Message

Entering function %1

Fields

Message

Leaving function %1

Fields

Message

Application will terminate, a critical error was detected in %1 Line %2 Function %3

Fields

Message

Hit exception block of code at %1 Line %2 in function %3

Fields

Message

Branching on Line:%2 File:%1 with the string %3

Fields

Message

Switching on Line:%2 File:%1 with the value %3

Fields

Message

Entering conditional block at Line:%1 File:%2

Fields

Message

Exiting conditional block at Line:%1 File:%2

Fields

Message

There was a problem interacting with COM object %1.  An outdated version might be installed, or the component might not be installed at all.

Fields

Message

A user tried to use Remote Assistance and send an invitation for help through their default email client, but Remote Assistance failed to successfully send the invitation.  It is possible the email client configured as the default client does not support SMAPI calls, or that the email client is improperly configured.  It is also possible that the user closed the email client without sending the message.

Message

A user opened a Remote Assistance invitation, but the invitation was closed due to too many bad password attempts to connect to the machine.

Message

A user tried to use Remote Assistance, group policy requires a session log to be maintained, and a session log couldn't be created.  Remote Assistance was terminated.  Check the disk to see if there are problems with the disk or if it is full.

Message

Remote Assistance started with:    %1    as the command line parameters.

Fields

Message

A Remote Assistance Invitation was successfully opened.

Message

An RDP connection was successfully made.

Message

The Remote Assistance password was verified.  The Remote Assistance session has begun.

Message

The Remote Assistance password provided was incorrect.  The RDP session was terminated, IP address of the connecting machine is %1

Fields

Message

The Remote Assistance session was disconnected remotely.

Message

The Remote Assistance session was disconnected locally.

Message

The Remote Assistance invitation was closed, any information concerning it given out is now invalid.

Message

The helper is sharing control.

Message

The helper can now view the screen.

Message

Remote Assistance detected that it didn't restore the background and screen settings before shutting down.  An attempt was made to restore these settings.

Message

The time limit of offered invitations has been reached.

Message

User setting value currently applied is %1

Fields

Message

The system or GP settings do not allow an Remote Assistance invitation to be created.  This action has been blocked by the application.

Message

The system or GP settings do not allow a helper to share control.  This action has been blocked by the application.

Message

The Windows firewall has been checked and it appears that it is configured so that it will stop Remote Assistance from working.

Message

The error message:    %1    has been shown to the user.

Fields

Message

Remote Assistance has ended.

Message

Remote Assistance COM server has started.

Example Event

system:
  provider: Microsoft-Windows-RemoteAssistance
  guid: 5B0A651A-8807-45CC-9656-7579815B6AF0
  event_source_name: ''
  event_id: 31
  version: 0
  level: 5
  task: 0
  opcode: 0
  keywords: 9223372036854775808
  time_created: '2023-11-05T23:50:13.780543+00:00'
  event_record_id: 41
  correlation: {}
  execution:
    process_id: 11236
    thread_id: 9452
  channel: Microsoft-Windows-RemoteAssistance/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-18
event_data: {}
message: ''

References

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Message

Remote Assistance COM server has ended.

Example Event

system:
  provider: Microsoft-Windows-RemoteAssistance
  guid: 5B0A651A-8807-45CC-9656-7579815B6AF0
  event_source_name: ''
  event_id: 32
  version: 0
  level: 5
  task: 0
  opcode: 0
  keywords: 9223372036854775808
  time_created: '2023-11-05T23:50:13.791029+00:00'
  event_record_id: 42
  correlation: {}
  execution:
    process_id: 11236
    thread_id: 9452
  channel: Microsoft-Windows-RemoteAssistance/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-18
event_data: {}
message: ''

References

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Message

The Remote Assistance ticket contained the following IP addresses: %1

Fields

Message

A PNRP Node was created at the following address: %1

Fields

Message

The following PNRP clouds were detected: %1

Fields

Message

A PNRP Node was released at the following address: %1

Fields

Message

Started looking for PNRP node with the following address: %1

Fields

Message

Stopped looking for PNRP node, address: %1

Fields

Message

There was a problem interacting with the PNRP service.  This component might not be installed correctly. The error code received was: %1

Fields

Message

Diagnosis Repro Attempt resulted in a success.

Message

Diagnosis Repro Attempt resulted in a failure.

Message

Current time on NTP Server: %1

Fields

Message

Remote Assistance troubleshooting rejected problem %1.

Fields

Message

Remote Assistance troubleshooting has confirmed the problem: %1.

Fields

Message

Remote Assistance troubleshooting is starting to repair the identified problem: %1.

Fields

Message

Remote Assistance troubleshooting successfully repaired the problem: %1.

Fields

Message

Remote Assistance troubleshooting failed to repair the problem: %1.

Fields

Message

Remote OS Type : %1.

Fields

Message

Remote Assistance connection attempt failed with error code: %1.

Fields

Message

Remote Assistance reproduced the problem and created following ticket to verify the problem: %1.

Fields