Description

Entering function FuncName.

Message #

Entering function %1

Fields #

Description

Leaving function FuncName.

Message #

Leaving function %1

Fields #

Description

Application will terminate, a critical error was detected in file Line line Function function.

Message #

Application will terminate, a critical error was detected in %1 Line %2 Function %3

Fields #

Description

Hit exception block of code at file Line line in function function.

Message #

Hit exception block of code at %1 Line %2 in function %3

Fields #

Description

Branching on Line:line File:file with the string Condition.

Message #

Branching on Line:%2 File:%1 with the string %3

Fields #

Description

Switching on Line:line File:file with the value Condition.

Message #

Switching on Line:%2 File:%1 with the value %3

Fields #

Description

Entering conditional block at Line:Entering_conditional_block_at_Line File:File.

Message #

Entering conditional block at Line:%1 File:%2

Fields #

Description

Exiting conditional block at Line:Exiting_conditional_block_at_Line File:File.

Message #

Exiting conditional block at Line:%1 File:%2

Fields #

Description

There was a problem interacting with COM object FuncName. An outdated version might be installed, or the component might not be installed at all.

Message #

There was a problem interacting with COM object %1.  An outdated version might be installed, or the component might not be installed at all.

Fields #

Message #

A user tried to use Remote Assistance and send an invitation for help through their default email client, but Remote Assistance failed to successfully send the invitation.  It is possible the email client configured as the default client does not support SMAPI calls, or that the email client is improperly configured.  It is also possible that the user closed the email client without sending the message.

Description

A user opened a Remote Assistance invitation, but the invitation was closed due to too many bad password attempts to connect to the machine.

Message #

A user opened a Remote Assistance invitation, but the invitation was closed due to too many bad password attempts to connect to the machine.

Message #

A user tried to use Remote Assistance, group policy requires a session log to be maintained, and a session log couldn't be created.  Remote Assistance was terminated.  Check the disk to see if there are problems with the disk or if it is full.

Description

Remote Assistance started with: FuncName as the command line parameters.

Message #

Remote Assistance started with: %1    as the command line parameters.

Fields #

Description

A Remote Assistance Invitation was successfully opened.

Message #

A Remote Assistance Invitation was successfully opened.

Description

An RDP connection was successfully made.

Message #

An RDP connection was successfully made.

Description

The Remote Assistance password was verified. The Remote Assistance session has begun.

Message #

The Remote Assistance password was verified.  The Remote Assistance session has begun.

Description

The Remote Assistance password provided was incorrect. The RDP session was terminated, IP address of the connecting machine is FuncName.

Message #

The Remote Assistance password provided was incorrect.  The RDP session was terminated, IP address of the connecting machine is %1

Fields #

Description

The Remote Assistance session was disconnected remotely.

Message #

The Remote Assistance session was disconnected remotely.

Description

The Remote Assistance session was disconnected locally.

Message #

The Remote Assistance session was disconnected locally.

Description

The Remote Assistance invitation was closed, any information concerning it given out is now invalid.

Message #

The Remote Assistance invitation was closed, any information concerning it given out is now invalid.

Description

The helper is sharing control.

Message #

The helper is sharing control.

Description

The helper can now view the screen.

Message #

The helper can now view the screen.

Description

Remote Assistance detected that it didn't restore the background and screen settings before shutting down. An attempt was made to restore these settings.

Message #

Remote Assistance detected that it didn't restore the background and screen settings before shutting down.  An attempt was made to restore these settings.

Description

The time limit of offered invitations has been reached.

Message #

The time limit of offered invitations has been reached.

Description

User setting value currently applied is Code.

Message #

User setting value currently applied is %1

Fields #

Description

The system or GP settings do not allow an Remote Assistance invitation to be created. This action has been blocked by the application.

Message #

The system or GP settings do not allow an Remote Assistance invitation to be created.  This action has been blocked by the application.

Description

The system or GP settings do not allow a helper to share control. This action has been blocked by the application.

Message #

The system or GP settings do not allow a helper to share control.  This action has been blocked by the application.

Description

The Windows firewall has been checked and it appears that it is configured so that it will stop Remote Assistance from working.

Message #

The Windows firewall has been checked and it appears that it is configured so that it will stop Remote Assistance from working.

Description

The error message: FuncName has been shown to the user.

Message #

The error message: %1    has been shown to the user.

Fields #

Description

Remote Assistance has ended.

Message #

Remote Assistance has ended.

Description

Remote Assistance COM server has started.

Message #

Remote Assistance COM server has started.

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-RemoteAssistance",
    "guid": "5B0A651A-8807-45CC-9656-7579815B6AF0",
    "event_source_name": "",
    "event_id": 31,
    "version": 0,
    "level": 5,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2023-11-05T23:50:13.780543+00:00",
    "event_record_id": 41,
    "correlation": {},
    "execution": {
      "process_id": 11236,
      "thread_id": 9452
    },
    "channel": "Microsoft-Windows-RemoteAssistance/Operational",
    "computer": "WinDev2310Eval",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {},
  "message": ""
}

References #

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Description

Remote Assistance COM server has ended.

Message #

Remote Assistance COM server has ended.

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-RemoteAssistance",
    "guid": "5B0A651A-8807-45CC-9656-7579815B6AF0",
    "event_source_name": "",
    "event_id": 32,
    "version": 0,
    "level": 5,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2023-11-05T23:50:13.791029+00:00",
    "event_record_id": 42,
    "correlation": {},
    "execution": {
      "process_id": 11236,
      "thread_id": 9452
    },
    "channel": "Microsoft-Windows-RemoteAssistance/Operational",
    "computer": "WinDev2310Eval",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {},
  "message": ""
}

References #

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Description

The Remote Assistance ticket contained the following IP addresses: FuncName.

Message #

The Remote Assistance ticket contained the following IP addresses: %1

Fields #

Description

A PNRP Node was created at the following address: FuncName.

Message #

A PNRP Node was created at the following address: %1

Fields #

Description

The following PNRP clouds were detected: FuncName.

Message #

The following PNRP clouds were detected: %1

Fields #

Description

A PNRP Node was released at the following address: FuncName.

Message #

A PNRP Node was released at the following address: %1

Fields #

Description

Started looking for PNRP node with the following address: FuncName.

Message #

Started looking for PNRP node with the following address: %1

Fields #

Description

Stopped looking for PNRP node, address: FuncName.

Message #

Stopped looking for PNRP node, address: %1

Fields #

Description

There was a problem interacting with the PNRP service. This component might not be installed correctly. The error code received was: FuncName.

Message #

There was a problem interacting with the PNRP service.  This component might not be installed correctly. The error code received was: %1

Fields #

Description

Diagnosis Repro Attempt resulted in a success.

Message #

Diagnosis Repro Attempt resulted in a success.

Description

Diagnosis Repro Attempt resulted in a failure.

Message #

Diagnosis Repro Attempt resulted in a failure.

Description

Current time on NTP Server: FuncName.

Message #

Current time on NTP Server: %1

Fields #

Description

Remote Assistance troubleshooting rejected problem Code.

Message #

Remote Assistance troubleshooting rejected problem %1.

Fields #

Description

Remote Assistance troubleshooting has confirmed the problem: FuncName.

Message #

Remote Assistance troubleshooting has confirmed the problem: %1.

Fields #

Description

Remote Assistance troubleshooting is starting to repair the identified problem: FuncName.

Message #

Remote Assistance troubleshooting is starting to repair the identified problem: %1.

Fields #

Description

Remote Assistance troubleshooting successfully repaired the problem: FuncName.

Message #

Remote Assistance troubleshooting successfully repaired the problem: %1.

Fields #

Description

Remote Assistance troubleshooting failed to repair the problem: FuncName.

Message #

Remote Assistance troubleshooting failed to repair the problem: %1.

Fields #

Description

Remote OS Type : Remote_OS_Type.

Message #

Remote OS Type : %1.

Fields #

Description

Remote Assistance connection attempt failed with error code: Code.

Message #

Remote Assistance connection attempt failed with error code: %1.

Fields #

Description

Remote Assistance reproduced the problem and created following ticket to verify the problem: FuncName.

Message #

Remote Assistance reproduced the problem and created following ticket to verify the problem: %1.

Fields #