was unregistered with the following parameters: %1 …	Debug
2402		Debug
2403		Debug
2404	Phone VoIP application was registered with the following parameters: %1 …	Debug
2405	Phone VoIP application was unregistered with the following parameters: %1 …	Debug
2406	The Windows Push Notification Platform has received a phone legacy channel …	Debug
2407	PhoneLegacy push notification is being processed: ChannelId [.	Debug
2408	PhoneLegacy voip notification is being processed: ChannelId [.	Debug
2409	A connection status callback was added: %1 [AppUserModelId].	Debug
2410	A connection status callback was removed: %1 [AppUserModelId].	Debug
2411	A connection status callback was updated: %1 [AppUserModelId].	Debug
2412	A connection status was delivered to a callback: %1 [AppUserModelId] %2 …	Debug
2413	An application was registered with the following parameters: %1 …	Operational
2414	An application resgistration was updated with the following parameters: %1 …	Operational
2415	An application was unregistered with the following parameters: %1 …	Operational
2416		Operational
2416	A local notification was received from %1 [AppUserModelId] with a %2 …	Operational
2417		Operational
2417	A local notification failed to be submitted to threadpool: %1 [HResult].	Operational
2418		Operational
2418	A local notification was submitted to threadpool: %1 [AppUserModelId] %2 …	Operational
2419		Operational
2419	A raw notification has activated a system task: %1 [AppUserModelID].	Operational
3000	Tile session creation is requested for %2 endpoint %1.	Operational
3001	Tile session creation is finished for %4 from endpoint %1 with result %3, and %2 …	Operational
3002	Tile session %1 is being updated.	Debug
3003	Tile session %1 is updated with error code %3.	Debug
3004	Tile session %1 is being closed.	Operational
3005	Tile session %1 is closed with error code %2.	Operational
3006	Toast session creation is requested for %2 from endpoint %1.	Operational
3007	Toast session creation is finished for %4 from endpoint %1 with result %3, and …	Operational
3008	Toast session %1 is being closed.	Operational
3009	Toast session %1 is closed with error code %2.	Operational
3010	Started tracking Notification Request performance.	Debug
3011	Finished tracking Notification Request performance.	Debug
3012	Toast with notification tracking id %1 is delivered to %2 on session %3.	Debug
3013	%1 with notification tracking id %2 is delivered to %3.	Debug
3014	Tile queue entry is created for %1.	Debug
3015	Tile notification id %2 for %1 is stored at %3 in queue.	Debug
3016	Tile notification id %2 overrided existing notification id %1.	Debug
3017	This is a verbose debug event that dumps Tile Queue information.	Debug
3018	Badge notification id %2 is stored for %1.	Debug
3019	Tile image request %1 has started.	Debug
3020	Tile image request %1 has been canceled due to new request.	Debug
3021	Tile image request for notification %3 in %2 contains %4 URL.	Debug
3022	Image download request is being processed for first time: resource id [.	Debug
3023	Image download is complete for a single URL: notification id [.	Debug
3024	Image download is complete for all URL with notification id [.	Debug
3025	Processing initial batch on Image request for toast: AppUserModelId [.	Debug
3026	Processing Toast Image request URL: Resource Id [.	Debug
3027	Scheduling Image Download Task: [Slot Index] %1, [Notification Id] %2, …	Debug
3028	Completed Image Download Task: [Notification Id] %1, [IsTile] %2, [Path] %3.	Debug
3029	Download image has failed: [Notification Id] %1 [Tile] %2 [ErrorCode] %3 [URL] …	Debug
3030	Image resource is being processed.	Debug
3031	Image resource has been processed.	Debug
3032	Clearing all tile notifiction is being processed.	Debug
3033	Clearing all tile notifiction has been processed.	Debug
3034	Clearing all images is being processed.	Debug
3035	Clearing all images has been processed.	Debug
3036	Image Download Manager policy is changed to %1.	Debug
3037	Detail event for tile session %1 update.	Debug
3038	Detail event at start of Notification Request performance tracking.	Debug
3039	Image Download Manager drop request due to newer request arrival.	Debug
3040	Downloading image has failed because protocol is not supported: URL [.	Debug
3041	Downloading image has failed because downloaded image it too big over maximum …	Debug
3042	Downloading image has failed because downloaded image is empty: URL [.	Debug
3043	The new tile notification was found to be a duplicate of a previous …	Debug
3044	The new badge notification was found to be a duplicate of a previous …	Debug
3045	Started tracking Toast Notification Request performance.	Debug
3046	Finished tracking Toast Notification Request performance.	Debug
3047	The new tile flyout notification was found to be a duplicate of a previous …	Debug
3048	Badge notification id %2 is stored for %1.	Debug
3049	Endpoint %1 is being cleanedup.	Operational
3050	Toast notification id %2 for %1 is stored at %3 in queue.	Debug
3051	Toast notification id %2 overrided existing notification id %1.	Debug
3052	Toast with notification tracking id %1 is being delivered to %2 on session %3.	Operational
3053	%1 with notification tracking id %2 is being delivered to %3.	Operational
3054	Toast with notification tracking id %1 is canceled by %2 - informed session %3.	Operational
3055	Some toast notifications have been cleared - informed session %1.	Operational
3056	%1 are being cleared for %2 - informed session %3.	Operational
3057	Presentation Endpoint received a call to close session %1.	Operational
3058	Presentation Endpoint ended a call to close session %1.	Operational
3100	Started tracking Clear Toast Notification performance.	Debug
3101	Finished tracking Clear Toast Notification performance.	Debug
3102	Started tracking Clear Toast Notifications performance.	Debug
3103	Finished tracking Clear Toast Notifications performance.	Debug
3104	Toast with notification id [.	Debug
3105	Started tracking Remove Toast Notifications performance.	Debug
3106	Finished tracking Remove Toast Notifications performance.	Debug
3107	Processing of push notification has failed: ChannelId [.	Debug
3108	Started tracking Clear Toast Notification Rollover performance.	Debug
3109	Finished tracking Clear Toast Notification Rollover performance.	Debug
3110	Toast Notification Forwarding Global Settings: isFwToCdpEnabled = %1 …	Operational
3111	Start Toast Notification Forwarding activity	Operational
3112	Stop Toast Notification Forwarding activity	Operational
3113	Toast Notification Forwarding Local Settings: isDeveloperAppMirroringEnabled = …	Operational
3114	Start Toast Notification Forwarding Do Forward To AFC	Operational
3115	Stop Toast Notification Forwarding Do Forward To AFC	Operational
3116	Start Toast Notification Forwarding Make Activity from Notification	Operational
3117	Stop Toast Notification Forwarding Make Activity from Notification	Operational
3118	Toast Notification Forwarding Finished Decorating Payload	Operational
3119	Toast Notification Forwarding Finished Loading Payload onto Activity	Operational
3120	Toast Notification Forwarding Finished setting attributes onto activity	Operational
3121	Start Toast Notification Forwarding Asset Resolution	Operational
3122	Toast Notification Forwarding Asset Resolution Successful	Operational
3123	Toast Notification Forwarding Making Activity TrackingId = %1 AppUserModelId = …	Operational
3124	Toast Notification Forwarding Published Activity with Result = %1.	Operational
3125		Operational
3126	Sync Dismiss: Dismiss Activities for App Start	Operational
3127	Sync Dismiss: Dismiss Activities for App Stop	Operational
3128	Sync Dismiss: Dismiss Activities Start	Operational
3129	Sync Dismiss: Dismiss Activities Stop	Operational
3130	Sync Dismiss: Dismiss Activities Start	Operational
3131	Sync Dismiss: Dismiss Activities Stop	Operational
3132	Sync Dismiss: Remove Notification using Activity Start	Operational
3133	Sync Dismiss: Remove Notification using Activity Stop	Operational
3134	Sync Dismiss: Get Activities Start	Operational
3135	Sync Dismiss: Get Activities Stop	Operational
3136	Sync Dismiss: CDPGetPlatformDeviceId Start	Operational
3137	Sync Dismiss: CDPGetPlatformDeviceId Stop	Operational
3138		Operational
3139	Sync Dismiss Removed Activity with Result = %1.	Operational
3140	Sync Dismiss Removed Notification with Result = %1.	Operational
3141	SyncDismissRemoveNotificationUsingActivityParams: MatchOnNotificationId = %1 …	Operational
3142	Sync Dismiss: Matched Activity using Notification!	Operational
3143	Sync Dismiss: Matched Notification using Activity!	Operational
3144	Received WNF_CDP_CDPUSERSVC_READY	Operational
3145	[Sqlite][Informational] Status.	Debug
3146	[Sqlite][Warning] Status.	Operational
3147	[Sqlite][Error] Status.	Operational
3148	[Sqlite][Other] Status.	Debug
3149		Operational
3149	Processing of Push Notification has succeeded: ChannelId [.	Debug
3150		Operational
3150	Processing of Local Notification has failed: NotificationType [.	Operational
3151		Operational
3151	Processing of Local Notification has succeeded: NotificationType [.	Debug
3152		Operational
3152	Processing of Push Notification has failed: ChannelId [.	Operational
3153		Operational
3153	Toast with notification tracking id %1 is delivered to %2 on session %3.	Operational
3154		Operational
3154	Processing and publishing of Resume Notification has succeeded: TrackingId [.	Debug
3155		Operational
3155	Processing and publishing of Resume Notification has failed: TrackingId [.	Operational
3156		Operational
3156	Processing of Resume Response has succeeded: TrackingId [.	Debug
3157		Operational
3157	Processing of Resume Response has failed: TrackingId [.	Operational
10000	DebugTrace.	Debug

Event ID 1 — The Windows Push Notification Platform has encountered an error in File: %1, Function %2, Line %3, Error %4, ErrorMessage %5.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

The Windows Push Notification Platform has encountered an error in File: %1, Function %2, Line %3, Error %4, ErrorMessage %5.

Fields

Name	Description
`FileName`	—
`FunctionName`	—
`LineNumber`	—
`ErrorCode`	—
`ErrorMessage`	—

Event ID 2 — The Windows Push Notification Platform has started loading.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

The Windows Push Notification Platform has started loading.

Event ID 3 — The Windows Push Notification Platform has been unloaded.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

The Windows Push Notification Platform has been unloaded.

Event ID 4 — The Windows Push Notification Platform has been disabled due to Group Policy settings.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

The Windows Push Notification Platform has been disabled due to Group Policy settings.

Event ID 5 — The Windows Push Notification Platform has been loaded.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

The Windows Push Notification Platform has been loaded.

Event ID 6 — The Windows Push Notification Platform has started unloading.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

The Windows Push Notification Platform has started unloading.

Event ID 7 — The Windows Push Notification Platform has launched as %1 with %2 privilege.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

The Windows Push Notification Platform has launched as %1 with %2 privilege.

Fields

Name	Description
`Type`	—
`Privilege`	—

Event ID 8 — The Windows Push Notification Platform is switching into new %1 privilege.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

The Windows Push Notification Platform is switching into new %1 privilege.

Fields

Name	Description
`NewPrivilege`	—

Event ID 9 — The Windows Push Notification Platform has switched with error code %2, and current privilege is %1.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

The Windows Push Notification Platform has switched with error code %2, and current privilege is %1.

Fields

Name	Description
`ResultedPrivilege`	—
`Error`	—

Event ID 10 — The Windows Push Notification Platform has started defragging storage.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

The Windows Push Notification Platform has started defragging storage.

Event ID 11 — The Windows Push Notification Platform has finished defragging storage.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

The Windows Push Notification Platform has finished defragging storage.

Event ID 12 — The Windows Push Notification Platform has determined new maximum number of applications %2 based on count of current applications %1.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

The Windows Push Notification Platform has determined new maximum number of applications %2 based on count of current applications %1. Old maximum number of applications is %3.

Fields

Name	Description
`CountApplication`	—
`MaximumApplication`	—
`OldMaximumApplication`	—

Event ID 13 — The Windows Push Notification Platform has expanded its persistent header storage to accommodate %1 Applications.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

The Windows Push Notification Platform has expanded its persistent header storage to accommodate %1 Applications.

Fields

Name	Description
`NewMaximumApplication`	—

Event ID 14 — The Windows Push Notification Platform has switched to using an expanded persistence buffer.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

The Windows Push Notification Platform has switched to using an expanded persistence buffer.

Event ID 15 — The Windows Push Notification Platform has started loading file data: count applications %1, count allocated entries %2, max count %3.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

The Windows Push Notification Platform has started loading file data: count applications %1, count allocated entries %2, max count %3.

Fields

Name	Description
`CountApplication`	—
`CountAllocated`	—
`MaximumApplication`	—

Event ID 16 — The Windows Push Notification Platform has created a new memory-mapped file.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

The Windows Push Notification Platform has created a new memory-mapped file.

Event ID 17 — The Windows Push Notification Platform has detected that its persistent buffer is out of sync.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

The Windows Push Notification Platform has detected that its persistent buffer is out of sync.

Event ID 18 — The Windows Push Notification Platform has registered inbox applications.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

The Windows Push Notification Platform has registered inbox applications.

Event ID 19 — The Windows Push Notification Platform has encountered an error in File: %1, Function %2, Line %3, Error %4, ErrorMessage %5.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational
Level: 5
Samples: 1

Message

The Windows Push Notification Platform has encountered an error in File: %1, Function %2, Line %3, Error %4, ErrorMessage %5.

Fields

Name	Description
`FileName`	The Windows Push Notification Platform has encountered an error in File.
`FunctionName`	—
`LineNumber`	—
`ErrorCode`	—

Example Event

system:
  provider: Microsoft-Windows-PushNotifications-Platform
  guid: 88CD9180-4491-4640-B571-E3BEE2527943
  event_source_name: ''
  event_id: 19
  version: 0
  level: 5
  task: 0
  opcode: 0
  keywords: 9223372036854784000
  time_created: '2022-04-07T16:48:25.193524+00:00'
  event_record_id: 1
  correlation: {}
  execution:
    process_id: 1640
    thread_id: 764
  channel: Microsoft-Windows-PushNotification-Platform/Operational
  computer: WIN-FPV0DSIC9O6
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data:
  FileName: onecoreuap\base\diagnosis\platform\notifications\platform\endpoint\backgroundapplicationpolicymanager.cpp
  FunctionName: BackgroundApplicationPolicyManager::InitializeWnfCallbacks
  LineNumber: 162
  ErrorCode: 2147943568
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 20 — The Windows Push Notification Platform has encountered error %2 opening file %1.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

The Windows Push Notification Platform has encountered error %2 opening file %1.

Fields

Name	Description
`FilePath`	—
`ErrorCode`	—

Event ID 21 — The Windows Push Notification Platform has started processing tile update settings for %1 inbox and %2 preinstall apps.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

The Windows Push Notification Platform has started processing tile update settings for %1 inbox and %2 preinstall apps.

Fields

Name	Description
`CountInboxApps`	—
`CountPreinstallApps`	—

Event ID 22 — The Windows Push Notification Platform has stopped processing tile update settings.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

The Windows Push Notification Platform has stopped processing tile update settings.

Event ID 23 — The Windows Push Notification Platform is setting URI %2 with recurrence %3 for AppUserModelId %1.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

The Windows Push Notification Platform is setting URI %2 with recurrence %3 for AppUserModelId %1.

Fields

Name	Description
`AppUserModelId`	—
`Uri`	—
`WpnRecurrence`	—

Event ID 24 — The Windows Push Notification Platform has initiated a WNS connection.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

The Windows Push Notification Platform has initiated a WNS connection.

Event ID 25 — The Windows Push Notification Platform is disconnecting from WNS.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

The Windows Push Notification Platform is disconnecting from WNS.

Event ID 26 — ThreadPool: [.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

ThreadPool: [%1] (%2) has been scheduled.

Fields

Name	Description
`Name`	—
`InstanceId`	—

Event ID 27 — ThreadPool: [.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

ThreadPool: [%1] (%2) finished with error code [%3]

Fields

Name	Description
`Name`	—
`InstanceId`	—
`ErrorCode`	—

Event ID 28 — ResourceManager has recevied a message: code [.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

ResourceManager has recevied a message: code [%1]

Fields

Name	Description
`MessageCode`	—

Event ID 29 — The Windows Push Notification Platform has started scavenging the image cache.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

The Windows Push Notification Platform has started scavenging the image cache.

Event ID 30 — The Windows Push Notification Platform has finished scavenging the image cache.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

The Windows Push Notification Platform has finished scavenging the image cache.

Event ID 31 — The Windows Push Notification Platform has %1 entries in the image cache.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

The Windows Push Notification Platform has %1 entries in the image cache.

Fields

Name	Description
`TotalSize`	—

Event ID 32 — The Device has entered battery saver state: BATTERY_SAVINGS_ON

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

The Device has entered battery saver state: BATTERY_SAVINGS_ON

Event ID 33 — The Device has exited battery saver state: BATTERY_SAVINGS_OFF

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

The Device has exited battery saver state: BATTERY_SAVINGS_OFF

Event ID 34 — The DcpProvider has been loaded successfully.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

The DcpProvider has been loaded successfully.

Event ID 35 — WNS Platform finished TraceLogging registration with code %1.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

WNS Platform finished TraceLogging registration with code %1.

Fields

Name	Description
`ErrorCode`	—

Event ID 36 — WNS Connection Provider finished TraceLogging registration with code %1.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

WNS Connection Provider finished TraceLogging registration with code %1.

Fields

Name	Description
`ErrorCode`	—

Event ID 37 — The Windows Push Notification Platform is required to connect on startup, ValidChannelsExist.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational
Level: 4
Samples: 1

Message

The Windows Push Notification Platform is required to connect on startup, ValidChannelsExist : %1.

Fields

Name	Description
`ChannelsExist`	The Windows Push Notification Platform is required to connect on startup, ValidChannelsExist.

Example Event

system:
  provider: Microsoft-Windows-PushNotifications-Platform
  guid: 88CD9180-4491-4640-B571-E3BEE2527943
  event_source_name: ''
  event_id: 37
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 9223372036896722944
  time_created: '2023-11-05T22:41:17.162599+00:00'
  event_record_id: 2587
  correlation: {}
  execution:
    process_id: 3380
    thread_id: 5040
  channel: Microsoft-Windows-PushNotification-Platform/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-18
event_data:
  ChannelsExist: true
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 38 — PDC intialization finished with ErrorCode.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

PDC intialization finished with ErrorCode: %1.

Fields

Name	Description
`ErrorCode`	—

Event ID 39 — PDC unintialization finished with ErrorCode.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

PDC unintialization finished with ErrorCode: %1.

Fields

Name	Description
`ErrorCode`	—

Event ID 40 — PDC activation finished with ErrorCode: %1, PdcType: %2, PdcScenario: %3, ScenarioData: [%4].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

PDC activation finished with ErrorCode: %1, PdcType: %2, PdcScenario: %3, ScenarioData: [%4].

Fields

Name	Description
`ErrorCode`	—
`PdcType`	—
`PdcScenario`	—
`ScenarioData`	—

Event ID 41 — PDC deactivation finished with ErrorCode: %1, PdcType: %2, PdcNetRef: %3, PdcPlatRef: %4.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

PDC deactivation finished with ErrorCode: %1, PdcType: %2, PdcNetRef: %3, PdcPlatRef: %4.

Fields

Name	Description
`ErrorCode`	—
`PdcType`	—
`PdcNetRefCount`	—
`PdcPlatRefCount`	—

Event ID 42 — Cloud Notifications must be enabled in GP and MDM to receive push notifications.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational
Level: 4
Samples: 1

Message

Cloud Notifications must be enabled in GP and MDM to receive push notifications. GroupPolicyValue: %1, MDMPolicyValue: %2.

Fields

Name	Description
`GroupPolicyValue`	Cloud Notifications must be enabled in GP and MDM to receive push notifications. GroupPolicyValue.
`MDMPolicyValue`	—

Example Event

system:
  provider: Microsoft-Windows-PushNotifications-Platform
  guid: 88CD9180-4491-4640-B571-E3BEE2527943
  event_source_name: ''
  event_id: 42
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 9223372036896722944
  time_created: '2023-11-05T22:41:17.226539+00:00'
  event_record_id: 2600
  correlation: {}
  execution:
    process_id: 3380
    thread_id: 5364
  channel: Microsoft-Windows-PushNotification-Platform/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-18
event_data:
  GroupPolicyValue: true
  MDMPolicyValue: true
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 1000 — A Connection Provider is registered with Windows Push Notification Platform using the following parameters: %1 [CLSID] %2 [Enabled] %3 [CLSCTX Flags].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A Connection Provider is registered with Windows Push Notification Platform using the following parameters: %1 [CLSID] %2 [Enabled] %3 [CLSCTX Flags].

Fields

Name	Description
`CLSID`	—
`Enabled`	—
`Flags`	—

Event ID 1001 — The following Connection Provider is enabled with the parameters: %1 [CLSID] %2 [CLSCTX Flags].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

The following Connection Provider is enabled with the parameters: %1 [CLSID] %2 [CLSCTX Flags].

Fields

Name	Description
`CLSID`	—
`Flags`	—
`ErrorCode`	—

Event ID 1002 — The Connection Provider with CLSID %1 was instantiated with the following flags %2 and finished with ErrorCode %3.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

The Connection Provider with CLSID %1 was instantiated with the following flags %2 and finished with ErrorCode %3.

Fields

Name	Description
`CLSID`	—
`Flags`	—
`ErrorCode`	—

Event ID 1003 — Connect request sent to the Connection Provider.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

Connect request sent to the Connection Provider.

Event ID 1004 — Disconnect request sent the Connection Provider.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

Disconnect request sent the Connection Provider.

Event ID 1005 — The Connection Provider status changed to %1.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational
Level: 4
Samples: 1

Message

The Connection Provider status changed to %1.

Fields

Name	Description
`Status`	—

Example Event

system:
  provider: Microsoft-Windows-PushNotifications-Platform
  guid: 88CD9180-4491-4640-B571-E3BEE2527943
  event_source_name: ''
  event_id: 1005
  version: 0
  level: 4
  task: 9
  opcode: 0
  keywords: 9223372036963926272
  time_created: '2023-11-05T22:41:17.244262+00:00'
  event_record_id: 2601
  correlation: {}
  execution:
    process_id: 3380
    thread_id: 8072
  channel: Microsoft-Windows-PushNotification-Platform/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-18
event_data:
  Status: 4
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 1006 — Sending a channel request to the Connection Provider with parameters: %1 [PackageFullName] %2 [Properties] %3 [Cookie] %4 [TransactionId].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

Sending a channel request to the Connection Provider with parameters: %1 [PackageFullName] %2 [Properties] %3 [Cookie] %4 [TransactionId].

Fields

Name	Description
`PackageFullName`	—
`Properties`	—
`Cookie`	—
`TransactionId`	—

Event ID 1007 — The Connection Provider completed the channel request for transaction id %1.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

The Connection Provider completed the channel request for transaction id %1. %2 [ChannelId] %3 [ChannelUri] %4 [Expiry].

Fields

Name	Description
`TransactionId`	—
`ChannelId`	—
`ChannelUri`	—
`Expiry`	—

Event ID 1008 — Sending a channel revoke request to the Connection Provider for channel id %1.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

Sending a channel revoke request to the Connection Provider for channel id %1.

Fields

Name	Description
`ChannelId`	—

Event ID 1010 — %1 received for ChannelId %2 and AppUserModelId %3 with TrackingId %4, X-WNS-MSG-ID %5, timestamp %6 and expiration %7 tag: %8, group: %9, action: ...

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

%1 received for ChannelId %2 and AppUserModelId %3 with TrackingId %4, X-WNS-MSG-ID %5, timestamp %6 and expiration %7 tag: %8, group: %9, action: %10, bundle: count=%11;missed=%12;Id=%13.

Fields

Name	Description
`group`	—
`action`	—
`NotificationType`	—
`ChannelId`	—
`AppUserModelId`	—
`TrackingId`	—
`MessageId`	—
`Timestamp`	—
`Expiry`	—
`Tag`	—
`Group`	—
`Action`	—
`OfflineCacheCount`	—
`CacheRollover`	—
`OfflineBundleId`	—
`Priority`	—
`Cached`	—

Event ID 1011 — Sending a request to the Connection Provider to renew a channel with parameters: %1 [ChannelId] %2 [PackageFullName] %3 [Properties] %4 [Cookie] %5...

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

Sending a request to the Connection Provider to renew a channel with parameters: %1 [ChannelId] %2 [PackageFullName] %3 [Properties] %4 [Cookie] %5 [TransactionId].

Fields

Name	Description
`ChannelId`	—
`PackageFullName`	—
`Properties`	—
`Cookie`	—
`TransactionId`	—

Event ID 1012 — Setting batching configuration to the following state.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Setting batching configuration to the following state: %1.

Fields

Name	Description
`BatchingState`	—

Event ID 1013 — Configuring notification delivery for AppUserModelId %4 with channel id %1.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

Configuring notification delivery for AppUserModelId %4 with channel id %1.  %2 [NotificationType] %3 [Enabled].

Fields

Name	Description
`ChannelId`	—
`NotificationType`	—
`Enabled`	—
`AppUserModelId`	—

Event ID 1014 — The Resource Manager was notified that display state changed to %1.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

The Resource Manager was notified that display state changed to %1.

Fields

Name	Description
`DisplayStatus`	—

Event ID 1015 — Configuring notification policy for %1 [NotificationType] %2 [Enabled].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

Configuring notification policy for %1 [NotificationType] %2 [Enabled].

Fields

Name	Description
`NotificationType`	—
`Enabled`	—

Event ID 1016 — The Resource Manager was notified of an update to the network cost.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

The Resource Manager was notified of an update to the network cost. %1 [Cost] %2 [Costly].

Fields

Name	Description
`NetworkCost`	—
`Costly`	—

Event ID 1017 — The Resource Manager was notified of an update to the data plan.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

The Resource Manager was notified of an update to the data plan. %1 [Source] %2 [BillingCycle].

Fields

Name	Description
`DateSource`	—
`BillingCycle`	—

Event ID 1018 — The Resource Manager reset the Mobile Broadband Usage statistics.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

The Resource Manager reset the Mobile Broadband Usage statistics.

Event ID 1019 — The Resource Manager was notified that user session state changed to %1.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

The Resource Manager was notified that user session state changed to %1.

Fields

Name	Description
`Status`	—

Event ID 1020 — The Connection Provider status changed to a failure state: {Status}.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

The Connection Provider status changed to a failure state: {Status}.

Fields

Name	Description
`Status`	—

Event ID 1021 — The Connection Manager has failed to connect.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

The Connection Manager has failed to connect: %1.

Fields

Name	Description
`ErrorCode`	—

Event ID 1022 — ConnectWork is requesting ConnectionManager to connect.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational
Level: 4
Samples: 1

Message

ConnectWork is requesting ConnectionManager to connect.

Example Event

system:
  provider: Microsoft-Windows-PushNotifications-Platform
  guid: 88CD9180-4491-4640-B571-E3BEE2527943
  event_source_name: ''
  event_id: 1022
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 9223372036963827968
  time_created: '2023-11-05T22:41:17.175463+00:00'
  event_record_id: 2592
  correlation: {}
  execution:
    process_id: 3380
    thread_id: 5364
  channel: Microsoft-Windows-PushNotification-Platform/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-18
event_data: {}
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 1023 — No internet connection available, %1 is queued for next network status change.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

No internet connection available, %1 is queued for next network status change.

Fields

Name	Description
`WorkItemName`	—

Event ID 1024 — Internet connection status changed to %1, submitting pending workitems: count = %2.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

Internet connection status changed to %1, submitting pending workitems: count = %2.

Fields

Name	Description
`IsConnected`	—
`PendingCount`	—

Event ID 1025 — A Power event was fired: %1 [PowerEventType] %2 [Enabled].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational
Level: 4
Samples: 1

Message

A Power event was fired: %1 [PowerEventType] %2 [Enabled].

Fields

Name	Description
`PowerEventType`	A Power event was fired.
`IsEnabled`	—

Example Event

system:
  provider: Microsoft-Windows-PushNotifications-Platform
  guid: 88CD9180-4491-4640-B571-E3BEE2527943
  event_source_name: ''
  event_id: 1025
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 9223407221226864896
  time_created: '2023-11-06T01:08:05.390569+00:00'
  event_record_id: 2761
  correlation: {}
  execution:
    process_id: 4304
    thread_id: 5432
  channel: Microsoft-Windows-PushNotification-Platform/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-21-1992711665-1655669231-58201500-1000
event_data:
  PowerEventType: MonitorSettingChange
  IsEnabled: true
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 1100 — Connecting to the Windows Push Notification Service.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Connecting to the Windows Push Notification Service. %1 [UserId] %2 [UserType] %3 [FeatureSet] %4 [AuthType] %6 [AuthPayload] %8 [BindPayload].

Fields

Name	Description
`UserId`	—
`UserType`	—
`FeatureSet`	—
`AuthType`	—
`AuthPayloadSize`	—
`AuthPayload`	—
`BindPayloadSize`	—
`BindPayload`	—

Event ID 1101 — Windows Push Notification Service connection result.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Windows Push Notification Service connection result: %1.

Fields

Name	Description
`Error`	—

Event ID 1102 — Sending Channel WNP Protocol command: %1 [TransactionId] %2 [ChannelId] %3 [PackageFullName] %4 [Properties] %6 [Command] %7 [Namespace] %8 [Contex...

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Sending Channel WNP Protocol command: %1 [TransactionId] %2 [ChannelId] %3 [PackageFullName] %4 [Properties] %6 [Command] %7 [Namespace] %8 [ContextId] %10 [Payload] %11 [UserId].

Fields

Name	Description
`Sending_Channel_WNP_Protocol_command`	—
`TransactionId`	—
`ChannelId`	—
`PackageFullName`	—
`Properties`	—
`CommandSize`	—
`Command`	—
`Namespace`	—
`ContextId`	—
`PayloadSize`	—
`Payload`	—
`UserId`	—

Event ID 1103 — Channel WNP Protocol command tracking information: %1 [TransactionId] %2 [TrID].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Channel WNP Protocol command tracking information: %1 [TransactionId] %2 [TrID].

Fields

Name	Description
`TransactionId`	—
`TrID`	—

Event ID 1104 — Sending Revoke WNP Protocol command: %1 [ChannelId] %3 [Command] %4 [Namespace] %5 [ContextId] %7 [Payload] %8 [UserId].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Sending Revoke WNP Protocol command: %1 [ChannelId] %3 [Command] %4 [Namespace] %5 [ContextId] %7 [Payload] %8 [UserId].

Fields

Name	Description
`Sending_Revoke_WNP_Protocol_command`	—
`ChannelId`	—
`CommandSize`	—
`Command`	—
`Namespace`	—
`ContextId`	—
`PayloadSize`	—
`Payload`	—
`UserId`	—

Event ID 1105 — Sending Block/Unblock WNP Protocol command: %1 [ChannelId] %2 [NotificationType] %3 [Enabled] %5 [Command] %6 [Namespace] %7 [ContextId] %9 [Payloa...

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Sending Block/Unblock WNP Protocol command: %1 [ChannelId] %2 [NotificationType] %3 [Enabled] %5 [Command] %6 [Namespace] %7 [ContextId] %9 [Payload] %10 [UserId].

Fields

Name	Description
`ChannelId`	—
`NotificationType`	—
`Enabled`	—
`CommandSize`	—
`Command`	—
`Namespace`	—
`ContextId`	—
`PayloadSize`	—
`Payload`	—
`UserId`	—

Event ID 1106 — Sending Options WNP Protocol command: %1 [State] %3 [Command] %4 [Namespace] %5 [ContextId] %7 [Payload].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Sending Options WNP Protocol command: %1 [State] %3 [Command] %4 [Namespace] %5 [ContextId] %7 [Payload].

Fields

Name	Description
`Sending_Options_WNP_Protocol_command`	—
`BatchingState`	—
`CommandSize`	—
`Command`	—
`Namespace`	—
`ContextId`	—
`PayloadSize`	—
`Payload`	—

Event ID 1107 — WNP Protocol command response: %1 [TrID] %2 [Error] %3 [ContextId] %4 [UserId].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

WNP Protocol command response: %1 [TrID] %2 [Error] %3 [ContextId] %4 [UserId].

Fields

Name	Description
`WNP_Protocol_command_response`	—
`TrID`	—
`Error`	—
`ContextId`	—
`UserId`	—

Event ID 1108 — WNP Protocol delivered notification: %1 [Namespace] %2 [UserId] %3 [PayloadSize] %4 [MsgId] %5 [Ack].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

WNP Protocol delivered notification: %1 [Namespace] %2 [UserId] %3 [PayloadSize] %4 [MsgId] %5 [Ack].

Fields

Name	Description
`WNP_Protocol_delivered_notification`	—
`Namespace`	—
`UserId`	—
`PayloadSize`	—
`MsgId`	—
`Ack`	—

Event ID 1109 — Disconnecting from the Windows Push Notification Service.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Disconnecting from the Windows Push Notification Service.

Event ID 1110 — Windows Push Notification Service disconnection result.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Windows Push Notification Service disconnection result: %1.

Fields

Name	Description
`Error`	—

Event ID 1112 — Requesting Device Compact Ticket for the %1.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Requesting Device Compact Ticket for the %1.

Fields

Name	Description
`ConnectionType`	—

Event ID 1113 — Device Compact Ticket request completed with Device Id %1 for the %2.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational
Level: 4
Samples: 1

Message

Device Compact Ticket request completed with Device Id %1 for the %2.

Fields

Name	Description
`DeviceId`	—
`ConnectionType`	—

Example Event

system:
  provider: Microsoft-Windows-PushNotifications-Platform
  guid: 88CD9180-4491-4640-B571-E3BEE2527943
  event_source_name: ''
  event_id: 1113
  version: 0
  level: 4
  task: 9
  opcode: 2
  keywords: 9223372036854890496
  time_created: '2023-11-05T22:36:06.776267+00:00'
  event_record_id: 2554
  correlation: {}
  execution:
    process_id: 3380
    thread_id: 4140
  channel: Microsoft-Windows-PushNotification-Platform/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-18
event_data:
  DeviceId: 0018800CFC3A4A31
  ConnectionType: 1
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 1114 — Sending Filter/Unfilter WNP Protocol command: %1 [NotificationType] %2 [Enabled] %4 [Command] %5 [Namespace] %6 [ContextId] %8 [Payload] %9 [UserId].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Sending Filter/Unfilter WNP Protocol command: %1 [NotificationType] %2 [Enabled] %4 [Command] %5 [Namespace] %6 [ContextId] %8 [Payload] %9 [UserId].

Fields

Name	Description
`NotificationType`	—
`Enabled`	—
`CommandSize`	—
`Command`	—
`Namespace`	—
`ContextId`	—
`PayloadSize`	—
`Payload`	—
`UserId`	—

Event ID 1115 — Sending Ack WNP Protocol command: %1 [MsgId] %3 [Command] %4 [Namespace] %6 [Payload].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Sending Ack WNP Protocol command: %1 [MsgId] %3 [Command] %4 [Namespace] %6 [Payload].

Fields

Name	Description
`Sending_Ack_WNP_Protocol_command`	—
`MsgId`	—
`CommandSize`	—
`Command`	—
`Namespace`	—
`PayloadSize`	—
`Payload`	—

Event ID 1116 — Device Compact Ticket request failed with error %1 for the %2.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

Device Compact Ticket request failed with error %1 for the %2.

Fields

Name	Description
`Error`	—
`ConnectionType`	—

Event ID 1117 — Windows Push Notification Service was disconnected due to error: %1 and will now enter reconnect mode.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational
Level: 4
Samples: 1

Message

Windows Push Notification Service was disconnected due to error: %1 and will now enter reconnect mode.

Fields

Name	Description
`Error`	Windows Push Notification Service was disconnected due to error.

Example Event

system:
  provider: Microsoft-Windows-PushNotifications-Platform
  guid: 88CD9180-4491-4640-B571-E3BEE2527943
  event_source_name: ''
  event_id: 1117
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 9223372037022564352
  time_created: '2023-11-05T22:36:04.732833+00:00'
  event_record_id: 2541
  correlation: {}
  execution:
    process_id: 3380
    thread_id: 4140
  channel: Microsoft-Windows-PushNotification-Platform/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-18
event_data:
  Error: 2147952453
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 1118 — Sending Challenge Response WNP Protocol command: %1 [Nonce] %2 [Response] %4 [Command] %5 [Namespace] %6 [ContextId] %8 [Payload].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Sending Challenge Response WNP Protocol command: %1 [Nonce] %2 [Response] %4 [Command] %5 [Namespace] %6 [ContextId] %8 [Payload].

Fields

Name	Description
`Nonce`	—
`Response`	—
`CommandSize`	—
`Command`	—
`Namespace`	—
`ContextId`	—
`PayloadSize`	—
`Payload`	—

Event ID 1201 — WNP Transport Layer Connect call initiated for the %1.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

WNP Transport Layer Connect call initiated for the %1.

Fields

Name	Description
`ConnectionType`	—

Event ID 1202 — WNP Transport Layer Connect call completed for the %1.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

WNP Transport Layer Connect call completed for the %1.

Fields

Name	Description
`ConnectionType`	—

Event ID 1203 — WNP Transport Layer SendCommand call initiated for TrID %1 on the %2.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

WNP Transport Layer SendCommand call initiated for TrID %1 on the %2.

Fields

Name	Description
`CommandTrid`	—
`ConnectionType`	—

Event ID 1204 — WNP Transport Layer SendCommand call completed for TrID %1 on the %2.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

WNP Transport Layer SendCommand call completed for TrID %1 on the %2.

Fields

Name	Description
`CommandTrid`	—
`ConnectionType`	—
`Error`	—

Event ID 1205 — WNP Transport Layer Disconnect call initiated for the %1.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational
Level: 4
Samples: 1

Message

WNP Transport Layer Disconnect call initiated for the %1.

Fields

Name	Description
`ConnectionType`	—

Example Event

system:
  provider: Microsoft-Windows-PushNotifications-Platform
  guid: 88CD9180-4491-4640-B571-E3BEE2527943
  event_source_name: ''
  event_id: 1205
  version: 0
  level: 4
  task: 8
  opcode: 1
  keywords: 9223372036861067264
  time_created: '2023-11-06T00:20:42.969404+00:00'
  event_record_id: 2746
  correlation:
    ActivityID: E4DB489E-1037-0003-9850-DBE43710DA01
  execution:
    process_id: 3380
    thread_id: 5052
  channel: Microsoft-Windows-PushNotification-Platform/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-18
event_data:
  ConnectionType: 0
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 1206 — WNP Transport Layer Disconnect call completed for the %1.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational
Level: 4
Samples: 1

Message

WNP Transport Layer Disconnect call completed for the %1.

Fields

Name	Description
`ConnectionType`	—

Example Event

system:
  provider: Microsoft-Windows-PushNotifications-Platform
  guid: 88CD9180-4491-4640-B571-E3BEE2527943
  event_source_name: ''
  event_id: 1206
  version: 0
  level: 4
  task: 8
  opcode: 2
  keywords: 9223372036861067264
  time_created: '2023-11-06T00:20:43.006766+00:00'
  event_record_id: 2749
  correlation:
    ActivityID: E4DB489E-1037-0003-9850-DBE43710DA01
  execution:
    process_id: 3380
    thread_id: 5052
  channel: Microsoft-Windows-PushNotification-Platform/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-18
event_data:
  ConnectionType: 0
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 1207 — WNP Transport Layer resolving DNS initiated for host %2 for the %1.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational
Level: 4
Samples: 1

Message

WNP Transport Layer resolving DNS initiated for host %2 for the %1.

Fields

Name	Description
`ConnectionType`	—
`HostName`	—

Example Event

system:
  provider: Microsoft-Windows-PushNotifications-Platform
  guid: 88CD9180-4491-4640-B571-E3BEE2527943
  event_source_name: ''
  event_id: 1207
  version: 0
  level: 4
  task: 9
  opcode: 1
  keywords: 9223372036859068416
  time_created: '2023-11-05T22:36:06.645586+00:00'
  event_record_id: 2542
  correlation: {}
  execution:
    process_id: 3380
    thread_id: 4140
  channel: Microsoft-Windows-PushNotification-Platform/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-18
event_data:
  ConnectionType: 1
  HostName: client.wns.windows.com
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 1208 — WNP Transport Layer resolving DNS completed for the %1 with code %2.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational
Level: 4
Samples: 1

Message

WNP Transport Layer resolving DNS completed for the %1 with code %2.

Fields

Name	Description
`ConnectionType`	—
`ErrorCode`	—

Example Event

system:
  provider: Microsoft-Windows-PushNotifications-Platform
  guid: 88CD9180-4491-4640-B571-E3BEE2527943
  event_source_name: ''
  event_id: 1208
  version: 0
  level: 4
  task: 9
  opcode: 2
  keywords: 9223372036859068416
  time_created: '2023-11-05T22:36:06.671837+00:00'
  event_record_id: 2543
  correlation: {}
  execution:
    process_id: 3380
    thread_id: 4140
  channel: Microsoft-Windows-PushNotification-Platform/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-18
event_data:
  ConnectionType: 1
  ErrorCode: 0
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 1209 — WNP Transport Layer retrieving proxy information initiated for the {ConnectionType}.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

WNP Transport Layer retrieving proxy information initiated for the {ConnectionType}.

Fields

Name	Description
`ConnectionType`	—

Event ID 1210 — WNP Transport Layer retrieving proxy information completed for the {ConnectionType}.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

WNP Transport Layer retrieving proxy information completed for the {ConnectionType}.

Fields

Name	Description
`ConnectionType`	—

Event ID 1211 — WNP Transport Layer initial server connection initiated to server %2 on port %3 for the %1.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational
Level: 4
Samples: 1

Message

WNP Transport Layer initial server connection initiated to server %2 on port %3 for the %1.

Fields

Name	Description
`ConnectionType`	—
`HostName`	—
`Port`	—

Example Event

system:
  provider: Microsoft-Windows-PushNotifications-Platform
  guid: 88CD9180-4491-4640-B571-E3BEE2527943
  event_source_name: ''
  event_id: 1211
  version: 0
  level: 4
  task: 9
  opcode: 1
  keywords: 9223372036859068416
  time_created: '2023-11-05T22:36:06.672509+00:00'
  event_record_id: 2544
  correlation: {}
  execution:
    process_id: 3380
    thread_id: 4140
  channel: Microsoft-Windows-PushNotification-Platform/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-18
event_data:
  ConnectionType: 1
  HostName: client.wns.windows.com
  Port: 443
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 1212 — WNP Transport Layer initial server connection completed to server %2 on port %3 for the %1.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational
Level: 4
Samples: 1

Message

WNP Transport Layer initial server connection completed to server %2 on port %3 for the %1.

Fields

Name	Description
`ConnectionType`	—
`HostName`	—
`Port`	—

Example Event

system:
  provider: Microsoft-Windows-PushNotifications-Platform
  guid: 88CD9180-4491-4640-B571-E3BEE2527943
  event_source_name: ''
  event_id: 1212
  version: 0
  level: 4
  task: 9
  opcode: 2
  keywords: 9223372036859068416
  time_created: '2023-11-05T22:36:06.697481+00:00'
  event_record_id: 2545
  correlation: {}
  execution:
    process_id: 3380
    thread_id: 4140
  channel: Microsoft-Windows-PushNotification-Platform/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-18
event_data:
  ConnectionType: 1
  HostName: client.wns.windows.com
  Port: 443
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 1213 — WNP Transport Layer proxy connection initiated for the %1.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

WNP Transport Layer proxy connection initiated for the %1.

Fields

Name	Description
`ConnectionType`	—

Event ID 1214 — WNP Transport Layer proxy connection completed to server %2 for the %1.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

WNP Transport Layer proxy connection completed to server %2 for the %1.

Fields

Name	Description
`ConnectionType`	—
`HostName`	—

Event ID 1215 — WNP Transport Layer proxy negotiation initiated for the %1.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

WNP Transport Layer proxy negotiation initiated for the %1.

Fields

Name	Description
`ConnectionType`	—

Event ID 1216 — WNP Transport Layer proxy negotiation completed for the %1.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

WNP Transport Layer proxy negotiation completed for the %1.

Fields

Name	Description
`ConnectionType`	—

Event ID 1217 — WNP Transport Layer TLS negotiation initiated for the %1.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational
Level: 4
Samples: 1

Message

WNP Transport Layer TLS negotiation initiated for the %1.

Fields

Name	Description
`ConnectionType`	—

Example Event

system:
  provider: Microsoft-Windows-PushNotifications-Platform
  guid: 88CD9180-4491-4640-B571-E3BEE2527943
  event_source_name: ''
  event_id: 1217
  version: 0
  level: 4
  task: 9
  opcode: 1
  keywords: 9223372036859068416
  time_created: '2023-11-05T22:36:06.697498+00:00'
  event_record_id: 2546
  correlation: {}
  execution:
    process_id: 3380
    thread_id: 4140
  channel: Microsoft-Windows-PushNotification-Platform/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-18
event_data:
  ConnectionType: 1
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 1218 — WNP Transport Layer TLS negotiation completed for the %1 with code %2.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational
Level: 4
Samples: 1

Message

WNP Transport Layer TLS negotiation completed for the %1 with code %2.

Fields

Name	Description
`ConnectionType`	—
`ErrorCode`	—

Example Event

system:
  provider: Microsoft-Windows-PushNotifications-Platform
  guid: 88CD9180-4491-4640-B571-E3BEE2527943
  event_source_name: ''
  event_id: 1218
  version: 0
  level: 4
  task: 9
  opcode: 2
  keywords: 9223372036859068416
  time_created: '2023-11-05T22:36:06.766754+00:00'
  event_record_id: 2553
  correlation: {}
  execution:
    process_id: 3380
    thread_id: 4140
  channel: Microsoft-Windows-PushNotification-Platform/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-18
event_data:
  ConnectionType: 1
  ErrorCode: 0
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 1219 — WNP Transport Layer sent %1 bytes on the %2.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

WNP Transport Layer sent %1 bytes on the %2.

Fields

Name	Description
`Bytes`	—
`ConnectionType`	—

Event ID 1220 — WNP Transport Layer received %1 bytes on the %2.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

WNP Transport Layer received %1 bytes on the %2.

Fields

Name	Description
`Bytes`	—
`ConnectionType`	—

Event ID 1223 — WNP Transport Layer sent command: %1, Trid: %2, Namespace: %3, CV: %4 containing %5 bytes of payload: %6.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational
Level: 5
Samples: 1

Message

WNP Transport Layer sent command: %1, Trid: %2, Namespace: %3, CV: %4 containing %5 bytes of payload: %6. IsLongRunning: %7.

Fields

Name	Description
`Verb`	WNP Transport Layer sent command.
`TrID`	—
`Namespace`	—
`CorrelationVector`	—
`Bytes`	—
`Payload`	5 bytes of payload.
`ConnectionType`	—

Example Event

system:
  provider: Microsoft-Windows-PushNotifications-Platform
  guid: 88CD9180-4491-4640-B571-E3BEE2527943
  event_source_name: ''
  event_id: 1223
  version: 0
  level: 5
  task: 0
  opcode: 0
  keywords: 9223372036959633408
  time_created: '2023-11-06T01:49:11.345596+00:00'
  event_record_id: 2773
  correlation: {}
  execution:
    process_id: 3380
    thread_id: 4140
  channel: Microsoft-Windows-PushNotification-Platform/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-18
event_data:
  Verb: PNG
  TrID: 19
  Namespace: CON
  CorrelationVector: vfP4YmNyxkSgHVIt.19
  Bytes: 29
  Payload: 436F6E746578743A20336635303563336636353833666465640D0A0D0A
  ConnectionType: 1
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 1224 — WNP Transport Layer received %1 bytes of payload: %2.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

WNP Transport Layer received %1 bytes of payload: %2.

Fields

Name	Description
`Bytes`	—
`Payload`	—
`ConnectionType`	—

Event ID 1225 — WNP Transport Layer received command: %1, Trid: %2, Namespace: %3, CV: %4 containing %5 bytes of payload: %6.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational
Level: 5
Samples: 1

Message

WNP Transport Layer received command: %1, Trid: %2, Namespace: %3, CV: %4 containing %5 bytes of payload: %6. IsLongRunning: %7.

Fields

Name	Description
`Verb`	WNP Transport Layer received command.
`TrID`	—
`Namespace`	—
`CorrelationVector`	—
`Bytes`	—
`Payload`	5 bytes of payload.
`ConnectionType`	—

Example Event

system:
  provider: Microsoft-Windows-PushNotifications-Platform
  guid: 88CD9180-4491-4640-B571-E3BEE2527943
  event_source_name: ''
  event_id: 1225
  version: 0
  level: 5
  task: 0
  opcode: 0
  keywords: 9223372036959633408
  time_created: '2023-11-06T01:49:11.384647+00:00'
  event_record_id: 2775
  correlation: {}
  execution:
    process_id: 3380
    thread_id: 4140
  channel: Microsoft-Windows-PushNotification-Platform/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-18
event_data:
  Verb: PNG
  TrID: 19
  Namespace: CON
  CorrelationVector: vfP4YmNyxkSgHVIt.19.0
  Bytes: 126
  Payload: 4D532D43563A2076665034596D4E79786B5367485649742E31392E300D0A0D0A3C70696E672D726573706F6E73653E3C776169743E34333C2F776169743E3C636F6E6E656374696F6E2D7374617475733E436F6E6E65637465643C2F636F6E6E656374696F6E2D7374617475733E3C2F70696E672D726573706F6E73653E
  ConnectionType: 1
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 1226 — WNP Transport Layer received proxy server response for the %3 of %1 bytes with payload: %2.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

WNP Transport Layer received proxy server response for the %3 of %1 bytes with payload: %2.

Fields

Name	Description
`Bytes`	—
`Payload`	—
`ConnectionType`	—

Event ID 1227 — WNP Transport Layer received command when disconnected with Verb: %1, Trid: %2, Namespace: %3, CV: %4 containing %5 bytes of payload: %6.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

WNP Transport Layer received command when disconnected with Verb: %1, Trid: %2, Namespace: %3, CV: %4 containing %5 bytes of payload: %6. IsLongRunning: %7.

Fields

Name	Description
`Verb`	—
`TrID`	—
`Namespace`	—
`CorrelationVector`	—
`Bytes`	—
`Payload`	—
`ConnectionType`	—

Event ID 1228 — WNP Keep Alive Detector received OnConnected event from the test connection with Error.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

WNP Keep Alive Detector received OnConnected event from the test connection with Error: %1

Fields

Name	Description
`ErrorCode`	—

Event ID 1229 — WNP Keep Alive Detector received OnReconnecting event from the test connection with Error.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

WNP Keep Alive Detector received OnReconnecting event from the test connection with Error: %1

Fields

Name	Description
`ErrorCode`	—

Event ID 1230 — WNP Keep Alive Detector received OnDisconnected event from the test connection with Error.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

WNP Keep Alive Detector received OnDisconnected event from the test connection with Error: %1

Fields

Name	Description
`ErrorCode`	—

Event ID 1231 — WNP Keep Alive Detector received KA hint from server: %1 seconds.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

WNP Keep Alive Detector received KA hint from server: %1 seconds

Fields

Name	Description
`ServerKaHint`	—

Event ID 1232 — WNP Keep Alive Detector updating cached Ka time with value: %2 seconds; type: %1.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

WNP Keep Alive Detector updating cached Ka time with value: %2 seconds; type: %1

Fields

Name	Description
`KaValueType`	—
`KaValue`	—

Event ID 1233 — Fast reconnect triggered for previous WNS session (%1) on the %3.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

Fast reconnect triggered for previous WNS session (%1) on the %3.  It has been %2 seconds since last packet.

Fields

Name	Description
`SessionId`	—
`SecondsSinceLastSentPacket`	—
`ConnectionType`	—

Event ID 1234 — %2 TCP connection established over %1.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

%2 TCP connection established over %1.

Fields

Name	Description
`ProtocolType`	—
`ConnectionType`	—

Event ID 1235 — WNP Keep Alive Detector resetting Idle Failed Interval.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

WNP Keep Alive Detector resetting Idle Failed Interval. Last Idle-Succeeded interval %1 seconds is larger than Idle-Failed interval %2 seconds

Fields

Name	Description
`IdleSucceededInterval`	—
`IdleFailedInterval`	—

Event ID 1236 — WNP Keep Alive Detector incrementing Idle-Succeeded count to %1.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

WNP Keep Alive Detector incrementing Idle-Succeeded count to %1

Fields

Name	Description
`IdleSucceededCount`	—

Event ID 1237 — WNP Keep Alive Detector encountered failed idle interval of %1 seconds.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

WNP Keep Alive Detector encountered failed idle interval of %1 seconds

Fields

Name	Description
`IdleFailedInterval`	—

Event ID 1238 — WNP Keep Alive Detector starting Test Connection

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational
Level: 4
Samples: 1

Message

WNP Keep Alive Detector starting Test Connection

Example Event

system:
  provider: Microsoft-Windows-PushNotifications-Platform
  guid: 88CD9180-4491-4640-B571-E3BEE2527943
  event_source_name: ''
  event_id: 1238
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 9223372036858970112
  time_created: '2023-11-05T22:33:26.748563+00:00'
  event_record_id: 2458
  correlation:
    ActivityID: E4DB489E-1037-0003-9850-DBE43710DA01
  execution:
    process_id: 3380
    thread_id: 5052
  channel: Microsoft-Windows-PushNotification-Platform/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-18
event_data: {}
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 1239 — WNP Keep Alive Detector starting KA measurement with value: %2 seconds; type: %1; Min Limit: %3 seconds.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational
Level: 4
Samples: 1

Message

WNP Keep Alive Detector starting KA measurement with value: %2 seconds; type: %1; Min Limit: %3 seconds

Fields

Name	Description
`KaValueType`	seconds; type.
`KaValue`	WNP Keep Alive Detector starting KA measurement with value.
`KaMinLimit`	; Min Limit.

Example Event

system:
  provider: Microsoft-Windows-PushNotifications-Platform
  guid: 88CD9180-4491-4640-B571-E3BEE2527943
  event_source_name: ''
  event_id: 1239
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 9223372036858970112
  time_created: '2023-11-05T22:33:26.736302+00:00'
  event_record_id: 2457
  correlation:
    ActivityID: E4DB489E-1037-0003-9850-DBE43710DA01
  execution:
    process_id: 3380
    thread_id: 3672
  channel: Microsoft-Windows-PushNotification-Platform/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-18
event_data:
  KaValueType: 0
  KaValue: 60
  KaMinLimit: 60
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 1240 — WNP Keep Alive Detector stopping KA measurement

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

WNP Keep Alive Detector stopping KA measurement

Event ID 1241 — WNP Keep Alive Detector lost network over %1.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

WNP Keep Alive Detector lost network over %1.

Fields

Name	Description
`ProtocolType`	—

Event ID 1242 — WNP Transport Layer received Power Management event with type %1 on the %2.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

WNP Transport Layer received Power Management event with type %1 on the %2.

Fields

Name	Description
`PowerManagementType`	—
`ConnectionType`	—

Event ID 1243 — WNP Transport Layer received Power Management event with type %1 on the %2.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

WNP Transport Layer received Power Management event with type %1 on the %2.  Message is ignored

Fields

Name	Description
`PowerManagementType`	—
`ConnectionType`	—

Event ID 1244 — Connection to the Windows Push Notification Service (%1:%2) failed because proxy host detected (%3) could not be used to establish the connection.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

Connection to the Windows Push Notification Service (%1:%2) failed because proxy host detected (%3) could not be used to establish the connection.  Please check the proxy configuration on the client as well as verify that the proxy host detected is operating correctly.

Fields

Name	Description
`HostName`	—
`Port`	—
`ProxyHostName`	—

Event ID 1245 — Connection to the Windows Push Notification Service (%1:%2) failed because the proxy host detected (%3) explicitly requires user authentication.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Admin

Message

Connection to the Windows Push Notification Service (%1:%2) failed because the proxy host detected (%3) explicitly requires user authentication.  Only proxies configured with NTLM authentication are supported.

Fields

Name	Description
`HostName`	—
`Port`	—
`ProxyHostName`	—

Event ID 1246 — WNP Transport Layer was disconnected from the Windows Push Notification Service due to a loss of network connectivity.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

WNP Transport Layer was disconnected from the Windows Push Notification Service due to a loss of network connectivity.

Event ID 1247 — Connection to the Windows Push Notification Service failed because of a failure to configure the connection to run properly in low-power states.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Admin

Message

Connection to the Windows Push Notification Service failed because of a failure to configure the connection to run properly in low-power states.  Please ensure all network drivers are up to date.

Fields

Name	Description
`ControlChannelTriggerStatus`	—

Event ID 1248 — Connection to the Windows Push Notification Service (%1:%2) failed because the proxy host detected (%3) could not be connected to.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Admin

Message

Connection to the Windows Push Notification Service (%1:%2) failed because the proxy host detected (%3) could not be connected to. The HTTP request failed with HTTP Status: %4.

Fields

Name	Description
`HostName`	—
`Port`	—
`ProxyHostName`	—
`HttpStatus`	—

Event ID 1249 — StopKeepAliveMeasurement was called from message loop.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

StopKeepAliveMeasurement was called from message loop.

Event ID 1250 — The KA measurement was never started.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

The KA measurement was never started.

Event ID 1251 — The test connection disconnect failed synchronously due to error.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

The test connection disconnect failed synchronously due to error: %1

Fields

Name	Description
`Error`	—

Event ID 1252 — The KA value has converged.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational
Level: 4
Samples: 1

Message

The KA value has converged.  Now disconnect test connection.

Example Event

system:
  provider: Microsoft-Windows-PushNotifications-Platform
  guid: 88CD9180-4491-4640-B571-E3BEE2527943
  event_source_name: ''
  event_id: 1252
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 9223372036858970112
  time_created: '2023-11-06T00:20:42.944747+00:00'
  event_record_id: 2745
  correlation:
    ActivityID: E4DB489E-1037-0003-9850-DBE43710DA01
  execution:
    process_id: 3380
    thread_id: 5052
  channel: Microsoft-Windows-PushNotification-Platform/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-18
event_data: {}
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 1253 — The test connection will be disconnected due to idle failure.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

The test connection will be disconnected due to idle failure.

Event ID 1254 — WNP Transport Layer for %1 detected preferred interface change.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational
Level: 4
Samples: 1

Message

WNP Transport Layer for %1 detected preferred interface change. Old index %2, old address family %3. New index %4, new address family %5, NDIS_PHYSICAL_MEDIUM %6.

Fields

Name	Description
`ConnectionType`	—
`OldIndex`	—
`OldAddressFamily`	—
`NewIndex`	—
`NewAddressFamily`	—
`NewPhysicalMediumType`	—

Example Event

system:
  provider: Microsoft-Windows-PushNotifications-Platform
  guid: 88CD9180-4491-4640-B571-E3BEE2527943
  event_source_name: ''
  event_id: 1254
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 9223372036858970112
  time_created: '2023-11-05T22:33:26.761426+00:00'
  event_record_id: 2462
  correlation:
    ActivityID: E4DB489E-1037-0003-9850-DBE43710DA01
  execution:
    process_id: 3380
    thread_id: 5052
  channel: Microsoft-Windows-PushNotification-Platform/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-18
event_data:
  ConnectionType: 0
  OldIndex: 0
  OldAddressFamily: 0
  NewIndex: 9
  NewAddressFamily: 0
  NewPhysicalMediumType: 14
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 1255 — WNP Transport Layer for %1 reacting to preferred interface change, disconnect and immediately reconnect.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

WNP Transport Layer for %1 reacting to preferred interface change, disconnect and immediately reconnect.

Fields

Name	Description
`ConnectionType`	—

Event ID 1256 — WNP Transport Layer for %1 reacting to preferred interface change, immediately reconnect.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

WNP Transport Layer for %1 reacting to preferred interface change, immediately reconnect.

Fields

Name	Description
`ConnectionType`	—

Event ID 1257 — WNP Transport Layer for %1 called InitializeSecurityContext and got return code %2.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational
Level: 4
Samples: 1

Message

WNP Transport Layer for %1 called InitializeSecurityContext and got return code %2.

Fields

Name	Description
`ConnectionType`	—
`Error`	—

Example Event

system:
  provider: Microsoft-Windows-PushNotifications-Platform
  guid: 88CD9180-4491-4640-B571-E3BEE2527943
  event_source_name: ''
  event_id: 1257
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 9223372036858970112
  time_created: '2023-11-05T22:36:06.766744+00:00'
  event_record_id: 2552
  correlation: {}
  execution:
    process_id: 3380
    thread_id: 4140
  channel: Microsoft-Windows-PushNotification-Platform/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-18
event_data:
  ConnectionType: 1
  Error: 0
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 1258 — WNP Transport Layer for %1 received asynchronous connection error %2.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational
Level: 4
Samples: 1

Message

WNP Transport Layer for %1 received asynchronous connection error %2.

Fields

Name	Description
`ConnectionType`	—
`SocketError`	—

Example Event

system:
  provider: Microsoft-Windows-PushNotifications-Platform
  guid: 88CD9180-4491-4640-B571-E3BEE2527943
  event_source_name: ''
  event_id: 1258
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 9223372036858970112
  time_created: '2023-11-05T22:36:03.277507+00:00'
  event_record_id: 2540
  correlation: {}
  execution:
    process_id: 3380
    thread_id: 4140
  channel: Microsoft-Windows-PushNotification-Platform/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-18
event_data:
  ConnectionType: 1
  SocketError: 10053
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 1259 — WNP Transport Layer for the Data Connection sending out of band keep alive (PNG) request.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

WNP Transport Layer for the Data Connection sending out of band keep alive (PNG) request.

Event ID 1260 — WNP Transport Layer for the Data Connection received cellular state change WNF event.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

WNP Transport Layer for the Data Connection received cellular state change WNF event.

Event ID 1261 — Adding new user to the Windows Push Notification Service.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational
Level: 4
Samples: 1

Message

Adding new user to the Windows Push Notification Service. %1 [DeviceId] %2 [UserId] %3 [UserType].

Fields

Name	Description
`DeviceId`	—
`UserId`	—
`UserType`	—

Example Event

system:
  provider: Microsoft-Windows-PushNotifications-Platform
  guid: 88CD9180-4491-4640-B571-E3BEE2527943
  event_source_name: ''
  event_id: 1261
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 9223372036858970112
  time_created: '2023-11-05T22:41:17.176465+00:00'
  event_record_id: 2593
  correlation: {}
  execution:
    process_id: 3380
    thread_id: 4140
  channel: Microsoft-Windows-PushNotification-Platform/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-18
event_data:
  DeviceId: 0018800CFC3A4A31
  UserId: 0
  UserType: 1
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 1262 — Removing existing user from the Windows Push Notification Service.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational
Level: 4
Samples: 1

Message

Removing existing user from the Windows Push Notification Service. %1 [DeviceId] %2 [UserId] %3 [UserType].

Fields

Name	Description
`DeviceId`	—
`UserId`	—
`UserType`	—

Example Event

system:
  provider: Microsoft-Windows-PushNotifications-Platform
  guid: 88CD9180-4491-4640-B571-E3BEE2527943
  event_source_name: ''
  event_id: 1262
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 9223372036858970112
  time_created: '2023-11-05T22:31:33.631380+00:00'
  event_record_id: 2379
  correlation: {}
  execution:
    process_id: 3280
    thread_id: 1712
  channel: Microsoft-Windows-PushNotification-Platform/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-18
event_data:
  DeviceId: 0018800CFC3A4A31
  UserId: 17056889
  UserType: 2
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 1263 — Replacing existing user from the Windows Push Notification Service.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

Replacing existing user from the Windows Push Notification Service. %1 [DeviceId] %2 [OldUserId] %3 [OldUserType] %4 [NewUserId] %5 [NewUserType].

Fields

Name	Description
`DeviceId`	—
`OldUserId`	—
`OldUserType`	—
`NewUserId`	—
`NewUserType`	—

Event ID 1264 — Adding new user to the Windows Push Notification Service completed.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational
Level: 4
Samples: 1

Message

Adding new user to the Windows Push Notification Service completed. %1 [DeviceId] %2 [UserId] %3 [ErrorCode].

Fields

Name	Description
`DeviceId`	—
`UserId`	—
`Error`	—

Example Event

system:
  provider: Microsoft-Windows-PushNotifications-Platform
  guid: 88CD9180-4491-4640-B571-E3BEE2527943
  event_source_name: ''
  event_id: 1264
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 9223372036858970112
  time_created: '2023-11-05T22:41:17.203291+00:00'
  event_record_id: 2598
  correlation: {}
  execution:
    process_id: 3380
    thread_id: 4140
  channel: Microsoft-Windows-PushNotification-Platform/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-18
event_data:
  DeviceId: 0018800CFC3A4A31
  UserId: 0
  Error: 0
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 1265 — Removing existing user from the Windows Push Notification Service completed.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational
Level: 4
Samples: 1

Message

Removing existing user from the Windows Push Notification Service completed. %1 [DeviceId] %2 [UserId] %3 [ErrorCode].

Fields

Name	Description
`DeviceId`	—
`UserId`	—
`Error`	—

Example Event

system:
  provider: Microsoft-Windows-PushNotifications-Platform
  guid: 88CD9180-4491-4640-B571-E3BEE2527943
  event_source_name: ''
  event_id: 1265
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 9223372036858970112
  time_created: '2023-11-05T22:31:33.659387+00:00'
  event_record_id: 2384
  correlation: {}
  execution:
    process_id: 3280
    thread_id: 1712
  channel: Microsoft-Windows-PushNotification-Platform/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-18
event_data:
  DeviceId: 0018800CFC3A4A31
  UserId: 17056889
  Error: 0
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 1266 — Replacing existing user from the Windows Push Notification Service completed.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

Replacing existing user from the Windows Push Notification Service completed. %1 [DeviceId] %2 [OldUserId] %3 [NewUserId] %4 [ErrorCode].

Fields

Name	Description
`DeviceId`	—
`OldUserId`	—
`NewUserId`	—
`Error`	—

Event ID 1267 — WNP Transport Layer sent command: %1, Trid: %2, Namespace: %3, CV: %4 containing %5 bytes of payload only.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational
Level: 5
Samples: 1

Message

WNP Transport Layer sent command: %1, Trid: %2, Namespace: %3, CV: %4 containing %5 bytes of payload only. However, full payload including header is: %6. IsLongRunning: %7.

Fields

Name	Description
`Verb`	WNP Transport Layer sent command.
`TrID`	—
`Namespace`	—
`CorrelationVector`	—
`Bytes`	—
`Payload`	5 bytes of payload only. However, full payload including header is.
`ConnectionType`	—

Example Event

system:
  provider: Microsoft-Windows-PushNotifications-Platform
  guid: 88CD9180-4491-4640-B571-E3BEE2527943
  event_source_name: ''
  event_id: 1267
  version: 0
  level: 5
  task: 0
  opcode: 0
  keywords: 9223372036959633408
  time_created: '2023-11-06T01:49:11.345599+00:00'
  event_record_id: 2774
  correlation: {}
  execution:
    process_id: 3380
    thread_id: 4140
  channel: Microsoft-Windows-PushNotification-Platform/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-18
event_data:
  Verb: PNG
  TrID: 19
  Namespace: CON
  CorrelationVector: vfP4YmNyxkSgHVIt.19
  Bytes: 72
  Payload: 504E4720313920434F4E2035370D0A4D532D43563A2076665034596D4E79786B5367485649742E31390D0A436F6E746578743A20336635303563336636353833666465640D0A0D0A
  ConnectionType: 1
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 1268 — WNP Transport Layer received command: %1, Trid: %2, Namespace: %3, CV: %4 containing %5 bytes of payload only.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational
Level: 5
Samples: 1

Message

WNP Transport Layer received command: %1, Trid: %2, Namespace: %3, CV: %4 containing %5 bytes of payload only. However, full payload including header is: %6. IsLongRunning: %7.

Fields

Name	Description
`Verb`	WNP Transport Layer received command.
`TrID`	—
`Namespace`	—
`CorrelationVector`	—
`Bytes`	—
`Payload`	5 bytes of payload only. However, full payload including header is.
`ConnectionType`	—

Example Event

system:
  provider: Microsoft-Windows-PushNotifications-Platform
  guid: 88CD9180-4491-4640-B571-E3BEE2527943
  event_source_name: ''
  event_id: 1268
  version: 0
  level: 5
  task: 0
  opcode: 0
  keywords: 9223372036959633408
  time_created: '2023-11-06T01:49:11.384651+00:00'
  event_record_id: 2776
  correlation: {}
  execution:
    process_id: 3380
    thread_id: 4140
  channel: Microsoft-Windows-PushNotification-Platform/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-18
event_data:
  Verb: PNG
  TrID: 19
  Namespace: CON
  CorrelationVector: vfP4YmNyxkSgHVIt.19.0
  Bytes: 126
  Payload: 504E4720313920434F4E003132360D0A4D532D43563A2076665034596D4E79786B5367485649742E31392E300D0A0D0A3C70696E672D726573706F6E73653E3C776169743E34333C2F776169743E3C636F6E6E656374696F6E2D7374617475733E436F6E6E65637465643C2F636F6E6E656374696F6E2D7374617475733E
  ConnectionType: 1
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 1300 — Started tracking connection establishment performance.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Started tracking connection establishment performance.

Event ID 1301 — Finished tracking connection establishment performance.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Finished tracking connection establishment performance.

Event ID 1302 — PDC Intialization finished with error code [.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

PDC Intialization finished with error code [%1] and Initialization Count is [%2].

Fields

Name	Description
`ErrorCode`	—
`InitCount`	—

Event ID 1303 — PDC Unintialization finished with error code [.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

PDC Unintialization finished with error code [%1] and Initialization Count is [%2].

Fields

Name	Description
`ErrorCode`	—
`InitCount`	—

Event ID 1304 — PDC Activation finished with error code [.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

PDC Activation finished with error code [%1], Initialization Count is [%2], and Reason is [%3] for the %4.

Fields

Name	Description
`ErrorCode`	—
`InitCount`	—
`PdcReason`	—
`ConnectionType`	—

Event ID 1305 — PDC Deactivation finished with error code [.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

PDC Deactivation finished with error code [%1], Initialization Count is [%2], and Reason is [%3] for the %4.

Fields

Name	Description
`ErrorCode`	—
`InitCount`	—
`PdcReason`	—
`ConnectionType`	—

Event ID 1306 — WNP protocol state for Device Id %1 is State %2 for the %3.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

WNP protocol state for Device Id %1 is State %2 for the %3.

Fields

Name	Description
`DeviceId`	—
`State`	—
`ConnectionType`	—

Event ID 1307 — WNP Connector state for Connector Id %1 is State %2 for the %3.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

WNP Connector state for Connector Id %1 is State %2 for the %3.

Fields

Name	Description
`ConnectorId`	—
`State`	—
`ConnectionType`	—

Event ID 1308 — WNP Transport Layer for Connector Id %1 requested NCSI probe for the %2 and got error code %3.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

WNP Transport Layer for Connector Id %1 requested NCSI probe for the %2 and got error code %3.

Fields

Name	Description
`ConnectorId`	—
`ConnectionType`	—
`ErrorCode`	—

Event ID 1309 — WNP Transport Layer for Auth Manager requested NCSI probe for the %1 and got error code %2.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

WNP Transport Layer for Auth Manager requested NCSI probe for the %1 and got error code %2.

Fields

Name	Description
`ConnectionType`	—
`ErrorCode`	—

Event ID 1310 — WNP Transport Layer for %1 detected first fallback interface change.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational
Level: 4
Samples: 1

Message

WNP Transport Layer for %1 detected first fallback interface change. Old index %2, old address family %3. New index %4, new address family %5, NDIS_PHYSICAL_MEDIUM %6.

Fields

Name	Description
`ConnectionType`	—
`OldIndex`	—
`OldAddressFamily`	—
`NewIndex`	—
`NewAddressFamily`	—
`NewPhysicalMediumType`	—

Example Event

system:
  provider: Microsoft-Windows-PushNotifications-Platform
  guid: 88CD9180-4491-4640-B571-E3BEE2527943
  event_source_name: ''
  event_id: 1310
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 9223372036858970112
  time_created: '2023-11-05T22:33:26.761428+00:00'
  event_record_id: 2463
  correlation:
    ActivityID: E4DB489E-1037-0003-9850-DBE43710DA01
  execution:
    process_id: 3380
    thread_id: 5052
  channel: Microsoft-Windows-PushNotification-Platform/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-18
event_data:
  ConnectionType: 0
  OldIndex: 0
  OldAddressFamily: 0
  NewIndex: 4
  NewAddressFamily: 0
  NewPhysicalMediumType: 14
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 1311 — WNP Transport Layer for %1 detected second fallback interface change.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

WNP Transport Layer for %1 detected second fallback interface change. Old index %2, old address family %3. New index %4, new address family %5, NDIS_PHYSICAL_MEDIUM %6.

Fields

Name	Description
`ConnectionType`	—
`OldIndex`	—
`OldAddressFamily`	—
`NewIndex`	—
`NewAddressFamily`	—
`NewPhysicalMediumType`	—

Event ID 1312 — WNP Transport Layer detected low WIFI signal quality level (value = %1); and hence sending out of band keep alive (PNG) request.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

WNP Transport Layer detected low WIFI signal quality level (value = %1); and hence sending out of band keep alive (PNG) request.

Fields

Name	Description
`TriggerValue`	—

Event ID 1313 — WNP Transport Layer detected a significant drop in WIFI signal quality (delta = %1); and hence sending out of band keep alive (PNG) request.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

WNP Transport Layer detected a significant drop in WIFI signal quality (delta = %1); and hence sending out of band keep alive (PNG) request.

Fields

Name	Description
`TriggerValue`	—

Event ID 1314 — WNP Transport Layer detected a change in WIFI interface availability (event %1); and hence sending out of band keep alive (PNG) request.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

WNP Transport Layer detected a change in WIFI interface availability (event %1); and hence sending out of band keep alive (PNG) request.

Fields

Name	Description
`TriggerValue`	—

Event ID 1315 — WNP Transport Layer detected a change in WIFI interface connectivity status (event %1); and hence sending out of band keep alive (PNG) request.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

WNP Transport Layer detected a change in WIFI interface connectivity status (event %1); and hence sending out of band keep alive (PNG) request.

Fields

Name	Description
`TriggerValue`	—

Event ID 1316 —

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Fields

Name	Description
`ErrorCode`	—
`Namespace`	—
`UserId`	—
`PayloadSize`	—
`MsgId`	—

Event ID 1316 — WNS delivered notification dropped in CP: %1 [ErrorCode] %2 [Namespace] %3 [UserId] %4 [PayloadSize] %5 [MsgId].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

WNS delivered notification dropped in CP: %1 [ErrorCode] %2 [Namespace] %3 [UserId] %4 [PayloadSize] %5 [MsgId].

Fields

Name	Description
`ErrorCode`	—
`Namespace`	—
`UserId`	—
`PayloadSize`	—
`MsgId`	—

Event ID 1317 —

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Fields

Name	Description
`NotificationType`	—
`ChannelId`	—
`AppUserModelId`	—
`MessageId`	—
`ErrorCode`	—

Event ID 1317 — %1 associated with ChannelId %2 and AppUserModelId %3 with X-WNS-MSG-ID %4 failed to be submitted to threadpool.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

%1 associated with ChannelId %2 and AppUserModelId %3 with X-WNS-MSG-ID %4 failed to be submitted to threadpool. ErrorCode %5

Fields

Name	Description
`NotificationType`	—
`ChannelId`	—
`AppUserModelId`	—
`MessageId`	—
`ErrorCode`	—

Event ID 1318 —

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Fields

Name	Description
`Namespace`	—
`UserId`	—
`PayloadSize`	—
`MsgId`	—
`Ack`	—
`CorrelationVector`	—

Event ID 1318 — WNP Protocol delivered notification: %1 [Namespace] %2 [UserId] %3 [PayloadSize] %4 [MsgId] %5 [Ack] %6 [CorrelationVector].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

WNP Protocol delivered notification: %1 [Namespace] %2 [UserId] %3 [PayloadSize] %4 [MsgId] %5 [Ack] %6 [CorrelationVector].

Fields

Name	Description
`Namespace`	—
`UserId`	—
`PayloadSize`	—
`MsgId`	—
`Ack`	—
`CorrelationVector`	—

Event ID 2000 — The Windows Push Notification Platform has received a channel request with the following parameters: %1 [PackageFullName] %2 [AppUserModelId].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

The Windows Push Notification Platform has received a channel request with the following parameters: %1 [PackageFullName] %2 [AppUserModelId].

Fields

Name	Description
`PackageFullName`	—
`AppUserModelId`	—

Event ID 2001 — The channel table has added a valid channel mapping: %1 [ChannelId] %2 [AppUserModelId] %3 [ErrorCode].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational
Level: 4
Samples: 1

Message

The channel table has added a valid channel mapping: %1 [ChannelId] %2 [AppUserModelId] %3 [ErrorCode].

Fields

Name	Description
`ChannelId`	The channel table has added a valid channel mapping.
`AppUserModelId`	—
`ErrorCode`	—

Example Event

system:
  provider: Microsoft-Windows-PushNotifications-Platform
  guid: 88CD9180-4491-4640-B571-E3BEE2527943
  event_source_name: ''
  event_id: 2001
  version: 0
  level: 4
  task: 17
  opcode: 2
  keywords: 9223372036863164928
  time_created: '2023-11-05T22:41:17.323597+00:00'
  event_record_id: 2606
  correlation: {}
  execution:
    process_id: 3380
    thread_id: 5016
  channel: Microsoft-Windows-PushNotification-Platform/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-18
event_data:
  ChannelId: 1;15334591640917018673
  AppUserModelId: Microsoft.Windows.PushToInstall
  ErrorCode: 0
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 2002 — The channel table has removed a channel mapping: %1 [ChannelId] %2 [AppUserModelId] %3 [ErrorCode].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

The channel table has removed a channel mapping: %1 [ChannelId] %2 [AppUserModelId] %3 [ErrorCode].

Fields

Name	Description
`ChannelId`	—
`AppUserModelId`	—
`ErrorCode`	—

Event ID 2003 — The channel table has updated a channel mapping: %1 [ChannelId] %2 [AppUserModelId] %3 [ErrorCode].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

The channel table has updated a channel mapping: %1 [ChannelId] %2 [AppUserModelId] %3 [ErrorCode].

Fields

Name	Description
`ChannelId`	—
`AppUserModelId`	—
`ErrorCode`	—

Event ID 2004 — The channel table has returned a cached channel mapping: %1 [ChannelId] %2 [AppUserModelId] %3 [ErrorCode].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

The channel table has returned a cached channel mapping: %1 [ChannelId] %2 [AppUserModelId] %3 [ErrorCode].

Fields

Name	Description
`ChannelId`	—
`AppUserModelId`	—
`ErrorCode`	—

Event ID 2005 — A cloud notification callback was added: %1 [AppUserModelId].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A cloud notification callback was added: %1 [AppUserModelId].

Fields

Name	Description
`AppUserModelId`	—

Event ID 2006 — A cloud notification callback was removed: %1 [AppUserModelId].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A cloud notification callback was removed: %1 [AppUserModelId].

Fields

Name	Description
`AppUserModelId`	—

Event ID 2007 — A cloud notification could not be delivered to a callback due to an error: %1 [AppUserModelId] %2 [ErrorCode].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A cloud notification could not be delivered to a callback due to an error: %1 [AppUserModelId] %2 [ErrorCode].

Fields

Name	Description
`AppUserModelId`	—
`ErrorCode`	—

Event ID 2008 — A cloud notification was delivered to a callback: %1 [AppUserModelId] %2 [NotificationType] %3 [NotificationTrackingId].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A cloud notification was delivered to a callback: %1 [AppUserModelId] %2 [NotificationType] %3 [NotificationTrackingId].

Fields

Name	Description
`AppUserModelId`	—
`NotificationType`	—
`TrackingId`	—

Event ID 2009 — A local notification was submitted to threadpool: %1 [AppUserModelId] %2 [NotificationType] %3 [NotificationTrackingId] %4 [NotificationSource].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A local notification was submitted to threadpool: %1 [AppUserModelId] %2 [NotificationType] %3 [NotificationTrackingId] %4 [NotificationSource].

Fields

Name	Description
`AppUserModelId`	—
`NotificationType`	—
`TrackingId`	—
`NotificationSource`	—

Event ID 2010 — A clear tile message was received from an application endpoint: %1 [AppUserModelId].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A clear tile message was received from an application endpoint: %1 [AppUserModelId].

Fields

Name	Description
`AppUserModelId`	—

Event ID 2011 — A clear badge message was received from an application endpoint: %1 [AppUserModelId].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A clear badge message was received from an application endpoint: %1 [AppUserModelId].

Fields

Name	Description
`AppUserModelId`	—

Event ID 2012 — A cancel toast message was received from an application endpoint: %1 [AppUserModelId] %2 [NotificationTrackingId].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A cancel toast message was received from an application endpoint: %1 [AppUserModelId] %2 [NotificationTrackingId].

Fields

Name	Description
`AppUserModelId`	—
`TrackingId`	—

Event ID 2013 — A clear toast message was received from an application endpoint: %1 [AppUserModelId].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A clear toast message was received from an application endpoint: %1 [AppUserModelId].

Fields

Name	Description
`AppUserModelId`	—

Event ID 2014 — A remove toast message was received from an application endpoint: %1 [AppUserModelId] for %2 [Tag] and %3 [Group].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A remove toast message was received from an application endpoint: %1 [AppUserModelId] for %2 [Tag] and %3 [Group].

Fields

Name	Description
`AppUserModelId`	—
`Tag`	—
`Group`	—

Event ID 2015 — A channel request failed due to an error: %1 [AppUserModelId] %2 [ErrorCode].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A channel request failed due to an error: %1 [AppUserModelId] %2 [ErrorCode].

Fields

Name	Description
`AppUserModelId`	—
`ErrorCode`	—

Event ID 2016 — A clear mixview message was received from an application endpoint: %1 [AppUserModelId].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A clear mixview message was received from an application endpoint: %1 [AppUserModelId].

Fields

Name	Description
`AppUserModelId`	—

Event ID 2025 — A toast feedback callback was added: %1 [NotificationTrackingId].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A toast feedback callback was added: %1 [NotificationTrackingId].

Fields

Name	Description
`TrackingId`	—

Event ID 2026 — A toast feedback callback was removed: %1 [NotificationTrackingId].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A toast feedback callback was removed: %1 [NotificationTrackingId].

Fields

Name	Description
`TrackingId`	—

Event ID 2027 — A toast feedback callback was invoked: %1 [NotificationTrackingId].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A toast feedback callback was invoked: %1 [NotificationTrackingId].

Fields

Name	Description
`TrackingId`	—

Event ID 2028 — A scheduled toast was added: %1 [PackageFullName] %2 [AppUserModelId].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A scheduled toast was added: %1 [PackageFullName] %2 [AppUserModelId].

Fields

Name	Description
`PackageFullName`	—
`AppUserModelID`	—
`TimerId`	—
`Duetime`	—

Event ID 2029 — A scheduled toast was removed: %1 [PackageFullName] %2 [AppUserModelID].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A scheduled toast was removed: %1 [PackageFullName] %2 [AppUserModelID].

Fields

Name	Description
`PackageFullName`	—
`AppUserModelID`	—

Event ID 2030 — A scheduled toast is about to be raised: %1 [AppUserModelID] %2 [TimerId] %3 [Duetime].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A scheduled toast is about to be raised: %1 [AppUserModelID] %2 [TimerId] %3 [Duetime].

Fields

Name	Description
`AppUserModelID`	—
`TimerId`	—
`Duetime`	—

Event ID 2031 — A background task to application mapping has been added: %1 [AppUserModelID] %2 [EventId].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A background task to application mapping has been added: %1 [AppUserModelID]  %2 [EventId].

Fields

Name	Description
`AppUserModelID`	—
`EventId`	—

Event ID 2032 — A background task to application mapping has been removed: %1 [AppUserModelID] %2 [EventId].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A background task to application mapping has been removed: %1 [AppUserModelID]  %2 [EventId].

Fields

Name	Description
`AppUserModelID`	—
`EventId`	—

Event ID 2033 — A raw notification has activated a background task: %1 [AppUserModelID] %2 [EventId] %3 [NotificationID].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

A raw notification has activated a background task: %1 [AppUserModelID] %2 [EventId] %3 [NotificationID].

Fields

Name	Description
`AppUserModelID`	—
`EventId`	—
`NotificationId`	—

Event ID 2034 — A raw notification has activated a system task: %1 [AppUserModelID].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A raw notification has activated a system task: %1 [AppUserModelID].

Fields

Name	Description
`AppUserModelID`	—

Event ID 2035 — A scheduled tile was added: %1 [PackageFullName] %2 [AppUserModelId] %3 [Cookie].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A scheduled tile was added: %1 [PackageFullName] %2 [AppUserModelId] %3 [Cookie].

Fields

Name	Description
`PackageFullName`	—
`AppUserModelID`	—
`TimerId`	—
`Duetime`	—

Event ID 2036 — A scheduled tile was removed: %1 [PackageFullName] %2 [AppUserModelId] %3 [Cookie].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A scheduled tile was removed: %1 [PackageFullName] %2 [AppUserModelId] %3 [Cookie].

Fields

Name	Description
`PackageFullName`	—
`AppUserModelID`	—
`TimerId`	—

Event ID 2037 — A scheduled tile is being raised: %1 [AppUserModelId] %2 [Cookie].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A scheduled tile is being raised: %1 [AppUserModelId] %2 [Cookie].

Fields

Name	Description
`AppUserModelID`	—
`TimerId`	—
`Duetime`	—

Event ID 2038 — A scheduled tile was removed because the number of scheduled tiles per app exceeded maximum queue size: %1 [AppUserModelId] %2 [Cookie].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A scheduled tile was removed because the number of scheduled tiles per app exceeded maximum queue size: %1 [AppUserModelId] %2 [Cookie].

Fields

Name	Description
`AppUserModelID`	—
`TimerId`	—
`Duetime`	—

Event ID 2039 — A periodic update has been set: %1 [PackageFullName] %2 [AppUserModelId] %3 [Type].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A periodic update has been set: %1 [PackageFullName] %2 [AppUserModelId] %3 [Type].

Fields

Name	Description
`PackageFullName`	—
`AppUserModelID`	—
`NotificationType`	—
`TimerId`	—
`URL`	—

Event ID 2040 — A periodic update has been reset: %1 [PackageFullName] %2 [AppUserModelId] %3 [Type].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A periodic update has been reset: %1 [PackageFullName] %2 [AppUserModelId] %3 [Type].

Fields

Name	Description
`PackageFullName`	—
`AppUserModelID`	—
`NotificationType`	—

Event ID 2041 — A periodic update has started polling URL: %1 [AppUserModelId] %2 [Type].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A periodic update has started polling URL: %1 [AppUserModelId] %2 [Type].

Fields

Name	Description
`AppUserModelID`	—
`NotificationType`	—
`TimerId`	—

Event ID 2042 — A periodic update has finished polling URL: %1 [AppUserModelId] %2 [Type].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A periodic update has finished polling URL: %1 [AppUserModelId] %2 [Type].

Fields

Name	Description
`AppUserModelID`	—
`NotificationType`	—

Event ID 2043 — A periodic update has rejected polling URL because size of notification exceeded maximum: %1 [AppUserModelId] %2 [Type] %3 [URL].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A periodic update has rejected polling URL because size of notification exceeded maximum: %1 [AppUserModelId] %2 [Type] %3 [URL].

Fields

Name	Description
`AppUserModelID`	—
`NotificationType`	—
`URL`	—

Event ID 2044 — A periodic update has rejected polling URL due to mobile broadband connection such as roaming or reaching quota : %1 [AppUserModelId] %2 [Type].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A periodic update has rejected polling URL due to mobile broadband connection such as roaming or reaching quota : %1 [AppUserModelId] %2 [Type].

Fields

Name	Description
`AppUserModelID`	—
`NotificationType`	—

Event ID 2045 — A periodic update has failed polling URL.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A periodic update has failed polling URL. Please refer error description for detail: %1 [AppUserModelId] %2 [Type] %3 [URL] %4 [Error].

Fields

Name	Description
`AppUserModelID`	—
`NotificationType`	—
`URL`	—
`Error`	—

Event ID 2046 — A background task application mapping entry has been removed: %1 [AppUserModelID].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A background task application mapping entry has been removed: %1 [AppUserModelID].

Fields

Name	Description
`AppUserModelID`	—

Event ID 2047 — Notification API call for %1 [AppUserModelId] failed.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Notification API call for %1 [AppUserModelId] failed. If you are logged into multiple sessions as the same user, please logoff and use a single user session.  If you are using the Visual Studio debugging simulator, exit the simulator to resolve this error.

Fields

Name	Description
`AppUserModelId`	—

Event ID 2048 — A raw notification has failed to activate a background task: %1 [AppUserModelID] %2 [EventId] %3 [ErrorCode].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A raw notification has failed to activate a background task: %1 [AppUserModelID] %2 [EventId] %3 [ErrorCode].

Fields

Name	Description
`AppUserModelID`	—
`EventId`	—
`ErrorCode`	—

Event ID 2049 — A periodic update has found HTTP Status Code rather than 200: %1 [AppUserModelId] %2 [Type] %3 [URL] %4 [HTTP Status Code].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A periodic update has found HTTP Status Code rather than 200: %1 [AppUserModelId] %2 [Type] %3 [URL] %4 [HTTP Status Code].

Fields

Name	Description
`AppUserModelID`	—
`NotificationType`	—
`URL`	—
`HttpStatusCode`	—

Event ID 2050 — A periodic update has failed polling URL because X-WNS-TAG header is invalid: %1 [AppUserModelId] %2 [Type] %3 [URL].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A periodic update has failed polling URL because X-WNS-TAG header is invalid: %1 [AppUserModelId] %2 [Type] %3 [URL].

Fields

Name	Description
`AppUserModelID`	—
`NotificationType`	—
`URL`	—

Event ID 2051 — A periodic update has failed polling URL because X-WNS-EXPIRY header is invalid: %1 [AppUserModelId] %2 [Type] %3 [URL].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A periodic update has failed polling URL because X-WNS-EXPIRY header is invalid: %1 [AppUserModelId] %2 [Type] %3 [URL].

Fields

Name	Description
`AppUserModelID`	—
`NotificationType`	—
`URL`	—

Event ID 2052 — A periodic update of Type %2 for AppUserModelId %1 at URL %3 has been skipped due to settings.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A periodic update of Type %2 for AppUserModelId %1  at URL %3 has been skipped due to settings.  Error Code: %4

Fields

Name	Description
`AppUserModelID`	—
`NotificationType`	—
`URL`	—
`Error`	—

Event ID 2053 — A periodic update has failed polling URL because X-WNS-GROUP header is invalid: %1 [AppUserModelId] %2 [Type] %3 [URL].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

A periodic update has failed polling URL because X-WNS-GROUP header is invalid: %1 [AppUserModelId] %2 [Type] %3 [URL].

Fields

Name	Description
`AppUserModelID`	—
`NotificationType`	—
`URL`	—

Event ID 2100 — A cloud notification was dropped because the following channel is not valid: %1 [ChannelId].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A cloud notification was dropped because the following channel is not valid: %1 [ChannelId].

Fields

Name	Description
`ChannelId`	—

Event ID 2101 — A notification was dropped because the expiration time was in the past: %1 [NotificationTrackingId].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A notification was dropped because the expiration time was in the past: %1 [NotificationTrackingId].

Fields

Name	Description
`TrackingId`	—

Event ID 2102 — A notification was dropped because of global settings: %1 [PolicyLevel] %2 [NotificationTrackingId] %3 [NotificationType].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A notification was dropped because of global settings: %1 [PolicyLevel] %2 [NotificationTrackingId] %3 [NotificationType].

Fields

Name	Description
`RequestFlags`	—
`TrackingId`	—
`NotificationType`	—

Event ID 2103 — A notification was dropped because cloud notifications are disabled globally: %1 [PolicyLevel] %2 [NotificationTrackingId].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A notification was dropped because cloud notifications are disabled globally: %1 [PolicyLevel]  %2 [NotificationTrackingId].

Fields

Name	Description
`RequestFlags`	—
`TrackingId`	—

Event ID 2104 — A notification was dropped because of application settings: %1 [AppUserModelId] %2 [NotificationTrackingId] %3 [NotificationType].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A notification was dropped because of application settings: %1 [AppUserModelId] %2 [NotificationTrackingId] %3 [NotificationType].

Fields

Name	Description
`AppUserModelId`	—
`TrackingId`	—
`NotificationType`	—

Event ID 2105 — A notification was dropped because the application does not have the network capability: %1 [AppUserModelId] %2 [NotificationTrackingId].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A notification was dropped because the application does not have the network capability: %1 [AppUserModelId] %2 [NotificationTrackingId].

Fields

Name	Description
`AppUserModelId`	—
`TrackingId`	—

Event ID 2106 — A notification was dropped because the application does not have the capability for the type: %1 [AppUserModelId] %2 [NotificationTrackingId] %3 [N...

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A notification was dropped because the application does not have the capability for the type: %1 [AppUserModelId] %2 [NotificationTrackingId] %3 [NotificationType].

Fields

Name	Description
`AppUserModelId`	—
`TrackingId`	—
`NotificationType`	—

Event ID 2107 — A notification was dropped because the current network is costly: %1 [AppUserModelId] %2 [NotificationTrackingId] %3 [NotificationType].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A notification was dropped because the current network is costly: %1 [AppUserModelId] %2 [NotificationTrackingId] %3 [NotificationType].

Fields

Name	Description
`AppUserModelId`	—
`TrackingId`	—
`NotificationType`	—

Event ID 2108 — A notification was dropped because the mobile broadband cap has been reached: %1 [AppUserModelId] %2 [NotificationTrackingId] %3 [NotificationType].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A notification was dropped because the mobile broadband cap has been reached: %1 [AppUserModelId] %2 [NotificationTrackingId] %3 [NotificationType].

Fields

Name	Description
`AppUserModelId`	—
`TrackingId`	—
`NotificationType`	—

Event ID 2109 — Network traffic related to notifications was attributed to the following AppUserModelId.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Network traffic related to notifications was attributed to the following AppUserModelId: %1. %2 [NotificationType] %3 [Size] %4 [NetworkType].

Fields

Name	Description
`AppUserModelId`	—
`NotificationType`	—
`Size`	—
`NetworkType`	—

Event ID 2110 — A notification was dropped because cloud notifications are disabled for the application: %1 [AppUserModelId] %2 [NotificationTrackingId] %3 [Notifi...

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A notification was dropped because cloud notifications are disabled for the application: %1 [AppUserModelId] %2 [NotificationTrackingId] %3 [NotificationType].

Fields

Name	Description
`AppUserModelId`	—
`TrackingId`	—
`NotificationType`	—

Event ID 2111 — A notification was dropped because the application is not registered: %1 [AppUserModelId] %2 [NotificationType].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A notification was dropped because the application is not registered: %1 [AppUserModelId] %2 [NotificationType]

Fields

Name	Description
`AppUserModelId`	—
`NotificationType`	—

Event ID 2112 — A %3 notification with trackingid %2 is getting posted for the application %1 with setting override.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A %3 notification with trackingid %2 is getting posted for the application %1 with setting override.

Fields

Name	Description
`AppUserModelId`	—
`TrackingId`	—
`NotificationType`	—

Event ID 2150 — An application setting was changed: %1 [AppUserModelId] %2 [SettingType] %3 [Enabled].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

An application setting was changed: %1 [AppUserModelId] %2 [SettingType] %3 [Enabled].

Fields

Name	Description
`AppUserModelId`	—
`SettingType`	—
`Enabled`	—

Event ID 2151 — A group policy setting was changed.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A group policy setting was changed. Notification Service connection was updated: %1 [Enabled].

Fields

Name	Description
`Enabled`	—

Event ID 2152 — An application setting was queried: %1 [AppUserModelId] %2 [SettingType] %3 [Enabled].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

An application setting was queried: %1 [AppUserModelId] %2 [SettingType] %3 [Enabled].

Fields

Name	Description
`AppUserModelId`	—
`SettingType`	—
`Enabled`	—

Event ID 2153 — A global setting was changed: %1 [SettingType] %2 [Enabled] %3 [PolicyLevel].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A global setting was changed: %1 [SettingType] %2 [Enabled] %3 [PolicyLevel].

Fields

Name	Description
`SettingType`	—
`Enabled`	—
`PolicyLevel`	—

Event ID 2154 — A global setting was queried: %1 [SettingType] %2 [Enabled] %3 [PolicyLevel].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A global setting was queried: %1 [SettingType] %2 [Enabled] %3 [PolicyLevel].

Fields

Name	Description
`SettingType`	—
`Enabled`	—
`PolicyLevel`	—

Event ID 2155 — The list of apps with capability: %1 [SettingType] was requested.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

The list of apps with capability: %1 [SettingType] was requested.

Fields

Name	Description
`SettingType`	—

Event ID 2156 — Callback registered for %1 [SettingType] with Cookie %2 [Cookie Value].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Callback registered for %1 [SettingType] with Cookie %2 [Cookie Value].

Fields

Name	Description
`SettingType`	—
`Cookie`	—

Event ID 2157 — Callback unregistered : %1 [Cookie Value].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Callback unregistered : %1 [Cookie Value].

Fields

Name	Description
`Callback_unregistered`	—
`Cookie`	—

Event ID 2158 — End of clearing Tile Notification Queues and Image Cache.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

End of clearing Tile Notification Queues and Image Cache.

Event ID 2159 — Mobile Broadband Tile Cap Queried: %1 [Cap Value (Bytes)].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Mobile Broadband Tile Cap Queried: %1 [Cap Value (Bytes)].

Fields

Name	Description
`Mobile_Broadband_Tile_Cap_Queried`	—
`SettingsValue`	—

Event ID 2160 — Mobile Broadband Tile Cap Changed: %1 [Cap Value (Bytes)].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Mobile Broadband Tile Cap Changed: %1 [Cap Value (Bytes)].

Fields

Name	Description
`Mobile_Broadband_Tile_Cap_Changed`	—
`SettingsValue`	—

Event ID 2161 — Mobile Broadband Tile Usage Queried: %1 [Usage Value (Bytes)].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Mobile Broadband Tile Usage Queried: %1 [Usage Value (Bytes)].

Fields

Name	Description
`Mobile_Broadband_Tile_Usage_Queried`	—
`SettingsValue`	—

Event ID 2162 — Mobile Broadband Reset Dates Queried.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Mobile Broadband Reset Dates Queried.

Event ID 2163 — The list of apps with capability: %1 [SettingType] in Package: %2 [PackageFamilyName] was requested.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

The list of apps with capability: %1 [SettingType] in Package: %2 [PackageFamilyName] was requested.

Fields

Name	Description
`SettingType`	—
`PackageFamilyName`	—

Event ID 2164 — Start of clearing Tile Notification Queues and Image Cache.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Start of clearing Tile Notification Queues and Image Cache.

Event ID 2165 — Mobile Broadband Cap Enforcement Callback invoked: %1 [Enabled].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Mobile Broadband Cap Enforcement Callback invoked: %1 [Enabled].

Fields

Name	Description
`Enabled`	—

Event ID 2166 — Toasts have been Temporarily Suspended until %1 [UTC FILETIME].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Toasts have been Temporarily Suspended until %1 [UTC FILETIME].

Fields

Name	Description
`WakeupTime`	—
`IsValid`	—

Event ID 2167 — Toast Temporary Suspend Time was queried: Is Suspended?

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Toast Temporary Suspend Time was queried: Is Suspended? %2 wakeupTime? %1 [UTC FILETIME].

Fields

Name	Description
`WakeupTime`	—
`IsValid`	—

Event ID 2168 — Toast Wakeup Timer has fired.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Toast Wakeup Timer has fired.

Event ID 2169 — The list of Polling apps in Package: %1 [PackageFamilyName] was requested.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

The list of Polling apps in Package: %1 [PackageFamilyName] was requested.

Fields

Name	Description
`PackageFamilyName`	—

Event ID 2170 — A Setting Sync was scheduled: %1 [PackageFamilyName] %2 [Collection ID].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A Setting Sync was scheduled: %1 [PackageFamilyName] %2 [Collection ID].

Fields

Name	Description
`PackageFamilyName`	—
`CollectionId`	—

Event ID 2171 — A call to the settings endpoint happened to unblock all channels for all types.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

A call to the settings endpoint happened to unblock all channels for all types.

Event ID 2200 — A channel request was not allowed because of global settings: %1 [PolicyLevel] %2 [AppUserModelId].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A channel request was not allowed because of global settings: %1 [PolicyLevel] %2 [AppUserModelId].

Fields

Name	Description
`RequestFlags`	—
`AppUserModelId`	—

Event ID 2201 — A channel request was not allowed because the application does not have the network capability: %1 [AppUserModelId].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A channel request was not allowed because the application does not have the network capability: %1 [AppUserModelId].

Fields

Name	Description
`AppUserModelId`	—

Event ID 2202 — A %2 notification with NotificationTrackingId %1 was dropped because appropriate privilege is not held.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A %2 notification with NotificationTrackingId %1 was dropped because appropriate privilege is not held. Please check out Mosh Debugger is running on your machine.

Fields

Name	Description
`TrackingId`	—
`NotificationType`	—

Event ID 2203 — A %3 notification with NotificationTrackingId %2 is being delivered to application %1.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A %3 notification with NotificationTrackingId %2 is being delivered to application %1.

Fields

Name	Description
`AppUserModelId`	—
`TrackingId`	—
`NotificationType`	—

Event ID 2250 — Notification channels associated with a package are able to receive raw notifications: [PackageFullName] %1.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Notification channels associated with a package are able to receive raw notifications: [PackageFullName] %1

Fields

Name	Description
`PackageFullName`	—

Event ID 2300 — The following application was added to the lock screen: %1 [PackageFullName] %2 [PackageRelativeApplicationId].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

The following application was added to the lock screen: %1 [PackageFullName] %2 [PackageRelativeApplicationId].

Fields

Name	Description
`PackageFullName`	—
`PackageRelativeApplicationId`	—

Event ID 2301 — The following application was removed from the lock screen: %1 [PackageFullName] %2 [PackageRelativeApplicationId].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

The following application was removed from the lock screen: %1 [PackageFullName] %2 [PackageRelativeApplicationId].

Fields

Name	Description
`PackageFullName`	—
`PackageRelativeApplicationId`	—

Event ID 2400 — System application was registered with the following paramaeters: %1 [PackageFullName] %2 [AppUserModelId] %3 [Settings] %5 [WNFEventName].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

System application was registered with the following paramaeters: %1 [PackageFullName] %2 [AppUserModelId] %3 [Settings] %5 [WNFEventName].

Fields

Name	Description
`PackageFullName`	—
`AppUserModelId`	—
`Capabilities`	—
`WNFEventNameLength`	—
`WNFEventName`	—

Event ID 2401 — System application was unregistered with the following parameters: %1 [AppUserModelId].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

System application was unregistered with the following parameters: %1 [AppUserModelId]

Fields

Name	Description
`AppUserModelId`	—

Event ID 2402 —

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Fields

Name	Description
`AppUserModelId`	—

Event ID 2403 —

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Fields

Name	Description
`AppUserModelId`	—

Event ID 2404 — Phone VoIP application was registered with the following parameters: %1 [AppUserModelId] %2 [PhoneVoipAgentId].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Phone VoIP application was registered with the following parameters: %1 [AppUserModelId] %2 [PhoneVoipAgentId].

Fields

Name	Description
`AppUserModelId`	—
`PhoneVoipAgentId`	—

Event ID 2405 — Phone VoIP application was unregistered with the following parameters: %1 [AppUserModelId].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Phone VoIP application was unregistered with the following parameters: %1 [AppUserModelId].

Fields

Name	Description
`AppUserModelId`	—

Event ID 2406 — The Windows Push Notification Platform has received a phone legacy channel request with the following parameters: %1 [PackageFullName] %2 [AppUserM...

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

The Windows Push Notification Platform has received a phone legacy channel request with the following parameters: %1 [PackageFullName] %2 [AppUserModelId] %3 [ChannelName] %4 [ServiceName].

Fields

Name	Description
`PackageFullName`	—
`AppUserModelId`	—
`ChannelName`	—
`ServiceName`	—

Event ID 2407 — PhoneLegacy push notification is being processed: ChannelId [.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

PhoneLegacy push notification is being processed: ChannelId [%1], NotificationType [%2], TrackingId [%3] AppId [%4]

Fields

Name	Description
`ChannelId`	—
`NotificationType`	—
`TrackingId`	—
`AppUserModelId`	—

Event ID 2408 — PhoneLegacy voip notification is being processed: ChannelId [.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

PhoneLegacy voip notification is being processed: ChannelId [%1], NotificationType [%2], TrackingId [%3] AppId [%4], PhoneVoipAgentId [%5]

Fields

Name	Description
`ChannelId`	—
`NotificationType`	—
`TrackingId`	—
`AppUserModelId`	—
`PhoneVoipAgentId`	—

Event ID 2409 — A connection status callback was added: %1 [AppUserModelId].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A connection status callback was added: %1 [AppUserModelId].

Fields

Name	Description
`AppUserModelId`	—

Event ID 2410 — A connection status callback was removed: %1 [AppUserModelId].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A connection status callback was removed: %1 [AppUserModelId].

Fields

Name	Description
`AppUserModelId`	—

Event ID 2411 — A connection status callback was updated: %1 [AppUserModelId].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A connection status callback was updated: %1 [AppUserModelId].

Fields

Name	Description
`AppUserModelId`	—

Event ID 2412 — A connection status was delivered to a callback: %1 [AppUserModelId] %2 [IsConnected] %3 [ErrorCode].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

A connection status was delivered to a callback: %1 [AppUserModelId] %2 [IsConnected] %3 [ErrorCode].

Fields

Name	Description
`AppUserModelId`	—
`IsConnected`	—
`ErrorCode`	—

Event ID 2413 — An application was registered with the following parameters: %1 [PackageFullName] %2 [AppUserModelId] %3 [Settings] %4 [AppType] %5 [ErrorCode].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational
Level: 4
Samples: 1

Message

An application was registered with the following parameters: %1 [PackageFullName] %2 [AppUserModelId] %3 [Settings] %4 [AppType] %5 [ErrorCode].

Fields

Name	Description
`PackageFullName`	An application was registered with the following parameters.
`AppUserModelId`	—
`AppSettings`	—
`AppType`	—
`ErrorCode`	—

Example Event

system:
  provider: Microsoft-Windows-PushNotifications-Platform
  guid: 88CD9180-4491-4640-B571-E3BEE2527943
  event_source_name: ''
  event_id: 2413
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 9223372036863164928
  time_created: '2023-11-06T01:42:41.646445+00:00'
  event_record_id: 2772
  correlation:
    ActivityID: E4DB489E-1037-0002-14D2-F0E43710DA01
  execution:
    process_id: 4304
    thread_id: 17760
  channel: Microsoft-Windows-PushNotification-Platform/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-21-1992711665-1655669231-58201500-1000
event_data:
  PackageFullName: SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0
  AppUserModelId: SpotifyAB.SpotifyMusic_zpdnekdrzrea0!Widget
  AppSettings: 67141376
  AppType: 268435456
  ErrorCode: 0
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 2414 — An application resgistration was updated with the following parameters: %1 [PackageFullName] %2 [AppUserModelId] %3 [Settings] %4 [AppType] %5 [Err...

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

An application resgistration was updated with the following parameters: %1 [PackageFullName] %2 [AppUserModelId] %3 [Settings] %4 [AppType] %5 [ErrorCode].

Fields

Name	Description
`PackageFullName`	—
`AppUserModelId`	—
`AppSettings`	—
`AppType`	—
`ErrorCode`	—

Event ID 2415 — An application was unregistered with the following parameters: %1 [AppUserModelId] %2 [ErrorCode].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational
Level: 4
Samples: 1

Message

An application was unregistered with the following parameters: %1 [AppUserModelId] %2 [ErrorCode]

Fields

Name	Description
`AppUserModelId`	An application was unregistered with the following parameters.
`ErrorCode`	—

Example Event

system:
  provider: Microsoft-Windows-PushNotifications-Platform
  guid: 88CD9180-4491-4640-B571-E3BEE2527943
  event_source_name: ''
  event_id: 2415
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 9223372036863164928
  time_created: '2023-11-05T22:35:45.133086+00:00'
  event_record_id: 2537
  correlation: {}
  execution:
    process_id: 4304
    thread_id: 4488
  channel: Microsoft-Windows-PushNotification-Platform/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-21-1992711665-1655669231-58201500-1000
event_data:
  AppUserModelId: Microsoft.SkyDrive.Desktop
  ErrorCode: 0
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 2416 —

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Fields

Name	Description
`AppUserModelId`	—
`NotificationId`	—

Event ID 2416 — A local notification was received from %1 [AppUserModelId] with a %2 [NotificationId] through an application endpoint.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

A local notification was received from %1 [AppUserModelId] with a %2 [NotificationId] through an application endpoint.

Fields

Name	Description
`AppUserModelId`	—
`NotificationId`	—

Event ID 2417 —

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Fields

Name	Description
`ErrorCode`	—

Event ID 2417 — A local notification failed to be submitted to threadpool: %1 [HResult].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

A local notification failed to be submitted to threadpool: %1 [HResult]

Fields

Name	Description
`ErrorCode`	—

Event ID 2418 —

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Fields

Name	Description
`AppUserModelId`	—
`NotificationType`	—
`TrackingId`	—
`NotificationSource`	—

Event ID 2418 — A local notification was submitted to threadpool: %1 [AppUserModelId] %2 [NotificationType] %3 [NotificationTrackingId] %4 [NotificationSource].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

A local notification was submitted to threadpool: %1 [AppUserModelId] %2 [NotificationType] %3 [NotificationTrackingId] %4 [NotificationSource].

Fields

Name	Description
`AppUserModelId`	—
`NotificationType`	—
`TrackingId`	—
`NotificationSource`	—

Event ID 2419 —

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Fields

Name	Description
`AppUserModelID`	—

Event ID 2419 — A raw notification has activated a system task: %1 [AppUserModelID].

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

A raw notification has activated a system task: %1 [AppUserModelID].

Fields

Name	Description
`AppUserModelID`	—

Event ID 3000 — Tile session creation is requested for %2 endpoint %1.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational
Level: 4
Samples: 1

Message

Tile session creation is requested for %2 endpoint %1.

Fields

Name	Description
`Object`	—
`ProcessName`	—

Example Event

system:
  provider: Microsoft-Windows-PushNotifications-Platform
  guid: 88CD9180-4491-4640-B571-E3BEE2527943
  event_source_name: ''
  event_id: 3000
  version: 0
  level: 4
  task: 1
  opcode: 1
  keywords: 9223372036854777856
  time_created: '2023-11-05T23:54:29.275475+00:00'
  event_record_id: 2733
  correlation: {}
  execution:
    process_id: 4304
    thread_id: 7872
  channel: Microsoft-Windows-PushNotification-Platform/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-21-1992711665-1655669231-58201500-1000
event_data:
  Object: '0x12fc9788eb8'
  ProcessName: C:\Windows\explorer.exe
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 3001 — Tile session creation is finished for %4 from endpoint %1 with result %3, and %2 is assigned as session id.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational
Level: 4
Samples: 1

Message

Tile session creation is finished for %4 from endpoint %1 with result %3, and %2 is assigned as session id. Queued Closes = %5, Queued Cleanups = %6

Fields

Name	Description
`Endpoint`	—
`SessionId`	—
`Error`	—
`ProcessName`	—
`QueuedTileCloses`	—
`QueuedTileCleanups`	—

Example Event

system:
  provider: Microsoft-Windows-PushNotifications-Platform
  guid: 88CD9180-4491-4640-B571-E3BEE2527943
  event_source_name: ''
  event_id: 3001
  version: 0
  level: 4
  task: 1
  opcode: 2
  keywords: 9223372036854777856
  time_created: '2023-11-05T23:54:29.275653+00:00'
  event_record_id: 2734
  correlation: {}
  execution:
    process_id: 4304
    thread_id: 7872
  channel: Microsoft-Windows-PushNotification-Platform/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-21-1992711665-1655669231-58201500-1000
event_data:
  Endpoint: '0x12fc9788eb8'
  SessionId: 5
  Error: 0
  ProcessName: C:\Windows\explorer.exe
  QueuedTileCloses: 0
  QueuedTileCleanups: 0
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 3002 — Tile session %1 is being updated.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Tile session %1 is being updated.

Fields

Name	Description
`SessionId`	—

Event ID 3003 — Tile session %1 is updated with error code %3.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Tile session %1 is updated with error code %3.

Fields

Name	Description
`SessionId`	—
`Count`	—
`Error`	—

Event ID 3004 — Tile session %1 is being closed.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational
Level: 4
Samples: 1

Message

Tile session %1 is being closed

Fields

Name	Description
`SessionId`	—

Example Event

system:
  provider: Microsoft-Windows-PushNotifications-Platform
  guid: 88CD9180-4491-4640-B571-E3BEE2527943
  event_source_name: ''
  event_id: 3004
  version: 0
  level: 4
  task: 3
  opcode: 1
  keywords: 9223372036854777856
  time_created: '2023-11-05T22:31:33.077911+00:00'
  event_record_id: 2370
  correlation:
    ActivityID: 59A0D65F-1037-0000-90E3-A0593710DA01
  execution:
    process_id: 4768
    thread_id: 6712
  channel: Microsoft-Windows-PushNotification-Platform/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-21-1992711665-1655669231-58201500-1000
event_data:
  SessionId: 3
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 3005 — Tile session %1 is closed with error code %2.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational
Level: 4
Samples: 1

Message

Tile session %1 is closed with error code %2.

Fields

Name	Description
`SessionId`	—
`Error`	—

Example Event

system:
  provider: Microsoft-Windows-PushNotifications-Platform
  guid: 88CD9180-4491-4640-B571-E3BEE2527943
  event_source_name: ''
  event_id: 3005
  version: 0
  level: 4
  task: 3
  opcode: 2
  keywords: 9223372036854777856
  time_created: '2023-11-05T22:31:33.077926+00:00'
  event_record_id: 2371
  correlation:
    ActivityID: 59A0D65F-1037-0000-90E3-A0593710DA01
  execution:
    process_id: 4768
    thread_id: 6712
  channel: Microsoft-Windows-PushNotification-Platform/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-21-1992711665-1655669231-58201500-1000
event_data:
  SessionId: 3
  Error: 0
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 3006 — Toast session creation is requested for %2 from endpoint %1.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational
Level: 4
Samples: 1

Message

Toast session creation is requested for %2 from endpoint %1.

Fields

Name	Description
`Object`	—
`ProcessName`	—

Example Event

system:
  provider: Microsoft-Windows-PushNotifications-Platform
  guid: 88CD9180-4491-4640-B571-E3BEE2527943
  event_source_name: ''
  event_id: 3006
  version: 0
  level: 4
  task: 4
  opcode: 1
  keywords: 9223372036854777856
  time_created: '2023-11-05T22:32:25.705153+00:00'
  event_record_id: 2392
  correlation:
    ActivityID: E4DB489E-1037-0002-1D4E-DBE43710DA01
  execution:
    process_id: 4304
    thread_id: 4488
  channel: Microsoft-Windows-PushNotification-Platform/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-21-1992711665-1655669231-58201500-1000
event_data:
  Object: '0x12fc8ff4f88'
  ProcessName: C:\Windows\System32\svchost.exe
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 3007 — Toast session creation is finished for %4 from endpoint %1 with result %3, and %2 is assigned as session id.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational
Level: 4
Samples: 1

Message

Toast session creation is finished for %4 from endpoint %1 with result %3, and %2 is assigned as session id.

Fields

Name	Description
`Endpoint`	—
`SessionId`	—
`Error`	—
`ProcessName`	—

Example Event

system:
  provider: Microsoft-Windows-PushNotifications-Platform
  guid: 88CD9180-4491-4640-B571-E3BEE2527943
  event_source_name: ''
  event_id: 3007
  version: 0
  level: 4
  task: 4
  opcode: 2
  keywords: 9223372036854777856
  time_created: '2023-11-05T22:32:25.705164+00:00'
  event_record_id: 2393
  correlation:
    ActivityID: E4DB489E-1037-0002-1D4E-DBE43710DA01
  execution:
    process_id: 4304
    thread_id: 4488
  channel: Microsoft-Windows-PushNotification-Platform/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-21-1992711665-1655669231-58201500-1000
event_data:
  Endpoint: '0x12fc8ff4f88'
  SessionId: 1
  Error: 0
  ProcessName: C:\Windows\System32\svchost.exe
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 3008 — Toast session %1 is being closed.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational
Level: 4
Samples: 1

Message

Toast session %1 is being closed

Fields

Name	Description
`SessionId`	—

Example Event

system:
  provider: Microsoft-Windows-PushNotifications-Platform
  guid: 88CD9180-4491-4640-B571-E3BEE2527943
  event_source_name: ''
  event_id: 3008
  version: 0
  level: 4
  task: 5
  opcode: 1
  keywords: 9223372036854777856
  time_created: '2023-11-05T22:31:33.570014+00:00'
  event_record_id: 2374
  correlation:
    ActivityID: 59A0D65F-1037-0000-90E3-A0593710DA01
  execution:
    process_id: 4768
    thread_id: 6712
  channel: Microsoft-Windows-PushNotification-Platform/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-21-1992711665-1655669231-58201500-1000
event_data:
  SessionId: 1
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 3009 — Toast session %1 is closed with error code %2.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational
Level: 4
Samples: 1

Message

Toast session %1 is closed with error code %2.

Fields

Name	Description
`SessionId`	—
`Error`	—

Example Event

system:
  provider: Microsoft-Windows-PushNotifications-Platform
  guid: 88CD9180-4491-4640-B571-E3BEE2527943
  event_source_name: ''
  event_id: 3009
  version: 0
  level: 4
  task: 5
  opcode: 2
  keywords: 9223372036854777856
  time_created: '2023-11-05T22:31:33.570027+00:00'
  event_record_id: 2375
  correlation:
    ActivityID: 59A0D65F-1037-0000-90E3-A0593710DA01
  execution:
    process_id: 4768
    thread_id: 6712
  channel: Microsoft-Windows-PushNotification-Platform/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-21-1992711665-1655669231-58201500-1000
event_data:
  SessionId: 1
  Error: 0
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 3010 — Started tracking Notification Request performance.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Started tracking Notification Request performance.

Event ID 3011 — Finished tracking Notification Request performance.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Finished tracking Notification Request performance.

Event ID 3012 — Toast with notification tracking id %1 is delivered to %2 on session %3.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Toast with notification tracking id %1 is delivered to %2 on session %3.

Fields

Name	Description
`TrackingId`	—
`AppUserModelId`	—
`SessionId`	—
`MessageId`	—

Event ID 3013 — %1 with notification tracking id %2 is delivered to %3.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

%1 with notification tracking id %2 is delivered to %3.

Fields

Name	Description
`NotificationType`	—
`TrackingId`	—
`AppUserModelId`	—
`SessionId`	—
`MessageId`	—
`ErrorCode`	—
`SessionErrorCode`	—

Event ID 3014 — Tile queue entry is created for %1.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Tile queue entry is created for %1.

Fields

Name	Description
`AppUserModelId`	—

Event ID 3015 — Tile notification id %2 for %1 is stored at %3 in queue.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Tile notification id %2 for %1 is stored at %3 in queue.

Fields

Name	Description
`AppUserModelId`	—
`NotificationId`	—
`QueueIndex`	—

Event ID 3016 — Tile notification id %2 overrided existing notification id %1.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Tile notification id %2 overrided existing notification id %1.

Fields

Name	Description
`OverridedNotificationId`	—
`OverridingNotificationId`	—

Event ID 3017 — This is a verbose debug event that dumps Tile Queue information.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

This is a verbose debug event that dumps Tile Queue information.

Fields

Name	Description
`AppUserModelId`	—
`SessionMask`	—
`Flag`	—
`UpdateIndex`	—
`KeystoneNotificationId`	—
`KeystoneFlag`	—
`Appspace`	—

Event ID 3018 — Badge notification id %2 is stored for %1.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Badge notification id %2 is stored for %1.

Fields

Name	Description
`AppUserModelId`	—
`TrackingId`	—

Event ID 3019 — Tile image request %1 has started.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Tile image request %1 has started.

Fields

Name	Description
`RequestId`	—
`RequestCountInHighPriority`	—
`RequestCountInMedPriority`	—
`RequestCountInLowPriority`	—

Event ID 3020 — Tile image request %1 has been canceled due to new request.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Tile image request %1 has been canceled due to new request.

Fields

Name	Description
`RequestId`	—

Event ID 3021 — Tile image request for notification %3 in %2 contains %4 URL.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Tile image request for notification %3 in %2 contains %4 URL.

Fields

Name	Description
`PriorityIndex`	—
`AppUserModelId`	—
`NotificationId`	—
`URLCount`	—
`Flag`	—

Event ID 3022 — Image download request is being processed for first time: resource id [.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Image download request is being processed for first time: resource id [%1],  URL [%2]

Fields

Name	Description
`ResourceId`	—
`URL`	—

Event ID 3023 — Image download is complete for a single URL: notification id [.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Image download is complete for a single URL: notification id [%1], resource id [%2], local path [%3], error code [%4], flags [%5]

Fields

Name	Description
`NotificationId`	—
`ResourceId`	—
`LocalPath`	—
`ErrorCode`	—
`Flag`	—

Event ID 3024 — Image download is complete for all URL with notification id [.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Image download is complete for all URL with notification id [%1]

Fields

Name	Description
`NotificationId`	—
`Flag`	—
`Count`	—
`URLComplete`	—

Event ID 3025 — Processing initial batch on Image request for toast: AppUserModelId [.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Processing initial batch on Image request for toast: AppUserModelId [%1], Notification Id [%2], UrlCount [%3], Flags [%4]

Fields

Name	Description
`AppUserModelId`	—
`NotificationId`	—
`URLCount`	—
`Flag`	—

Event ID 3026 — Processing Toast Image request URL: Resource Id [.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Processing Toast Image request URL: Resource Id [%1], URL [%2]

Fields

Name	Description
`ResourceId`	—
`URL`	—

Event ID 3027 — Scheduling Image Download Task: [Slot Index] %1, [Notification Id] %2, [Priority] %3, [IsTile] %4, [URL] %5.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Scheduling Image Download Task: [Slot Index] %1, [Notification Id] %2, [Priority] %3, [IsTile] %4, [URL] %5

Fields

Name	Description
`SlotIndex`	—
`NotificationId`	—
`BITSPriority`	—
`IsTile`	—
`URL`	—

Event ID 3028 — Completed Image Download Task: [Notification Id] %1, [IsTile] %2, [Path] %3.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Completed Image Download Task: [Notification Id] %1, [IsTile] %2, [Path] %3

Fields

Name	Description
`NotificationId`	—
`IsTile`	—
`Path`	—

Event ID 3029 — Download image has failed: [Notification Id] %1 [Tile] %2 [ErrorCode] %3 [URL] %4.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Download image has failed: [Notification Id] %1 [Tile] %2 [ErrorCode] %3 [URL] %4

Fields

Name	Description
`NotificationId`	—
`IsTile`	—
`ErrorCode`	—
`URL`	—

Event ID 3030 — Image resource is being processed.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Image resource is being processed.

Event ID 3031 — Image resource has been processed.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Image resource has been processed.

Event ID 3032 — Clearing all tile notifiction is being processed.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Clearing all tile notifiction is being processed.

Event ID 3033 — Clearing all tile notifiction has been processed.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Clearing all tile notifiction has been processed.

Event ID 3034 — Clearing all images is being processed.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Clearing all images is being processed.

Event ID 3035 — Clearing all images has been processed.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Clearing all images has been processed.

Event ID 3036 — Image Download Manager policy is changed to %1.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Image Download Manager policy is changed to %1.

Fields

Name	Description
`IDM_Enabled`	—

Event ID 3037 — Detail event for tile session %1 update.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Detail event for tile session %1 update.

Fields

Name	Description
`SessionId`	—
`Count`	—
`UpdateControl`	—

Event ID 3038 — Detail event at start of Notification Request performance tracking.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Detail event at start of Notification Request performance tracking.

Fields

Name	Description
`Count`	—
`RequestControl`	—

Event ID 3039 — Image Download Manager drop request due to newer request arrival.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Image Download Manager drop request due to newer request arrival.

Event ID 3040 — Downloading image has failed because protocol is not supported: URL [.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Downloading image has failed because protocol is not supported: URL [%1]

Fields

Name	Description
`URL`	—

Event ID 3041 — Downloading image has failed because downloaded image it too big over maximum 150KB: URL [.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Downloading image has failed because downloaded image it too big over maximum 150KB: URL [%1]

Fields

Name	Description
`URL`	—

Event ID 3042 — Downloading image has failed because downloaded image is empty: URL [.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Downloading image has failed because downloaded image is empty: URL [%1]

Fields

Name	Description
`URL`	—

Event ID 3043 — The new tile notification was found to be a duplicate of a previous notification: new notification id [.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

The new tile notification was found to be a duplicate of a previous notification: new notification id [%1], previous notification id [%2]

Fields

Name	Description
`NewNotificationId`	—
`OldNotificationId`	—

Event ID 3044 — The new badge notification was found to be a duplicate of a previous notification: new notification id [.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

The new badge notification was found to be a duplicate of a previous notification: new notification id [%1], previous notification id [%2]

Fields

Name	Description
`NewNotificationId`	—
`OldNotificationId`	—

Event ID 3045 — Started tracking Toast Notification Request performance.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Started tracking Toast Notification Request performance.

Event ID 3046 — Finished tracking Toast Notification Request performance.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Finished tracking Toast Notification Request performance.

Event ID 3047 — The new tile flyout notification was found to be a duplicate of a previous notification: new notification id [.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

The new tile flyout notification was found to be a duplicate of a previous notification: new notification id [%1], previous notification id [%2]

Fields

Name	Description
`NewNotificationId`	—
`OldNotificationId`	—

Event ID 3048 — Badge notification id %2 is stored for %1.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Badge notification id %2 is stored for %1.

Fields

Name	Description
`AppUserModelId`	—
`TrackingId`	—

Event ID 3049 — Endpoint %1 is being cleanedup.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational
Level: 4
Samples: 1

Message

Endpoint %1 is being cleanedup

Fields

Name	Description
`Object`	—

Example Event

system:
  provider: Microsoft-Windows-PushNotifications-Platform
  guid: 88CD9180-4491-4640-B571-E3BEE2527943
  event_source_name: ''
  event_id: 3049
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 9223372036854777856
  time_created: '2023-11-05T23:53:35.736084+00:00'
  event_record_id: 2728
  correlation: {}
  execution:
    process_id: 4304
    thread_id: 7872
  channel: Microsoft-Windows-PushNotification-Platform/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-21-1992711665-1655669231-58201500-1000
event_data:
  Object: '0x12fc974a468'
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 3050 — Toast notification id %2 for %1 is stored at %3 in queue.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Toast notification id %2 for %1 is stored at %3 in queue.

Fields

Name	Description
`AppUserModelId`	—
`NotificationId`	—
`QueueIndex`	—

Event ID 3051 — Toast notification id %2 overrided existing notification id %1.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Toast notification id %2 overrided existing notification id %1.

Fields

Name	Description
`OverridedNotificationId`	—
`OverridingNotificationId`	—

Event ID 3052 — Toast with notification tracking id %1 is being delivered to %2 on session %3.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational
Level: 4
Samples: 1

Message

Toast with notification tracking id %1 is being delivered to %2 on session %3.

Fields

Name	Description
`TrackingId`	—
`AppUserModelId`	—
`SessionId`	—
`MessageId`	—

Example Event

system:
  provider: Microsoft-Windows-PushNotifications-Platform
  guid: 88CD9180-4491-4640-B571-E3BEE2527943
  event_source_name: ''
  event_id: 3052
  version: 0
  level: 4
  task: 10
  opcode: 1
  keywords: 9223372039010650115
  time_created: '2023-11-05T23:08:15.563064+00:00'
  event_record_id: 2631
  correlation:
    ActivityID: E4DB489E-1037-0002-1D4E-DBE43710DA01
  execution:
    process_id: 4304
    thread_id: 2676
  channel: Microsoft-Windows-PushNotification-Platform/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-21-1992711665-1655669231-58201500-1000
event_data:
  TrackingId: 2
  AppUserModelId: Windows.SystemToast.StartupApp
  SessionId: 1
  MessageId: 84982492-82D7-4F7D-B9DA-5695C011C30E
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 3053 — %1 with notification tracking id %2 is being delivered to %3.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

%1 with notification tracking id %2 is being delivered to %3.

Fields

Name	Description
`NotificationType`	—
`TrackingId`	—
`AppUserModelId`	—
`SessionId`	—
`MessageId`	—

Event ID 3054 — Toast with notification tracking id %1 is canceled by %2 - informed session %3.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

Toast with notification tracking id %1 is canceled by %2 - informed session %3.

Fields

Name	Description
`TrackingId`	—
`AppUserModelId`	—
`SessionId`	—

Event ID 3055 — Some toast notifications have been cleared - informed session %1.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational
Level: 4
Samples: 1

Message

Some toast notifications have been cleared - informed session %1.

Fields

Name	Description
`SessionId`	—

Example Event

system:
  provider: Microsoft-Windows-PushNotifications-Platform
  guid: 88CD9180-4491-4640-B571-E3BEE2527943
  event_source_name: ''
  event_id: 3055
  version: 0
  level: 4
  task: 23
  opcode: 0
  keywords: 9223372039564789760
  time_created: '2023-11-05T23:08:15.715873+00:00'
  event_record_id: 2632
  correlation:
    ActivityID: E4DB489E-1037-0002-1D4E-DBE43710DA01
  execution:
    process_id: 4304
    thread_id: 3760
  channel: Microsoft-Windows-PushNotification-Platform/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-21-1992711665-1655669231-58201500-1000
event_data:
  SessionId: 1
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 3056 — %1 are being cleared for %2 - informed session %3.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational
Level: 4
Samples: 1

Message

%1 are being cleared for %2 - informed session %3.

Fields

Name	Description
`NotificationType`	—
`AppUserModelId`	—
`SessionId`	—
`ErrorCode`	—
`SessionErrorCode`	—

Example Event

system:
  provider: Microsoft-Windows-PushNotifications-Platform
  guid: 88CD9180-4491-4640-B571-E3BEE2527943
  event_source_name: ''
  event_id: 3056
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 9223372039564789760
  time_created: '2023-11-05T22:35:45.134029+00:00'
  event_record_id: 2538
  correlation:
    ActivityID: E4DB489E-1037-0002-1D4E-DBE43710DA01
  execution:
    process_id: 4304
    thread_id: 7884
  channel: Microsoft-Windows-PushNotification-Platform/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-21-1992711665-1655669231-58201500-1000
event_data:
  NotificationType: 2
  AppUserModelId: Microsoft.SkyDrive.Desktop
  SessionId: 2
  ErrorCode: 0
  SessionErrorCode: 0
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 3057 — Presentation Endpoint received a call to close session %1.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational
Level: 4
Samples: 1

Message

Presentation Endpoint received a call to close session %1.

Fields

Name	Description
`SessionId`	—

Example Event

system:
  provider: Microsoft-Windows-PushNotifications-Platform
  guid: 88CD9180-4491-4640-B571-E3BEE2527943
  event_source_name: ''
  event_id: 3057
  version: 0
  level: 4
  task: 3
  opcode: 1
  keywords: 9223372036854777856
  time_created: '2023-11-05T22:31:33.077802+00:00'
  event_record_id: 2368
  correlation: {}
  execution:
    process_id: 4768
    thread_id: 5408
  channel: Microsoft-Windows-PushNotification-Platform/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-21-1992711665-1655669231-58201500-1000
event_data:
  SessionId: 3
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 3058 — Presentation Endpoint ended a call to close session %1.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational
Level: 4
Samples: 1

Message

Presentation Endpoint ended a call to close session %1.

Fields

Name	Description
`SessionId`	—

Example Event

system:
  provider: Microsoft-Windows-PushNotifications-Platform
  guid: 88CD9180-4491-4640-B571-E3BEE2527943
  event_source_name: ''
  event_id: 3058
  version: 0
  level: 4
  task: 3
  opcode: 2
  keywords: 9223372036854777856
  time_created: '2023-11-05T22:31:33.077872+00:00'
  event_record_id: 2369
  correlation: {}
  execution:
    process_id: 4768
    thread_id: 5408
  channel: Microsoft-Windows-PushNotification-Platform/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-21-1992711665-1655669231-58201500-1000
event_data:
  SessionId: 3
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 3100 — Started tracking Clear Toast Notification performance.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Started tracking Clear Toast Notification performance.

Event ID 3101 — Finished tracking Clear Toast Notification performance.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Finished tracking Clear Toast Notification performance.

Event ID 3102 — Started tracking Clear Toast Notifications performance.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Started tracking Clear Toast Notifications performance.

Event ID 3103 — Finished tracking Clear Toast Notifications performance.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Finished tracking Clear Toast Notifications performance.

Event ID 3104 — Toast with notification id [.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Toast with notification id [%1] has expired and will be removed from the queue.

Fields

Name	Description
`TrackingId`	—

Event ID 3105 — Started tracking Remove Toast Notifications performance.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Started tracking Remove Toast Notifications performance.

Event ID 3106 — Finished tracking Remove Toast Notifications performance.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Finished tracking Remove Toast Notifications performance.

Event ID 3107 — Processing of push notification has failed: ChannelId [.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Processing of Push Notification has failed: ChannelId [%1], NotificationType [%2], TrackingId [%3] AppId [%4] ErrorCode [%5]

Fields

Name	Description
`ChannelId`	—
`NotificationType`	—
`TrackingId`	—
`AppUserModelId`	—
`ErrorCode`	—

Event ID 3108 — Started tracking Clear Toast Notification Rollover performance.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Started tracking Clear Toast Notification Rollover performance.

Event ID 3109 — Finished tracking Clear Toast Notification Rollover performance.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Finished tracking Clear Toast Notification Rollover performance.

Event ID 3110 — Toast Notification Forwarding Global Settings: isFwToCdpEnabled = %1 isMirrorMasterSwitchEnabled = %2 MirroringDisabled = %3.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

Toast Notification Forwarding Global Settings: isFwToCdpEnabled = %1 isMirrorMasterSwitchEnabled = %2 MirroringDisabled = %3

Fields

Name	Description
`IsFwdToCdpEnabled`	—
`IsMirrorMasterSwitchEnabled`	—
`MirroringEnabled`	—

Event ID 3111 — Start Toast Notification Forwarding activity

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

Start Toast Notification Forwarding activity

Event ID 3112 — Stop Toast Notification Forwarding activity

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

Stop Toast Notification Forwarding activity

Event ID 3113 — Toast Notification Forwarding Local Settings: isDeveloperAppMirroringEnabled = %1 isMirrorMasterSwitchEnabled = %2 isGroupPolicyEnabled = %3.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

Toast Notification Forwarding Local Settings: isDeveloperAppMirroringEnabled = %1 isMirrorMasterSwitchEnabled = %2 isGroupPolicyEnabled = %3

Fields

Name	Description
`IsFwdToCdpEnabled`	—
`IsMirrorMasterSwitchEnabled`	—
`IsGPEnabled`	—

Event ID 3114 — Start Toast Notification Forwarding Do Forward To AFC

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

Start Toast Notification Forwarding Do Forward To AFC

Event ID 3115 — Stop Toast Notification Forwarding Do Forward To AFC

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

Stop Toast Notification Forwarding Do Forward To AFC

Event ID 3116 — Start Toast Notification Forwarding Make Activity from Notification

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

Start Toast Notification Forwarding Make Activity from Notification

Event ID 3117 — Stop Toast Notification Forwarding Make Activity from Notification

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

Stop Toast Notification Forwarding Make Activity from Notification

Event ID 3118 — Toast Notification Forwarding Finished Decorating Payload

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

Toast Notification Forwarding Finished Decorating Payload

Event ID 3119 — Toast Notification Forwarding Finished Loading Payload onto Activity

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

Toast Notification Forwarding Finished Loading Payload onto Activity

Event ID 3120 — Toast Notification Forwarding Finished setting attributes onto activity

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

Toast Notification Forwarding Finished setting attributes onto activity

Event ID 3121 — Start Toast Notification Forwarding Asset Resolution

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

Start Toast Notification Forwarding Asset Resolution

Event ID 3122 — Toast Notification Forwarding Asset Resolution Successful

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

Toast Notification Forwarding Asset Resolution Successful

Event ID 3123 — Toast Notification Forwarding Making Activity TrackingId = %1 AppUserModelId = %2.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

Toast Notification Forwarding Making Activity TrackingId = %1 AppUserModelId = %2

Fields

Name	Description
`TrackingId`	—
`AppUserModelId`	—

Event ID 3124 — Toast Notification Forwarding Published Activity with Result = %1.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

Toast Notification Forwarding Published Activity with Result = %1

Fields

Name	Description
`ErrorCode`	—

Event ID 3125 —

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

%1

Fields

Name	Description
`VerboseLog`	—

Event ID 3126 — Sync Dismiss: Dismiss Activities for App Start

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

Sync Dismiss: Dismiss Activities for App Start

Event ID 3127 — Sync Dismiss: Dismiss Activities for App Stop

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

Sync Dismiss: Dismiss Activities for App Stop

Event ID 3128 — Sync Dismiss: Dismiss Activities Start

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

Sync Dismiss: Dismiss Activities Start

Event ID 3129 — Sync Dismiss: Dismiss Activities Stop

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

Sync Dismiss: Dismiss Activities Stop

Event ID 3130 — Sync Dismiss: Dismiss Activities Start

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

Sync Dismiss: Dismiss Activities Start

Event ID 3131 — Sync Dismiss: Dismiss Activities Stop

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

Sync Dismiss: Dismiss Activities Stop

Event ID 3132 — Sync Dismiss: Remove Notification using Activity Start

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

Sync Dismiss: Remove Notification using Activity Start

Event ID 3133 — Sync Dismiss: Remove Notification using Activity Stop

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

Sync Dismiss: Remove Notification using Activity Stop

Event ID 3134 — Sync Dismiss: Get Activities Start

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

Sync Dismiss: Get Activities Start

Event ID 3135 — Sync Dismiss: Get Activities Stop

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

Sync Dismiss: Get Activities Stop

Event ID 3136 — Sync Dismiss: CDPGetPlatformDeviceId Start

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

Sync Dismiss: CDPGetPlatformDeviceId Start

Event ID 3137 — Sync Dismiss: CDPGetPlatformDeviceId Stop

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

Sync Dismiss: CDPGetPlatformDeviceId Stop

Event ID 3138 —

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

%1

Fields

Name	Description
`VerboseLog`	—

Event ID 3139 — Sync Dismiss Removed Activity with Result = %1.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

Sync Dismiss Removed Activity with Result = %1

Fields

Name	Description
`ErrorCode`	—

Event ID 3140 — Sync Dismiss Removed Notification with Result = %1.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

Sync Dismiss Removed Notification with Result = %1

Fields

Name	Description
`ErrorCode`	—

Event ID 3141 — SyncDismissRemoveNotificationUsingActivityParams: MatchOnNotificationId = %1 NotificationId = %2 ActivityId = %3.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

SyncDismissRemoveNotificationUsingActivityParams: MatchOnNotificationId = %1 NotificationId = %2 ActivityId = %3

Fields

Name	Description
`MatchOnNotificationId`	—
`NotificationId`	—
`ActivityId`	—

Event ID 3142 — Sync Dismiss: Matched Activity using Notification!

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

Sync Dismiss: Matched Activity using Notification!

Event ID 3143 — Sync Dismiss: Matched Notification using Activity!

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

Sync Dismiss: Matched Notification using Activity!

Event ID 3144 — Received WNF_CDP_CDPUSERSVC_READY

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

Received WNF_CDP_CDPUSERSVC_READY

Event ID 3145 — [Sqlite][Informational] Status.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

[Sqlite][Informational] Status: %1. Message: %2

Fields

Name	Description
`SqliteInformational_Status`	[Sqlite][Informational] Status.
`Message`	—
`Error`	—

Event ID 3146 — [Sqlite][Warning] Status.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

[Sqlite][Warning] Status: %1. Message: %2

Fields

Name	Description
`SqliteWarning_Status`	[Sqlite][Warning] Status.
`Message`	—
`Error`	—

Event ID 3147 — [Sqlite][Error] Status.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

[Sqlite][Error] Status: %1. Message: %2

Fields

Name	Description
`SqliteError_Status`	[Sqlite][Error] Status.
`Message`	—
`Error`	—

Event ID 3148 — [Sqlite][Other] Status.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

[Sqlite][Other] Status: %1. Message: %2

Fields

Name	Description
`SqliteOther_Status`	[Sqlite][Other] Status.
`Message`	—
`Error`	—

Event ID 3149 —

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Fields

Name	Description
`ChannelId`	—
`NotificationType`	—
`TrackingId`	—
`AppUserModelId`	—
`MessageId`	—
`PolicyReason`	—
`ErrorCode`	—

Event ID 3149 — Processing of Push Notification has succeeded: ChannelId [.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Processing of Push Notification has succeeded: ChannelId [%1], NotificationType [%2], TrackingId [%3] AppId [%4]  MessageId [%5] PolicyReason [%6] HResult [%7]

Fields

Name	Description
`ChannelId`	—
`NotificationType`	—
`TrackingId`	—
`AppUserModelId`	—
`MessageId`	—
`PolicyReason`	—
`ErrorCode`	—

Event ID 3150 —

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Fields

Name	Description
`NotificationType`	—
`TrackingId`	—
`AppUserModelId`	—
`PolicyReason`	—
`ErrorCode`	—

Event ID 3150 — Processing of Local Notification has failed: NotificationType [.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

Processing of Local Notification has failed: NotificationType [%1], TrackingId [%2] AppId [%3] PolicyReason [%4] HResult [%5]

Fields

Name	Description
`NotificationType`	—
`TrackingId`	—
`AppUserModelId`	—
`PolicyReason`	—
`ErrorCode`	—

Event ID 3151 —

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Fields

Name	Description
`NotificationType`	—
`TrackingId`	—
`AppUserModelId`	—
`PolicyReason`	—
`ErrorCode`	—

Event ID 3151 — Processing of Local Notification has succeeded: NotificationType [.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Processing of Local Notification has succeeded: NotificationType [%1], TrackingId [%2] AppId [%3] PolicyReason [%4] HResult [%5]

Fields

Name	Description
`NotificationType`	—
`TrackingId`	—
`AppUserModelId`	—
`PolicyReason`	—
`ErrorCode`	—

Event ID 3152 —

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Fields

Name	Description
`ChannelId`	—
`NotificationType`	—
`TrackingId`	—
`AppUserModelId`	—
`PolicyReason`	—
`ErrorCode`	—

Event ID 3152 — Processing of Push Notification has failed: ChannelId [.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

Processing of Push Notification has failed: ChannelId [%1], NotificationType [%2], TrackingId [%3] AppId [%4], PolicyReason [%5] ErrorCode [%6]

Fields

Name	Description
`ChannelId`	—
`NotificationType`	—
`TrackingId`	—
`AppUserModelId`	—
`PolicyReason`	—
`ErrorCode`	—

Event ID 3153 —

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Fields

Name	Description
`TrackingId`	—
`AppUserModelId`	—
`SessionId`	—
`MessageId`	—

Event ID 3153 — Toast with notification tracking id %1 is delivered to %2 on session %3.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

Toast with notification tracking id %1 is delivered to %2 on session %3.

Fields

Name	Description
`TrackingId`	—
`AppUserModelId`	—
`SessionId`	—
`MessageId`	—

Event ID 3154 —

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Fields

Name	Description
`TrackingId`	—

Event ID 3154 — Processing and publishing of Resume Notification has succeeded: TrackingId [.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Processing and publishing of Resume Notification has succeeded: TrackingId [%1]

Fields

Name	Description
`TrackingId`	—

Event ID 3155 —

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Fields

Name	Description
`TrackingId`	—
`Location`	—
`ErrorCode`	—

Event ID 3155 — Processing and publishing of Resume Notification has failed: TrackingId [.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

Processing and publishing of Resume Notification has failed: TrackingId [%1], Location [%2], ErrorCode [%3]

Fields

Name	Description
`TrackingId`	—
`Location`	—
`ErrorCode`	—

Event ID 3156 —

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Fields

Name	Description
`TrackingId`	—

Event ID 3156 — Processing of Resume Response has succeeded: TrackingId [.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

Processing of Resume Response has succeeded: TrackingId [%1]

Fields

Name	Description
`TrackingId`	—

Event ID 3157 —

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Fields

Name	Description
`TrackingId`	—
`Location`	—
`ErrorCode`	—

Event ID 3157 — Processing of Resume Response has failed: TrackingId [.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Operational

Message

Processing of Resume Response has failed: TrackingId [%1], Location [%2], ErrorCode [%3]

Fields

Name	Description
`TrackingId`	—
`Location`	—
`ErrorCode`	—

Event ID 10000 — DebugTrace.

Provider: Microsoft-Windows-PushNotifications-Platform
Channel: Debug

Message

DebugTrace: %1

Fields

Name	Description
`DebugTrace`	—
`debugString`	—