Microsoft-Windows-ServerManager-ManagementProvider
70 events across 2 channels
Event ID 1 — Loading the management provider
Message
Example Event
system:
provider: Microsoft-Windows-ServerManager-ManagementProvider
guid: C2E6D0D9-5DF8-4C77-A82B-C96C84579543
event_source_name: ''
event_id: 1
version: 0
level: 4
task: 1
opcode: 1
keywords: 9223372036854775808
time_created: '2022-04-07T17:38:23.603467+00:00'
event_record_id: 302
correlation: {}
execution:
process_id: 3944
thread_id: 4188
channel: Microsoft-Windows-ServerManager-MgmtProvider/Operational
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: S-1-5-20
event_data: {}
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 2 — Unloading the management provider
Message
Example Event
system:
provider: Microsoft-Windows-ServerManager-ManagementProvider
guid: C2E6D0D9-5DF8-4C77-A82B-C96C84579543
event_source_name: ''
event_id: 2
version: 0
level: 4
task: 1
opcode: 2
keywords: 9223372036854775808
time_created: '2022-04-07T17:39:06.282326+00:00'
event_record_id: 326
correlation: {}
execution:
process_id: 3944
thread_id: 4188
channel: Microsoft-Windows-ServerManager-MgmtProvider/Operational
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: S-1-5-20
event_data: {}
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 12 — Condition %1 failed, throwing %2.
Message
Fields
| Name | Description |
|---|---|
ptzMessage1 | — |
ptzMessage2 | — |
Event ID 14 — Get performance collector state task start.
Message
Example Event
system:
provider: Microsoft-Windows-ServerManager-ManagementProvider
guid: C2E6D0D9-5DF8-4C77-A82B-C96C84579543
event_source_name: ''
event_id: 14
version: 0
level: 4
task: 6
opcode: 1
keywords: 9223372036854775808
time_created: '2022-04-07T17:38:26.867981+00:00'
event_record_id: 310
correlation:
ActivityID: C1A9BE91-E77A-4B43-9AF9-F18A1F4C9833
execution:
process_id: 3944
thread_id: 4188
channel: Microsoft-Windows-ServerManager-MgmtProvider/Operational
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data: {}
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 15 — Get performance collector state task complete.
Message
Example Event
system:
provider: Microsoft-Windows-ServerManager-ManagementProvider
guid: C2E6D0D9-5DF8-4C77-A82B-C96C84579543
event_source_name: ''
event_id: 15
version: 0
level: 4
task: 6
opcode: 2
keywords: 9223372036854775808
time_created: '2022-04-07T17:38:27.062936+00:00'
event_record_id: 314
correlation:
ActivityID: C1A9BE91-E77A-4B43-9AF9-F18A1F4C9833
execution:
process_id: 3944
thread_id: 4188
channel: Microsoft-Windows-ServerManager-MgmtProvider/Operational
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data: {}
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 16 — Get performance collector state task generated an error.
Message
Fields
| Name | Description |
|---|---|
hResult | — |
Event ID 17 — Set performance collector state task start.
Message
Event ID 18 — Set performance collector state task complete.
Message
Event ID 19 — Set performance collector state task generated an error.
Message
Fields
| Name | Description |
|---|---|
hResult | — |
Event ID 26 — Get counter sample in time range task start.
Message
Event ID 27 — Get counter samples in time range task complete.
Message
Event ID 28 — Get counter samples in time range task generated an error.
Message
Fields
| Name | Description |
|---|---|
hResult | — |
Event ID 29 — Unable to process log file: %1, error: %2, last error: %3.
Message
Fields
| Name | Description |
|---|---|
Name | — |
hResult | — |
hLastError | — |
Event ID 30 — Get counter samples at time task start.
Message
Event ID 31 — Get counter samples at time task complete.
Message
Event ID 32 — Get counter samples at time task generated an error.
Message
Fields
| Name | Description |
|---|---|
hResult | — |
Event ID 33 — Unable to process log file: %1, error: %2, last error: %3.
Message
Fields
| Name | Description |
|---|---|
Name | — |
hResult | — |
hLastError | — |
Event ID 41 — Get server inventory task started.
Message
Example Event
system:
provider: Microsoft-Windows-ServerManager-ManagementProvider
guid: C2E6D0D9-5DF8-4C77-A82B-C96C84579543
event_source_name: ''
event_id: 41
version: 0
level: 4
task: 13
opcode: 0
keywords: 9223372036854775808
time_created: '2022-04-07T17:38:23.628840+00:00'
event_record_id: 303
correlation:
ActivityID: E1A8B0A1-AACC-4C2A-8AAC-58D88C5EA105
execution:
process_id: 3944
thread_id: 4188
channel: Microsoft-Windows-ServerManager-MgmtProvider/Operational
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data: {}
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 42 — Get server inventory task complete.
Message
Example Event
system:
provider: Microsoft-Windows-ServerManager-ManagementProvider
guid: C2E6D0D9-5DF8-4C77-A82B-C96C84579543
event_source_name: ''
event_id: 42
version: 0
level: 4
task: 13
opcode: 0
keywords: 9223372036854775808
time_created: '2022-04-07T17:38:26.860114+00:00'
event_record_id: 309
correlation:
ActivityID: E1A8B0A1-AACC-4C2A-8AAC-58D88C5EA105
execution:
process_id: 3944
thread_id: 4188
channel: Microsoft-Windows-ServerManager-MgmtProvider/Operational
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data: {}
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 43 — Get server inventory task failed.
Message
Example Event
system:
provider: Microsoft-Windows-ServerManager-ManagementProvider
guid: C2E6D0D9-5DF8-4C77-A82B-C96C84579543
event_source_name: ''
event_id: 43
version: 0
level: 2
task: 13
opcode: 0
keywords: 9223372036854775808
time_created: '2022-04-04T13:51:27.375324+00:00'
event_record_id: 537
correlation:
ActivityID: D6029FED-E085-468B-9E69-02033A44F2E2
execution:
process_id: 4740
thread_id: 4776
channel: Microsoft-Windows-ServerManager-MgmtProvider/Operational
computer: WIN-TKC15D7KHUR
security:
user_id: S-1-5-21-1958040314-2592322477-2606035944-500
event_data: {}
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 44 — Get server inventory task failed to query information from facility: %1, error code: %2, last error: %3.
Message
Fields
| Name | Description |
|---|---|
facility | — |
error | — |
lasterror | — |
Event ID 45 — Failure opening metadata of the owning provider for channel: %1 [hResult = %2, hLastResult = %3].
Message
Fields
| Name | Description |
|---|---|
Name | — |
hResult | — |
hLastError | — |
Example Event
system:
provider: Microsoft-Windows-ServerManager-ManagementProvider
guid: C2E6D0D9-5DF8-4C77-A82B-C96C84579543
event_source_name: ''
event_id: 45
version: 0
level: 3
task: 13
opcode: 0
keywords: 9223372036854775808
time_created: '2022-04-07T17:38:26.323488+00:00'
event_record_id: 308
correlation:
ActivityID: E1A8B0A1-AACC-4C2A-8AAC-58D88C5EA105
execution:
process_id: 3944
thread_id: 4188
channel: Microsoft-Windows-ServerManager-MgmtProvider/Operational
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data:
Name: Microsoft-Windows-SPB-HIDI2C/Analytic
hResult: '0x8007065b'
hLastError: '0x80070002'
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 46 — Generic failure querying the localized name for channel: %1 [hResult = %2, hLastResult = %3].
Message
Fields
| Name | Description |
|---|---|
Name | — |
hResult | — |
hLastError | — |
Event ID 47 — Get server feature task started, flags.
Message
Fields
| Name | Description |
|---|---|
uValue | — |
Example Event
system:
provider: Microsoft-Windows-ServerManager-ManagementProvider
guid: C2E6D0D9-5DF8-4C77-A82B-C96C84579543
event_source_name: ''
event_id: 47
version: 0
level: 4
task: 14
opcode: 0
keywords: 9223372036854775808
time_created: '2022-04-07T17:38:26.868610+00:00'
event_record_id: 311
correlation:
ActivityID: 4ACAA8DE-FAC8-4188-A6B0-EFCD7D7B46CA
execution:
process_id: 3944
thread_id: 1536
channel: Microsoft-Windows-ServerManager-MgmtProvider/Operational
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data:
uValue: 2
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 48 — Get server feature task complete, total features returned.
Message
Fields
| Name | Description |
|---|---|
uValue | — |
Example Event
system:
provider: Microsoft-Windows-ServerManager-ManagementProvider
guid: C2E6D0D9-5DF8-4C77-A82B-C96C84579543
event_source_name: ''
event_id: 48
version: 0
level: 4
task: 14
opcode: 0
keywords: 9223372036854775808
time_created: '2022-04-07T17:38:27.505527+00:00'
event_record_id: 315
correlation:
ActivityID: 4ACAA8DE-FAC8-4188-A6B0-EFCD7D7B46CA
execution:
process_id: 3944
thread_id: 1536
channel: Microsoft-Windows-ServerManager-MgmtProvider/Operational
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data:
uValue: 25
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 49 — Get server feature task failed, error.
Message
Fields
| Name | Description |
|---|---|
hResult | — |
Example Event
system:
provider: Microsoft-Windows-ServerManager-ManagementProvider
guid: C2E6D0D9-5DF8-4C77-A82B-C96C84579543
event_source_name: ''
event_id: 49
version: 0
level: 2
task: 14
opcode: 0
keywords: 9223372036854775808
time_created: '2022-04-07T08:14:08.883719+00:00'
event_record_id: 102
correlation:
ActivityID: 050D8FFF-1276-45D9-A3D0-6F704D3210E5
execution:
process_id: 4456
thread_id: 2488
channel: Microsoft-Windows-ServerManager-MgmtProvider/Operational
computer: WIN-FPV0DSIC9O6
security:
user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data:
hResult: '0x1'
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 50 — The feature returned by the ceip provider is not found in the static feature information xml.
Message
Fields
| Name | Description |
|---|---|
Id | — |
Name | — |
Event ID 51 — The feature's parent id returned by the ceip provider is not found in the static feature information xml.
Message
Fields
| Name | Description |
|---|---|
Id | — |
ParentId | — |
Event ID 52 — Get server event detail task started, number of logs.
Message
Fields
| Name | Description |
|---|---|
uValue | — |
Example Event
system:
provider: Microsoft-Windows-ServerManager-ManagementProvider
guid: C2E6D0D9-5DF8-4C77-A82B-C96C84579543
event_source_name: ''
event_id: 52
version: 0
level: 4
task: 15
opcode: 0
keywords: 9223372036854775808
time_created: '2022-04-07T17:38:27.513998+00:00'
event_record_id: 323
correlation:
ActivityID: C9DB0EBB-AD74-4A6D-A36D-C691522795E3
execution:
process_id: 3944
thread_id: 4188
channel: Microsoft-Windows-ServerManager-MgmtProvider/Operational
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data:
uValue: 6
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 53 — Get server event detail task complete, number of results.
Message
Fields
| Name | Description |
|---|---|
uValue | — |
Example Event
system:
provider: Microsoft-Windows-ServerManager-ManagementProvider
guid: C2E6D0D9-5DF8-4C77-A82B-C96C84579543
event_source_name: ''
event_id: 53
version: 0
level: 4
task: 15
opcode: 0
keywords: 9223372036854775808
time_created: '2022-04-07T17:38:27.539932+00:00'
event_record_id: 325
correlation:
ActivityID: C9DB0EBB-AD74-4A6D-A36D-C691522795E3
execution:
process_id: 3944
thread_id: 4188
channel: Microsoft-Windows-ServerManager-MgmtProvider/Operational
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data:
uValue: 0
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 54 — Get server event detail task failed, error.
Message
Fields
| Name | Description |
|---|---|
hResult | — |
Event ID 55 — Server event detail query.
Message
Fields
| Name | Description |
|---|---|
Query | — |
Event ID 56 — Couldn't find event query file: %1 [hResult: %2, hLastResult: %3].
Message
Fields
| Name | Description |
|---|---|
Name | — |
hResult | — |
hLastError | — |
Event ID 57 — Server event detail task failed to process the query file: %1, error code: %2, last error: %3.
Message
Fields
| Name | Description |
|---|---|
Name | — |
hResult | — |
hLastError | — |
Event ID 58 — Server event detail task failed to open the provider's metadata, name.
Message
Fields
| Name | Description |
|---|---|
Name | — |
Event ID 61 — The Uxd feature enumeration delay value was not found, using default delay.
Message
Event ID 62 — Get bpa result task start.
Message
Fields
| Name | Description |
|---|---|
TotalXPaths | — |
Example Event
system:
provider: Microsoft-Windows-ServerManager-ManagementProvider
guid: C2E6D0D9-5DF8-4C77-A82B-C96C84579543
event_source_name: ''
event_id: 62
version: 0
level: 4
task: 16
opcode: 0
keywords: 9223372036854775808
time_created: '2022-04-07T17:38:27.511464+00:00'
event_record_id: 316
correlation:
ActivityID: 7E9799E8-7833-472A-9A67-4EBE3235C039
execution:
process_id: 3944
thread_id: 1536
channel: Microsoft-Windows-ServerManager-MgmtProvider/Operational
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data:
TotalXPaths: 12
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 63 — Get bpa result task complete.
Message
Fields
| Name | Description |
|---|---|
ResultsReturned | — |
Example Event
system:
provider: Microsoft-Windows-ServerManager-ManagementProvider
guid: C2E6D0D9-5DF8-4C77-A82B-C96C84579543
event_source_name: ''
event_id: 63
version: 0
level: 4
task: 16
opcode: 0
keywords: 9223372036854775808
time_created: '2022-04-07T17:38:27.517455+00:00'
event_record_id: 324
correlation:
ActivityID: 7E9799E8-7833-472A-9A67-4EBE3235C039
execution:
process_id: 3944
thread_id: 1536
channel: Microsoft-Windows-ServerManager-MgmtProvider/Operational
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data:
ResultsReturned: 12
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 64 — Get bpa result task generated an error: %1, last error: %2.
Message
Fields
| Name | Description |
|---|---|
Error | — |
LastError | — |
Event ID 65 — Get cluster name task start.
Message
Event ID 66 — Get cluster name task complete.
Message
Event ID 67 — Get cluster name task generated an error.
Message
Event ID 68 — Events were queried from ADAM.
Message
Fields
| Name | Description |
|---|---|
Error | — |
LastError | — |
Event ID 69 — Get server service detail task start.
Message
Fields
| Name | Description |
|---|---|
uValue | — |
Example Event
system:
provider: Microsoft-Windows-ServerManager-ManagementProvider
guid: C2E6D0D9-5DF8-4C77-A82B-C96C84579543
event_source_name: ''
event_id: 69
version: 0
level: 4
task: 18
opcode: 0
keywords: 9223372036854775808
time_created: '2022-04-07T17:38:26.870735+00:00'
event_record_id: 312
correlation:
ActivityID: F5F2E135-0CD1-4E7C-9EF4-0FB3D7C663E7
execution:
process_id: 3944
thread_id: 3164
channel: Microsoft-Windows-ServerManager-MgmtProvider/Operational
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data:
uValue: 0
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 70 — Get server service detail task complete.
Message
Fields
| Name | Description |
|---|---|
uValue | — |
Example Event
system:
provider: Microsoft-Windows-ServerManager-ManagementProvider
guid: C2E6D0D9-5DF8-4C77-A82B-C96C84579543
event_source_name: ''
event_id: 70
version: 0
level: 4
task: 18
opcode: 0
keywords: 9223372036854775808
time_created: '2022-04-07T17:38:27.048889+00:00'
event_record_id: 313
correlation:
ActivityID: F5F2E135-0CD1-4E7C-9EF4-0FB3D7C663E7
execution:
process_id: 3944
thread_id: 3164
channel: Microsoft-Windows-ServerManager-MgmtProvider/Operational
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data:
uValue: 0
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 71 — Get server service detail task generated an error [hResult: %1, hLastResult = %2].
Message
Fields
| Name | Description |
|---|---|
Error | — |
LastError | — |
Event ID 72 — Couldn't open service: %1 [hResult = %2, hLastResult = %3].
Message
Fields
| Name | Description |
|---|---|
Name | — |
hResult | — |
hLastError | — |
Event ID 73 — Can't get description of service: %1 [hResult = %2, hLastResult = %3].
Message
Fields
| Name | Description |
|---|---|
Name | — |
hResult | — |
hLastError | — |
Event ID 74 — Can't get config information of service: %1 [hResult = %2, hLastResult = %3].
Message
Fields
| Name | Description |
|---|---|
Name | — |
hResult | — |
hLastError | — |
Event ID 75 — Generic failure querying service details of service: %1 [hResult = %2, hLastResult = %3].
Message
Fields
| Name | Description |
|---|---|
Name | — |
hResult | — |
hLastError | — |
Event ID 76 — Generic failure querying delayed auto start property of serice: %1 [hResult = %2, hLastResult = %3].
Message
Fields
| Name | Description |
|---|---|
Name | — |
hResult | — |
hLastError | — |
Event ID 77 — Remove server performance log task start.
Message
Fields
| Name | Description |
|---|---|
Collector | — |
MillisecondCutOff | — |
Event ID 78 — Remove server performance log task complete.
Message
Fields
| Name | Description |
|---|---|
Count | — |
Event ID 79 — Remove server performance log task generated an error '.
Message
Fields
| Name | Description |
|---|---|
Collector | — |
ErrorCode | — |
LastErrorCode | — |
Event ID 80 — Remove server performance log task encountered an error processing log: %1 [hResult: %2, hLastResult = %3].
Message
Fields
| Name | Description |
|---|---|
Log | — |
Error | — |
LastError | — |
Event ID 81 — Elevated operation %1 failed to revert to network service token.
Message
Fields
| Name | Description |
|---|---|
Identifier | — |
Error | — |
Event ID 82 — Elevated operation %2 failed to impersonate the client back.
Message
Fields
| Name | Description |
|---|---|
Identifier | — |
Error | — |
Event ID 83 — The task thread is not impersonating the client after running a elevated operation %1.
Message
Fields
| Name | Description |
|---|---|
Identifier | — |
Event ID 84 — The wmi enumeration operation [.
Message
Fields
| Name | Description |
|---|---|
Identifier | — |
Event ID 85 — Failed to query the results of bpa xpath.
Message
Fields
| Name | Description |
|---|---|
XPath | — |
Error | — |
LastError | — |
Example Event
system:
provider: Microsoft-Windows-ServerManager-ManagementProvider
guid: C2E6D0D9-5DF8-4C77-A82B-C96C84579543
event_source_name: ''
event_id: 85
version: 0
level: 3
task: 16
opcode: 0
keywords: 9223372036854775808
time_created: '2022-04-07T17:38:27.513401+00:00'
event_record_id: 322
correlation:
ActivityID: 7E9799E8-7833-472A-9A67-4EBE3235C039
execution:
process_id: 3944
thread_id: 1536
channel: Microsoft-Windows-ServerManager-MgmtProvider/Operational
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data:
XPath: Microsoft/Windows/FileServices:$reports$\*\Result.xml:/ResultDatabase/Result
Error: '0x1f'
LastError: '0x3'
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 86 — Failed to get/query the resource of type %1 at index %2.
Message
Fields
| Name | Description |
|---|---|
Type | — |
Index | — |
Error | — |
LastError | — |
Event ID 87 — Generic failure querying trigger information of serice: %1 [hResult = %2, hLastResult = %3].
Message
Fields
| Name | Description |
|---|---|
Name | — |
hResult | — |
hLastError | — |
Event ID 88 — Failed to get the performance data with error code PDH_LOG_TYPE_NOT_FOUND.
Message
Fields
| Name | Description |
|---|---|
LastError | — |
QfeCheck | — |
Event ID 89 — Failed to check the status of the performance counter DL QFE, error: %1, last error: %2.
Message
Fields
| Name | Description |
|---|---|
Error | — |
LastError | — |
Event ID 90 — Get server event detail extended task started.
Message
Fields
| Name | Description |
|---|---|
uValue | — |
Event ID 91 — Get server event detail extended task complete, number of results.
Message
Fields
| Name | Description |
|---|---|
uValue | — |
Event ID 92 — Get server event detail extended task failed, error: %1, extended error: %2.
Message
Fields
| Name | Description |
|---|---|
Error | — |
LastError | — |
Event ID 93 — Server event detail extended query.
Message
Fields
| Name | Description |
|---|---|
Query | — |
Event ID 94 — Server event detail extended task failed to process the query: error: %1, last error: %2.
Message
Fields
| Name | Description |
|---|---|
Error | — |
LastError | — |
Event ID 95 — Server event detail extended task failed to open the provider's metadata, name.
Message
Fields
| Name | Description |
|---|---|
Name | — |