detection.wiki
Blog

Microsoft-Windows-ServerManager-MultiMachine

333 events across 2 channels

Event IDTitleChannel
0Refresh scheduler started.Operational
1Refresh scheduler stopped.Operational
2Start of filtering out in-progress refresh.Debug
3End of filtering out in-progress refresh.Debug
4Short circuit refresh.Operational
5Start of triggering refresh job.Operational
6End of triggering refresh job.Operational
7Error received from refresh job.Operational
8Child job completed.Operational
9Parent job completed.Operational
10Start of request for refresh.Operational
11End of request for refresh.Operational
12Task '.Debug
13Task '.Debug
14Error during processing data.Operational
15Start of decoding BPA results.Debug
16End of decoding BPA results.Debug
17Error during decoding of BPA results.Operational
18Start of updating Bpa result records.Debug
19End of updating Bpa result records.Debug
20Short circuting of updating of Bpa result records.Debug
21Error during updating of Bpa result records.Operational
22Triggered Bpa results updated event.Debug
23Start of decoding service statuses.Debug
24End of decoding service statuses.Debug
25Error during decoding of service statuses.Operational
26Start of updating services records.Debug
27End of updating services records.Debug
28Short circuting of updating of services records.Debug
29Error during updating of services records.Operational
30Triggered services updated event.Debug
31Plugin load started for Role Id %1.Operational
32Plugin load stopped for Role Id %1.Operational
33Plugin load failed for Role Id %1.Operational
34Plugin unload started for Role Id %1.Operational
35Plugin unload stopped for Role Id %1.Operational
36Plugin unload failed for Role Id %1.Operational
37Plugin registration information is loaded.Operational
38Plugin registration information failed to load.Debug
39ARW launch command started.Operational
40ARW launch command completed.Operational
41Add server command started.Operational
42Add server command completed.Operational
43The requested server %1 is already added.Operational
44Add server command failed while adding server %1, failure: %2.Operational
45Full refresh command started.Operational
46Full refresh command completed.Operational
47Started initializing service provider.Operational
48Completed initializing service provider.Operational
49Boot loader started.Operational
50Boot loader completed.Operational
51Boot loader can't find the service provider list, Error.Operational
52Failed to load user settings, Error.Operational
53Main window initialized.Operational
54Main window initialization failed, Error.Operational
55Failed to change the navigation item %1 of type %2, attached descriptor: %3.Operational
56Navigation service selection changed.Operational
57Server manager startedOperational
58Server manager shutdown startedOperational
59Server manager shutdown failure.Operational
60Saving server list failure.Operational
61Server manager automation shutdown failure.Operational
62Server manager plugin manager shutdown failure.Operational
63Server manager exception.Operational
64Start of decoding performance counter threshold alerts results.Debug
65Stop of decoding performance counter threshold alerts results.Debug
66Error during decoding performance counter threshold alerts results.Operational
67Start of data update to performance counter threshold alert data.Debug
68Stop of data update to performance counter threshold alert data.Debug
69Error during data update to performance counter threshold alert data.Operational
70Triggered performance counter threshold alert data results updated event.Operational
71Start of decoding performance counter samples results.Debug
72Stop of decoding performance counter samples results.Debug
73Error during decoding performance counter samples results.Operational
74Start of data update to performance counter sample data.Debug
75Stop of data update to performance counter sample data.Debug
76Error during data update to performance counter sample data.Operational
77Triggered performance counter sample data results updated event.Operational
78Start job of diagnostics data collect (process snapshots).Debug
79Stop job of diagnostics data collect (process snapshots).Debug
80Error in a job of diagnostics data collect (process snapshots).Operational
81Start of data update to diagnostics data (process snapshots).Debug
82Stop of data update to diagnostics data (process snapshots).Debug
83Error during data update to diagnostics data (process snapshots).Operational
84Start of time change filter.Debug
85Stop of time change filter.Debug
86Error during time change filter.Operational
87Start job of time change filter.Debug
88Stop job of time change filter.Debug
89Error in a job of time change filter.Operational
90Start of data update for time change filter.Debug
91Stop of data update for time change filter.Debug
92Error during data update for time change filter.Operational
93Job refresh error.Operational
94Splash screen started.Operational
95Splash screen stopped.Operational
96Server list loading failed.Operational
97Server manager shutdown stopped.Operational
98User settings save started.Operational
99User settings save stopped.Operational
100Automation job history.Debug
101Automation job history.Debug
102Group of inventory refresh jobs has finished.Operational
103Error encountered while attempting to load an advanced tool.Debug
104DataStore persistence: starting loadDebug
105DataStore persistence: load error %1.Operational
106DataStore persistence: load finishedDebug
107DataStore persistence: starting saveDebug
108DataStore persistence: save error.Operational
109DataStore persistence: save finishedDebug
110Inventory data update failed.Operational
111Launched BPA scan on machine %1, BPA Model Ids %2.Operational
112Bpa Scan launch failed for server %1, error: %2.Operational
113Start of enable job of performance counter collector.Debug
114Stop of enable job of performance counter collector.Debug
115Failed enabling of performance counter collector.Operational
116Bpa include or exclude launch failed for server %1, error: %2.Operational
117Error while launching command '.Operational
118Failed to close the post deployment configuration task.Operational
119Created the post deployment task.Operational
120Completed the post deployment task.Operational
121Failed to create the post deployment configuration task.Operational
122Unknown type of failure to refresh data.Operational
123Roles and features discovered on %1: %2.Operational
124Roles and features requiring configuration on %1: %2.Operational
125Skipping Server Manager auto refresh.Operational
126Skipping loading the navigation item for a plugin that is not initialized.Operational
127Shell plugin icon not found.Operational
128Parent role not found.Operational
129String pool has been scanned.Operational
130Automation job query started.Operational
131Automation job query result.Operational
132Automation job query completed.Operational
133Automation job created.Operational
134Automation job creation failed with error.Operational
135Exception reported to refresh data.Operational
136Exception reported to data collection.Operational
150Automation job started.Debug
151Automation job state changed.Debug
152Automation job error data added.Debug
153Automation job output data added.Debug
154Automation job progress data added.Debug
155Automation job error data added.Debug
156Data processing time.Debug
157Lengthy data processing time.Debug
160Error setting main window focus with the handle.Operational
161Error writing the window handle.Operational
162File mapping initialization failed.Operational
163Error shutting down the kernel service.Operational
164CEIP/WER launch command started.Operational
165CEIP/WER launch command completed.Operational
166CEIP/WER plugin load started.Operational
167CEIP/WER plugin load completed.Operational
168Connection to M3P starting.Operational
169Connection to M3P completed.Operational
170Credentials set for connections to machines.Operational
171Refresh session started.Operational
172Refresh session completed.Operational
173Credentials loaded from the cred store: User name = %1.Operational
174Error loading credentials from the cred store.Operational
175Credentials saved to the cred store: User name = %1.Operational
176Error saving credentials to the cred store.Operational
177Credentials deleted from the cred store: User name = %1.Operational
178Error deleting credentials from the cred store.Operational
179Local server properties refresh started.Operational
180Local server properties refresh completed.Operational
181Error accessing local server properties.Operational
182Completed services modification jobOperational
183Launching wizard from automation job started.Operational
184Launching wizard from automation job completed.Operational
190Starting WinRM service status check.Operational
191Completed WinRM service status check.Operational
192Refresh item completed.Operational
193Error cleaning up credentials from the cred store.Operational
194Cluster query item added.Operational
195Cluster query item data received.Operational
196New cluster nodes added to session.Operational
197Cluster query item completed.Operational
200Refresh item session create started.Debug
201Refresh item session create completed.Debug
202Refresh item session close started.Debug
203Refresh item session close completed.Debug
204Refresh item invocation started.Debug
205Refresh item enumeration started.Debug
206Refresh item data received.Debug
207Refresh item operation completed.Debug
208Refresh item operation error.Debug
209Creating new session.Operational
210Enumerate instances started.Operational
211Enumerate instances completed.Operational
212Enumerate instances error.Operational
213Enumerate instances data received.Operational
214Invoke method started.Operational
215Invoke method completed.Operational
216Invoke method error.Operational
217Invoke method data received.Operational
218Invoke method non-terminating error received.Operational
219Invoke method message received.Operational
220Disconnect from M3P starting.Operational
221Disconnect from M3P completed.Operational
300Server data processer start.Debug
301Server data processer stop.Debug
302Server data processor failed.Debug
303Server data processor on next start.Debug
304Server data processor on next stop.Debug
305Feature data processer start.Debug
306Feature data processer stop.Debug
307Feature data processor failed.Debug
308Feature data processor on next start.Debug
309Feature data processor on next stop.Debug
310BPA data processer start.Debug
311BPA data processer stop.Debug
312BPA data processor failed.Debug
313BPA data processor on next start.Debug
314BPA data processor on next stop.Debug
315Events data processer start.Debug
316Events data processer stop.Debug
317Events data processor failed.Debug
318Events data processor on next start.Debug
319Events data processor on next stop.Debug
320Performance counter data processer start.Debug
321Performance counter data processer stop.Debug
322Performance counter data processor failed.Debug
323Performance counter data processor on next start.Debug
324Performance counter data processor on next stop.Debug
325Services data processer start.Debug
326Services data processer stop.Debug
327Services data processor failed.Debug
328Services data processor on next start.Debug
329Services data processor on next stop.Debug
330Servers tile view update start.Debug
331Servers tile view update stop.Debug
332Features tile view update start.Debug
333Features tile view update stop.Debug
334BPA tile view update start.Debug
335BPA tile view update stop.Debug
336Events tile view update start.Debug
337Events tile view update stop.Debug
338Performance tile view update start.Debug
339Performance tile view update stop.Debug
340Services tile view update start.Debug
341Services tile view update stop.Debug
342Servers thumbnail view update start.Debug
343Servers thumbnail view update stop.Debug
344Timestamp thumbnail view update start.Debug
345Timestamp thumbnail view update stop.Debug
346BPA thumbnail view update start.Debug
347BPA thumbnail view update stop.Debug
348Events thumbnail view update start.Debug
349Events thumbnail view update stop.Debug
350Performance thumbnail view update start.Debug
351Performance thumbnail view update stop.Debug
352Services thumbnail view update start.Debug
353Services thumbnail view update stop.Debug
354Manageability thumbnail view update start.Debug
355Manageability thumbnail view update stop.Debug
356Async job creation started.Operational
2000Deployment Wizard is launched.Operational
2001Deployment Wizard is closed.Operational
2002Deployment Wizard repository loading start.Operational
2003Deployment Wizard repository loading completed.Operational
2004Deployment Wizard repository loading completed and repository is empty.Operational
2005Deployment Wizard installation type changed.Operational
2006Deployment Wizard component selected.Operational
2007Deployment Wizard component unselected.Operational
2008Deployment Wizard component selection cancelled through dependency dialog.Operational
2009Deployment Wizard target server collection has changed.Operational
2010Deployment Wizard page enter.Operational
2011Deployment Wizard page exit.Operational
2012Deployment Wizard cancel requested.Operational
2013Deployment Wizard commit action started.Operational
2014Deployment Wizard commit action completed.Operational
2015Deployment Wizard component selection step completed.Operational
2016Deployment Wizard component unselection completed.Operational
2100Deployment plugin loading started.Operational
2101Deployment plugin loading completed.Operational
2102Deployment component pages added.Operational
2103Deployment component pages removed.Operational
2105Deployment configuration data export started.Operational
2106Deployment configuration data export completed.Operational
2107Pre-requisite check started for component with ComponentId.Operational
2108Pre-requisite check completed for component with ComponentId: %1, Status: %2.Operational
2109Pre-uninstall step started for component with ComponentId.Operational
2110Pre-uninstall step completed for component with ComponentId: %1, Status: %2.Operational
4000Add-_InternalWindowsRole workflow entered.Operational
4001Add-_InternalWindowsRole workflow ended, TargetComputer:%1, RequestState:%2, …Operational
4002Add-_InternalWindowsRole workflow reported an error installing or removing the …Operational
4010Add-_InternalWindowsRole workflow launching install/remove operation.Debug
4011Add-_InternalWindowsRole workflow launched install/remove operation, …Debug
4012Add-_InternalWindowsRole workflow polling for completion.Debug
4013Add-_InternalWindowsRole workflow polled for completion, TargetComputer:%1, …Debug
4020Add-_InternalWindowsRole workflow has determined that the target computer should …Debug
4021Add-_InternalWindowsRole workflow has determined that the target computer should …Debug
4022Add-_InternalWindowsRole workflow is requesting restart of the target computer.Debug
4023Add-_InternalWindowsRole workflow has requested restart of the target computer.Debug
4024Add-_InternalWindowsRole workflow failed to restart the target computer within …Debug
9000Get-WindowsFeature cmdlet started.Operational
9001Get-WindowsFeature cmdlet ended, Guid: %1, Components: %2.Operational
9002GetServerComponent method started.Debug
9003GetServerComponent method ended with Success.Debug
9004GetServerComponent method returned InProgress.Debug
9005GetServerComponent method returned Failed.Debug
9006GetEnumerationState method started.Debug
9007GetEnumerationState method ended with Success.Debug
9008GetEnumerationState method returned InProgress.Debug
9009GetEnumerationState method returned Failed.Debug
9010Get Windows feature failed with Error.Operational
9011Component %1 has invalid state %2.Operational
9012Component %1 has state %2.Operational
9100Add-WindowsFeature cmdlet started.Operational
9101Add-WindowsFeature cmdlet ended.Operational
9102AddServerComponent method started.Debug
9103AddServerComponent method ended with Success.Debug
9104AddServerComponent method returned InProgress.Debug
9105AddServerComponent method returned Failed.Debug
9106GetAlterationState method for Add-WindowsFeature started.Debug
9107GetAlterationState method for Add-WindowsFeature ended.Debug
9108GetAlterationState method for Add-WindowsFeature returned InProgress.Debug
9109GetAlterationState method for Add-WindowsFeature returned Failed.Debug
9110Mutual Exclusion conflict detected during add.Operational
9200Remove-WindowsFeature cmdlet started.Operational
9201Remove-WindowsFeature cmdlet ended.Operational
9202RemoveServerComponent method started.Debug
9203RemoveServerComponent method ended with Success.Debug
9204RemoveServerComponent method returned InProgress.Debug
9205RemoveServerComponent method returned Failed.Debug
9206GetAlterationState method for Remove-WindowsFeature started.Debug
9207GetAlterationState method for Remove-WindowsFeature ended.Debug
9208GetAlterationState method for Remove-WindowsFeature returned InProgress.Debug
9209GetAlterationState method for Remove-WindowsFeature returned Failed.Debug
9210Remove Windows feature failed with Error.Operational
9211Add Windows feature failed with Error.Operational
9301Debug

Event ID 0 — Refresh scheduler started.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Samples
1

Message

Refresh scheduler started.

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 0
  version: 0
  level: 0
  task: 0
  opcode: 0
  keywords: 0
  time_created: '2022-04-07T17:06:29.351679+00:00'
  event_record_id: 174
  correlation:
    ActivityID: DD7B0B6A-4A9E-0000-F886-7BDD9E4AD801
    RelatedActivityID: AA4DB9AF-DA1D-455F-908A-502ABDF549C8
  execution:
    process_id: 1460
    thread_id: 4948
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data: {}
message: ''

References

Event ID 1 — Refresh scheduler stopped.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Refresh scheduler stopped..

Event ID 2 — Start of filtering out in-progress refresh.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Start of filtering out in-progress refresh.

Fields

NameDescription
Category
Machines

Event ID 3 — End of filtering out in-progress refresh.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

End of filtering out in-progress refresh.

Fields

NameDescription
Category
Machines

Event ID 4 — Short circuit refresh.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Short circuit refresh.

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 4
  version: 0
  level: 4
  task: 10
  opcode: 0
  keywords: 2305843009213693952
  time_created: '2022-04-07T08:14:07.080861+00:00'
  event_record_id: 370
  correlation:
    ActivityID: DD7B0B6A-4A9E-0001-47B6-7BDD9E4AD801
  execution:
    process_id: 1460
    thread_id: 4948
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data: {}
message: ''

References

Event ID 5 — Start of triggering refresh job.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Start of triggering refresh job. Server: %1. Job: %2.

Fields

NameDescription
MachineName
JobName

Event ID 6 — End of triggering refresh job.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

End of triggering refresh job. Server: %1. Job: %2.

Fields

NameDescription
MachineName
JobName

Event ID 7 — Error received from refresh job.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Error received from refresh job.

Fields

NameDescription
MachineName
Error

Event ID 8 — Child job completed.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Child job completed. Command: %2, Target: %3, State: %4, Proxy Instance ID: %1

Fields

NameDescription
ID
Command
Target
State

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 8
  version: 0
  level: 4
  task: 12
  opcode: 1
  keywords: 2305843009213693952
  time_created: '2022-04-07T17:21:43.025255+00:00'
  event_record_id: 687
  correlation:
    ActivityID: 1480B89F-E871-42E4-BFB4-C8F88B053137
  execution:
    process_id: 4444
    thread_id: 940
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6.sigma.fr
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data:
  ID: E829D96F-C50A-47DE-A1F2-3823DF71237B
  Command: ServerManagerShell\Invoke-_InternalServiceMethod
  Target: localhost
  State: Completed
message: ''

References

Event ID 9 — Parent job completed.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Parent job completed. Command: %2, Target: %3, State: %4, Proxy Instance ID: %1

Fields

NameDescription
ID
Command
Target
State

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 9
  version: 0
  level: 4
  task: 12
  opcode: 1
  keywords: 2305843009213693952
  time_created: '2022-04-07T17:21:43.028446+00:00'
  event_record_id: 688
  correlation:
    ActivityID: 1480B89F-E871-42E4-BFB4-C8F88B053137
  execution:
    process_id: 4444
    thread_id: 4924
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6.sigma.fr
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data:
  ID: 97DEB445-282E-4B54-9C43-57E30F4270F5
  Command: ServerManagerShell\Invoke-_InternalServiceMethod
  Target: localhost
  State: Completed
message: ''

References

Event ID 10 — Start of request for refresh.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Start of request for refresh. Source: %1. Categories: %2. Servers: %3. Session: %4

Fields

NameDescription
RefreshTriggerSource
Category
Machines
ID

Event ID 11 — End of request for refresh.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

End of request for refresh. Source: %1. Categories: %2. Servers: %3. Session: %4

Fields

NameDescription
RefreshTriggerSource
Category
Machines
ID

Event ID 12 — Task '.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Task '%1' execution started.

Fields

NameDescription
TaskName

Event ID 13 — Task '.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Task '%1' execution completed.

Fields

NameDescription
TaskName

Event ID 14 — Error during processing data.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Error during processing data.

Fields

NameDescription
ErrorMessage

Event ID 15 — Start of decoding BPA results.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Start of decoding BPA results.

Event ID 16 — End of decoding BPA results.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

End of decoding BPA results.

Event ID 17 — Error during decoding of BPA results.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Error during decoding of BPA results.

Fields

NameDescription
ErrorMessage

Event ID 18 — Start of updating Bpa result records.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Start of updating Bpa result records.

Event ID 19 — End of updating Bpa result records.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

End of updating Bpa result records.

Event ID 20 — Short circuting of updating of Bpa result records.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Short circuting of updating of Bpa result records.

Event ID 21 — Error during updating of Bpa result records.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Error during updating of Bpa result records.

Fields

NameDescription
ErrorMessage

Event ID 22 — Triggered Bpa results updated event.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Triggered Bpa results updated event.

Fields

NameDescription
MachineName

Event ID 23 — Start of decoding service statuses.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Start of decoding service statuses.

Event ID 24 — End of decoding service statuses.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

End of decoding service statuses.

Event ID 25 — Error during decoding of service statuses.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Error during decoding of service statuses.

Fields

NameDescription
ErrorMessage

Event ID 26 — Start of updating services records.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Start of updating services records.

Event ID 27 — End of updating services records.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

End of updating services records.

Event ID 28 — Short circuting of updating of services records.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Short circuting of updating of services records.

Event ID 29 — Error during updating of services records.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Error during updating of services records.

Fields

NameDescription
ErrorMessage

Event ID 30 — Triggered services updated event.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Triggered services updated event.

Fields

NameDescription
MachineName

Event ID 31 — Plugin load started for Role Id %1.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Plugin load started for Role Id %1.

Fields

NameDescription
roleId

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 31
  version: 0
  level: 4
  task: 1
  opcode: 1
  keywords: 2305843009213693952
  time_created: '2022-04-07T17:07:20.940593+00:00'
  event_record_id: 221
  correlation:
    ActivityID: DF7F44FB-F3E3-46FF-9AD1-438899980538
  execution:
    process_id: 1460
    thread_id: 3544
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data:
  roleId: 10
message: ''

References

Event ID 32 — Plugin load stopped for Role Id %1.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Plugin load stopped for Role Id %1.

Fields

NameDescription
roleId

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 32
  version: 0
  level: 4
  task: 1
  opcode: 2
  keywords: 2305843009213693952
  time_created: '2022-04-07T17:07:20.944256+00:00'
  event_record_id: 226
  correlation:
    ActivityID: AA4DB9AF-DA1D-455F-908A-502ABDF549C8
  execution:
    process_id: 1460
    thread_id: 1260
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data:
  roleId: 10
message: ''

References

Event ID 33 — Plugin load failed for Role Id %1.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Plugin load failed for Role Id %1. %2

Fields

NameDescription
roleId
Message

Event ID 34 — Plugin unload started for Role Id %1.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Plugin unload started for Role Id %1.

Fields

NameDescription
roleId

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 34
  version: 0
  level: 4
  task: 2
  opcode: 1
  keywords: 2305843009213693952
  time_created: '2022-04-07T08:38:13.298689+00:00'
  event_record_id: 514
  correlation: {}
  execution:
    process_id: 5300
    thread_id: 5256
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6.sigma.fr
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data:
  roleId: 481
message: ''

References

Event ID 35 — Plugin unload stopped for Role Id %1.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Plugin unload stopped for Role Id %1.

Fields

NameDescription
roleId

Event ID 36 — Plugin unload failed for Role Id %1.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Plugin unload failed for Role Id %1. %2

Fields

NameDescription
roleId
Message

Event ID 37 — Plugin registration information is loaded.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Plugin registration information is loaded.

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 37
  version: 0
  level: 4
  task: 3
  opcode: 0
  keywords: 2305843009213693952
  time_created: '2022-04-07T17:05:22.364248+00:00'
  event_record_id: 99
  correlation:
    ActivityID: DD7B0B6A-4A9E-0000-AC85-7BDD9E4AD801
  execution:
    process_id: 1460
    thread_id: 4948
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data: {}
message: ''

References

Event ID 38 — Plugin registration information failed to load.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Plugin registration information failed to load. Error: %1

Fields

NameDescription
message

Event ID 39 — ARW launch command started.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

ARW launch command started.

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 39
  version: 0
  level: 4
  task: 4
  opcode: 1
  keywords: 2305843009213693952
  time_created: '2022-04-07T17:05:14.456573+00:00'
  event_record_id: 78
  correlation:
    ActivityID: DD7B0B6A-4A9E-0001-737B-7BDD9E4AD801
  execution:
    process_id: 1460
    thread_id: 4948
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data: {}
message: ''

References

Event ID 40 — ARW launch command completed.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

ARW launch command completed.

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 40
  version: 0
  level: 4
  task: 4
  opcode: 2
  keywords: 2305843009213693952
  time_created: '2022-04-07T17:05:14.691796+00:00'
  event_record_id: 86
  correlation:
    ActivityID: DD7B0B6A-4A9E-0001-737B-7BDD9E4AD801
  execution:
    process_id: 1460
    thread_id: 4948
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data: {}
message: ''

References

Event ID 41 — Add server command started.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Add server command started.

Event ID 42 — Add server command completed.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Add server command completed.

Event ID 43 — The requested server %1 is already added.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

The requested server %1 is already added.

Fields

NameDescription
machineName
errorMessage

Event ID 44 — Add server command failed while adding server %1, failure: %2.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Add server command failed while adding server %1, failure: %2

Fields

NameDescription
machineName
errorMessage

Event ID 45 — Full refresh command started.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Full refresh command started.

Event ID 46 — Full refresh command completed.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Full refresh command completed.

Event ID 47 — Started initializing service provider.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Started initializing service provider.

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 47
  version: 0
  level: 4
  task: 5
  opcode: 1
  keywords: 2305843009213693952
  time_created: '2022-04-07T16:58:09.017503+00:00'
  event_record_id: 517
  correlation: {}
  execution:
    process_id: 4444
    thread_id: 4448
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6.sigma.fr
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data: {}
message: ''

References

Event ID 48 — Completed initializing service provider.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Completed initializing service provider.

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 48
  version: 0
  level: 4
  task: 5
  opcode: 2
  keywords: 2305843009213693952
  time_created: '2022-04-07T16:58:09.029982+00:00'
  event_record_id: 518
  correlation: {}
  execution:
    process_id: 4444
    thread_id: 4448
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6.sigma.fr
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data: {}
message: ''

References

Event ID 49 — Boot loader started.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Boot loader started.

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 49
  version: 0
  level: 4
  task: 5
  opcode: 1
  keywords: 2305843009213693952
  time_created: '2022-04-07T16:58:09.083883+00:00'
  event_record_id: 519
  correlation: {}
  execution:
    process_id: 4444
    thread_id: 4448
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6.sigma.fr
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data: {}
message: ''

References

Event ID 50 — Boot loader completed.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Boot loader completed.

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 50
  version: 0
  level: 4
  task: 5
  opcode: 2
  keywords: 2305843009213693952
  time_created: '2022-04-07T16:58:23.552622+00:00'
  event_record_id: 527
  correlation: {}
  execution:
    process_id: 4444
    thread_id: 4124
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6.sigma.fr
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data: {}
message: ''

References

Event ID 51 — Boot loader can't find the service provider list, Error.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Boot loader can't find the service provider list, Error: %1

Fields

NameDescription
errorMessage

Event ID 52 — Failed to load user settings, Error.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Failed to load user settings, Error: %1

Fields

NameDescription
errorMessage

Event ID 53 — Main window initialized.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Main window initialized.

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 53
  version: 0
  level: 4
  task: 6
  opcode: 0
  keywords: 2306124484190404608
  time_created: '2022-04-07T16:58:20.988934+00:00'
  event_record_id: 522
  correlation: {}
  execution:
    process_id: 4444
    thread_id: 4448
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6.sigma.fr
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data: {}
message: ''

References

Event ID 54 — Main window initialization failed, Error.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Main window initialization failed, Error: %1

Fields

NameDescription
errorMessage

Event ID 55 — Failed to change the navigation item %1 of type %2, attached descriptor: %3.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Failed to change the navigation item %1 of type %2, attached descriptor: %3

Fields

NameDescription
navigationItemName
navigationItemType
associatedViewDescriptorType

Event ID 56 — Navigation service selection changed.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Navigation service selection changed. New item: %1

Fields

NameDescription
newNavigationItem

Event ID 57 — Server manager started

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Server manager started

Event ID 58 — Server manager shutdown started

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Server manager shutdown started

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 58
  version: 0
  level: 4
  task: 9
  opcode: 0
  keywords: 2305843009213693952
  time_created: '2022-04-07T08:38:13.257143+00:00'
  event_record_id: 509
  correlation: {}
  execution:
    process_id: 5300
    thread_id: 5388
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6.sigma.fr
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data: {}
message: ''

References

Event ID 59 — Server manager shutdown failure.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Server manager shutdown failure: %1

Fields

NameDescription
errorMessage

Event ID 60 — Saving server list failure.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Saving server list failure: %1

Fields

NameDescription
errorMessage

Event ID 61 — Server manager automation shutdown failure.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Server manager automation shutdown failure: %1

Fields

NameDescription
errorMessage

Event ID 62 — Server manager plugin manager shutdown failure.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Server manager plugin manager shutdown failure: %1

Fields

NameDescription
errorMessage

Event ID 63 — Server manager exception.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Server manager exception. Source: %1. Exception: %2

Fields

NameDescription
source
exception

Event ID 64 — Start of decoding performance counter threshold alerts results.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Start of decoding performance counter threshold alerts results.

Event ID 65 — Stop of decoding performance counter threshold alerts results.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Stop of decoding performance counter threshold alerts results.

Event ID 66 — Error during decoding performance counter threshold alerts results.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Error during decoding performance counter threshold alerts results.

Fields

NameDescription
ErrorMessage

Event ID 67 — Start of data update to performance counter threshold alert data.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Start of data update to performance counter threshold alert data.

Event ID 68 — Stop of data update to performance counter threshold alert data.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Stop of data update to performance counter threshold alert data.

Event ID 69 — Error during data update to performance counter threshold alert data.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Error during data update to performance counter threshold alert data.

Fields

NameDescription
ErrorMessage

Event ID 70 — Triggered performance counter threshold alert data results updated event.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Triggered performance counter threshold alert data results updated event.

Fields

NameDescription
MachineName

Event ID 71 — Start of decoding performance counter samples results.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Start of decoding performance counter samples results.

Event ID 72 — Stop of decoding performance counter samples results.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Stop of decoding performance counter samples results.

Event ID 73 — Error during decoding performance counter samples results.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Error during decoding performance counter samples results.

Fields

NameDescription
ErrorMessage

Event ID 74 — Start of data update to performance counter sample data.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Start of data update to performance counter sample data.

Event ID 75 — Stop of data update to performance counter sample data.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Stop of data update to performance counter sample data.

Event ID 76 — Error during data update to performance counter sample data.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Error during data update to performance counter sample data.

Fields

NameDescription
ErrorMessage

Event ID 77 — Triggered performance counter sample data results updated event.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Triggered performance counter sample data results updated event.

Fields

NameDescription
MachineName

Event ID 78 — Start job of diagnostics data collect (process snapshots).

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Start job of diagnostics data collect (process snapshots).

Fields

NameDescription
MachineName

Event ID 79 — Stop job of diagnostics data collect (process snapshots).

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Stop job of diagnostics data collect (process snapshots).

Event ID 80 — Error in a job of diagnostics data collect (process snapshots).

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Error in a job of diagnostics data collect (process snapshots).

Fields

NameDescription
ErrorMessage

Event ID 81 — Start of data update to diagnostics data (process snapshots).

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Start of data update to diagnostics data (process snapshots).

Event ID 82 — Stop of data update to diagnostics data (process snapshots).

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Stop of data update to diagnostics data (process snapshots).

Event ID 83 — Error during data update to diagnostics data (process snapshots).

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Error during data update to diagnostics data (process snapshots).

Fields

NameDescription
ErrorMessage

Event ID 84 — Start of time change filter.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Start of time change filter.

Fields

NameDescription
MachineName

Event ID 85 — Stop of time change filter.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Stop of time change filter.

Event ID 86 — Error during time change filter.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Error during time change filter.

Fields

NameDescription
ErrorMessage

Event ID 87 — Start job of time change filter.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Start job of time change filter.

Fields

NameDescription
MachineName

Event ID 88 — Stop job of time change filter.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Stop job of time change filter.

Event ID 89 — Error in a job of time change filter.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Error in a job of time change filter.

Fields

NameDescription
ErrorMessage

Event ID 90 — Start of data update for time change filter.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Start of data update for time change filter.

Event ID 91 — Stop of data update for time change filter.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Stop of data update for time change filter.

Event ID 92 — Error during data update for time change filter.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Error during data update for time change filter.

Fields

NameDescription
ErrorMessage

Event ID 93 — Job refresh error.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Job refresh error. Server name: %1. Job name: %2. Exception: %3

Fields

NameDescription
server
job
exception

Event ID 94 — Splash screen started.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Splash screen started.

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 94
  version: 0
  level: 4
  task: 6
  opcode: 1
  keywords: 2306124484190404608
  time_created: '2022-04-07T16:58:06.733119+00:00'
  event_record_id: 516
  correlation: {}
  execution:
    process_id: 4444
    thread_id: 4448
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6.sigma.fr
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data: {}
message: ''

References

Event ID 95 — Splash screen stopped.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Splash screen stopped.

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 95
  version: 0
  level: 4
  task: 6
  opcode: 2
  keywords: 2305843009213693952
  time_created: '2022-04-07T16:58:15.307676+00:00'
  event_record_id: 521
  correlation: {}
  execution:
    process_id: 4444
    thread_id: 4448
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6.sigma.fr
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data: {}
message: ''

References

Event ID 96 — Server list loading failed.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Server list loading failed.

Event ID 97 — Server manager shutdown stopped.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Server manager shutdown stopped.

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 97
  version: 0
  level: 4
  task: 9
  opcode: 0
  keywords: 2305843009213693952
  time_created: '2022-04-07T08:38:13.358492+00:00'
  event_record_id: 515
  correlation: {}
  execution:
    process_id: 5300
    thread_id: 5388
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6.sigma.fr
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data: {}
message: ''

References

Event ID 98 — User settings save started.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

User settings save started.

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 98
  version: 0
  level: 4
  task: 7
  opcode: 1
  keywords: 2305843009213693952
  time_created: '2022-04-07T08:38:13.280535+00:00'
  event_record_id: 510
  correlation: {}
  execution:
    process_id: 5300
    thread_id: 5256
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6.sigma.fr
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data: {}
message: ''

References

Event ID 99 — User settings save stopped.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

User settings save stopped.

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 99
  version: 0
  level: 4
  task: 7
  opcode: 2
  keywords: 2305843009213693952
  time_created: '2022-04-07T08:38:13.293162+00:00'
  event_record_id: 511
  correlation: {}
  execution:
    process_id: 5300
    thread_id: 5256
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6.sigma.fr
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data: {}
message: ''

References

Event ID 100 — Automation job history.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Automation job history. Server = %1. Job = %3. TimeElapsed = %4

Fields

NameDescription
Target
JobID
JobName
TimeElapsed
History

Event ID 101 — Automation job history.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Automation job history. Server = %1. Job = %3. TimeElapsed = %4. Error = %6

Fields

NameDescription
Target
JobID
JobName
TimeElapsed
History
Exception

Event ID 102 — Group of inventory refresh jobs has finished.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Group of inventory refresh jobs has finished. Session: %4

Fields

NameDescription
RefreshTriggerSource
Category
Machines
ID

Event ID 103 — Error encountered while attempting to load an advanced tool.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Error encountered while attempting to load an advanced tool: %1

Fields

NameDescription
ErrorMessage

Event ID 104 — DataStore persistence: starting load

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

DataStore persistence: starting load

Event ID 105 — DataStore persistence: load error %1.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

DataStore persistence: load error %1

Fields

NameDescription
ErrorMessage

Event ID 106 — DataStore persistence: load finished

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

DataStore persistence: load finished

Event ID 107 — DataStore persistence: starting save

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

DataStore persistence: starting save

Event ID 108 — DataStore persistence: save error.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

DataStore persistence: save error: %1

Fields

NameDescription
ErrorMessage

Event ID 109 — DataStore persistence: save finished

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

DataStore persistence: save finished

Event ID 110 — Inventory data update failed.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Inventory data update failed. %1.

Fields

NameDescription
MachineName
Error

Event ID 111 — Launched BPA scan on machine %1, BPA Model Ids %2.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Launched BPA scan on machine %1, BPA Model Ids %2

Fields

NameDescription
MachineName
JobName

Event ID 112 — Bpa Scan launch failed for server %1, error: %2.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Bpa Scan launch failed for server %1, error: %2

Fields

NameDescription
MachineName
Error

Event ID 113 — Start of enable job of performance counter collector.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Start of enable job of performance counter collector.

Event ID 114 — Stop of enable job of performance counter collector.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Stop of enable job of performance counter collector.

Event ID 115 — Failed enabling of performance counter collector.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Failed enabling of performance counter collector. %1.

Fields

NameDescription
ErrorMessage

Event ID 116 — Bpa include or exclude launch failed for server %1, error: %2.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Bpa include or exclude launch failed for server %1, error: %2

Fields

NameDescription
MachineName
Error

Event ID 117 — Error while launching command '.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Error while launching command '%1' : %2

Fields

NameDescription
MachineName
Error

Event ID 118 — Failed to close the post deployment configuration task.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Failed to close the post deployment configuration task. %1, Stack: %2

Fields

NameDescription
Task
Error

Event ID 119 — Created the post deployment task.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Created the post deployment task. %1. Source=%2

Fields

NameDescription
Description
Source

Event ID 120 — Completed the post deployment task.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Completed the post deployment task. %1. Source=%2

Fields

NameDescription
Description
Source

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 120
  version: 0
  level: 4
  task: 13
  opcode: 0
  keywords: 2305843009213693952
  time_created: '2022-04-07T17:07:17.045456+00:00'
  event_record_id: 181
  correlation:
    ActivityID: AA4DB9AF-DA1D-455F-908A-502ABDF549C8
  execution:
    process_id: 1460
    thread_id: 4948
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data:
  Description: Additional steps are required to make this machine a domain controller.
  Source: Wizard
message: ''

References

Event ID 121 — Failed to create the post deployment configuration task.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Failed to create the post deployment configuration task. Id: %1, Server: %2, Source: %3, Message: %4

Fields

NameDescription
RoleId
Server
Source
Message

Event ID 122 — Unknown type of failure to refresh data.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Unknown type of failure to refresh data. Server: %1. MessageID: %2. Message: %3

Fields

NameDescription
MachineName
MessageId
Message

Event ID 123 — Roles and features discovered on %1: %2.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Roles and features discovered on %1: %2

Fields

NameDescription
ServerName
Features

Event ID 124 — Roles and features requiring configuration on %1: %2.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Roles and features requiring configuration on %1: %2

Fields

NameDescription
ServerName
Features

Event ID 125 — Skipping Server Manager auto refresh.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Skipping Server Manager auto refresh. The desktop is not active.

Event ID 126 — Skipping loading the navigation item for a plugin that is not initialized.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Skipping loading the navigation item for a plugin that is not initialized. Role: %1. Status: %2

Fields

NameDescription
roleId
Status

Event ID 127 — Shell plugin icon not found.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Shell plugin icon not found. Role: %1. Icon: %2

Fields

NameDescription
roleId
Icon

Event ID 128 — Parent role not found.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Parent role not found. Server: %1. Feature ID: %2. Role ID: %3.

Fields

NameDescription
serverName
currentRoleId
parentRoleId

Event ID 129 — String pool has been scanned.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

String pool has been scanned. Total: %1, Removed: %2, Elapsed: %3.

Fields

NameDescription
totalCount
removedCount
elapsedTime

Event ID 130 — Automation job query started.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Automation job query started. Owner: %1

Fields

NameDescription
Owner

Event ID 131 — Automation job query result.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Automation job query result. Owner: %1. Job count: %2

Fields

NameDescription
Owner
Count

Event ID 132 — Automation job query completed.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Automation job query completed. Owner: %1. Error: %2

Fields

NameDescription
Owner
Error

Event ID 133 — Automation job created.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Automation job created. Owner: %1, Command: %2, Target: %3, Tracked: %4. Rehydrated: %5.

Fields

NameDescription
Owner
Command
Target
Tracked
Rehydrated

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 133
  version: 0
  level: 4
  task: 12
  opcode: 0
  keywords: 2305843009213693952
  time_created: '2022-04-07T17:21:40.297165+00:00'
  event_record_id: 685
  correlation:
    ActivityID: E0AAB88C-4A9F-0000-ADEC-AAE09F4AD801
  execution:
    process_id: 4444
    thread_id: 4100
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6.sigma.fr
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data:
  Owner: ServerManager
  Command: ServerManagerShell\Invoke-_InternalServiceMethod
  Target: ''
  Tracked: true
  Rehydrated: false
message: ''

References

Event ID 134 — Automation job creation failed with error.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Automation job creation failed with error: %1

Fields

NameDescription
ErrorMessage

Event ID 135 — Exception reported to refresh data.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Exception reported to refresh data. Server: %1. MessageID: %2. Message: %3

Fields

NameDescription
MachineName
MessageId
Message

Event ID 136 — Exception reported to data collection.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Exception reported to data collection. Server: %1. OperationName: %2. MessageID: %3. Message: %4

Fields

NameDescription
MachineName
OperationName
MessageId
Message

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 136
  version: 0
  level: 4
  task: 10
  opcode: 0
  keywords: 2305843009213693952
  time_created: '2022-04-04T11:01:44.968878+00:00'
  event_record_id: 1087
  correlation:
    ActivityID: 748EA6BB-2722-4FDA-B8B7-DA861FFC7DC8
  execution:
    process_id: 3156
    thread_id: 5064
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-TKC15D7KHUR
  security:
    user_id: S-1-5-21-1958040314-2592322477-2606035944-500
event_data:
  MachineName: WIN-TKC15D7KHUR
  OperationName: GetServerEventDetail
  MessageId: (None)
  Message: "Events from 'WebServer.Events.xml' could not be enumerated.\r\n"
message: ''

References

Event ID 150 — Automation job started.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Automation job started. Command: %2, Target: %3, Guid: %1

Fields

NameDescription
ID
Command
Target

Event ID 151 — Automation job state changed.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Automation job state changed. Command: %2, Target: %3, State: %4, Guid: %1

Fields

NameDescription
ID
Command
Target
State

Event ID 152 — Automation job error data added.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Automation job error data added. Error: %6, Command: %3, Target: %4, ID: %1, Parent: %2, Message: %7, Action: %8, Exception: %5

Fields

NameDescription
ID
ParentID
Command
Target
ErrorId
Message
Action
Exception

Event ID 153 — Automation job output data added.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Automation job output data added. Command: %3, Target: %4, ID: %1, Parent; %2

Fields

NameDescription
ID
ParentID
Command
Target

Event ID 154 — Automation job progress data added.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Automation job progress data added. Percent complete: %5, Command: %3, Target: %4, ID: %1, Parent: %2

Fields

NameDescription
ID
ParentID
Command
Target
PercentComplete

Event ID 155 — Automation job error data added.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Automation job error data added. Warning: %5, Command: %3, Target: %4, ID: %1, Parent: %2

Fields

NameDescription
ID
ParentID
Command
Target
Message

Event ID 156 — Data processing time.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Data processing time. Command: %3, Milliseconds: %5, Target: %4, ID: %1, Parent; %2

Fields

NameDescription
ID
ParentID
Command
Target
Milliseconds

Event ID 157 — Lengthy data processing time.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Lengthy data processing time. Command: %3, Milliseconds: %5, Target: %4, ID: %1, Parent; %2

Fields

NameDescription
ID
ParentID
Command
Target
Milliseconds

Event ID 160 — Error setting main window focus with the handle.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Error setting main window focus with the handle. %1

Fields

NameDescription
exception

Event ID 161 — Error writing the window handle.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Error writing the window handle. %1

Fields

NameDescription
exception

Event ID 162 — File mapping initialization failed.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

File mapping initialization failed. %1

Fields

NameDescription
errorCode

Event ID 163 — Error shutting down the kernel service.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Error shutting down the kernel service. %1

Fields

NameDescription
exception

Event ID 164 — CEIP/WER launch command started.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

CEIP/WER launch command started.

Event ID 165 — CEIP/WER launch command completed.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

CEIP/WER launch command completed.

Event ID 166 — CEIP/WER plugin load started.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

CEIP/WER plugin load started.

Event ID 167 — CEIP/WER plugin load completed.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

CEIP/WER plugin load completed.

Event ID 168 — Connection to M3P starting.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Connection to M3P starting.

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 168
  version: 0
  level: 4
  task: 5
  opcode: 2
  keywords: 2305843009213693952
  time_created: '2022-04-07T17:21:29.048530+00:00'
  event_record_id: 676
  correlation:
    ActivityID: E0AAB88C-4A9F-0000-77EB-AAE09F4AD801
  execution:
    process_id: 4444
    thread_id: 4780
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6.sigma.fr
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data: {}
message: ''

References

Event ID 169 — Connection to M3P completed.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Connection to M3P completed.

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 169
  version: 0
  level: 4
  task: 5
  opcode: 2
  keywords: 2305843009213693952
  time_created: '2022-04-07T17:21:31.700287+00:00'
  event_record_id: 679
  correlation:
    ActivityID: 1480B89F-E871-42E4-BFB4-C8F88B053137
  execution:
    process_id: 4444
    thread_id: 4780
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6.sigma.fr
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data: {}
message: ''

References

Event ID 170 — Credentials set for connections to machines.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Credentials set for connections to machines: %1. User name = %2

Fields

NameDescription
Targets
UserName

Event ID 171 — Refresh session started.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Refresh session started. Source: %1. Categories: %2. Servers: %3. Id: %4

Fields

NameDescription
RefreshTriggerSource
Category
Machines
ID

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 171
  version: 0
  level: 4
  task: 10
  opcode: 0
  keywords: 2305843009213693952
  time_created: '2022-04-07T17:38:23.580114+00:00'
  event_record_id: 722
  correlation: {}
  execution:
    process_id: 4444
    thread_id: 2880
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6.sigma.fr
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data:
  RefreshTriggerSource: Scheduler (None, None)
  Category: Inventory
  Machines: WIN-FPV0DSIC9O6.sigma.fr
  ID: 670EEE8B-2C25-447D-AAD4-2FDBE19E5196
message: ''

References

Event ID 172 — Refresh session completed.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Refresh session completed. Id: %1

Fields

NameDescription
ID

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 172
  version: 0
  level: 4
  task: 10
  opcode: 0
  keywords: 2305843009213693952
  time_created: '2022-04-07T17:38:27.540457+00:00'
  event_record_id: 753
  correlation:
    ActivityID: C9DB0EBB-AD74-4A6D-A36D-C691522795E3
  execution:
    process_id: 4444
    thread_id: 4868
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6.sigma.fr
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data:
  ID: 670EEE8B-2C25-447D-AAD4-2FDBE19E5196
message: ''

References

Event ID 173 — Credentials loaded from the cred store: User name = %1.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Credentials loaded from the cred store: User name = %1

Fields

NameDescription
UserName

Event ID 174 — Error loading credentials from the cred store.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Error loading credentials from the cred store. User name: %1. Error: %2

Fields

NameDescription
UserName
Error

Event ID 175 — Credentials saved to the cred store: User name = %1.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Credentials saved to the cred store: User name = %1

Fields

NameDescription
UserName

Event ID 176 — Error saving credentials to the cred store.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Error saving credentials to the cred store. User name: %1. Error: %2

Fields

NameDescription
UserName
Error

Event ID 177 — Credentials deleted from the cred store: User name = %1.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Credentials deleted from the cred store: User name = %1

Fields

NameDescription
UserName

Event ID 178 — Error deleting credentials from the cred store.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Error deleting credentials from the cred store. User name: %1. Error: %2

Fields

NameDescription
UserName
Error

Event ID 179 — Local server properties refresh started.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Local server properties refresh started.

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 179
  version: 0
  level: 4
  task: 10
  opcode: 0
  keywords: 2305843009213693952
  time_created: '2022-04-07T17:11:32.549096+00:00'
  event_record_id: 613
  correlation: {}
  execution:
    process_id: 4444
    thread_id: 2492
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6.sigma.fr
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data: {}
message: ''

References

Event ID 180 — Local server properties refresh completed.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Local server properties refresh completed.

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 180
  version: 0
  level: 4
  task: 10
  opcode: 0
  keywords: 2305843009213693952
  time_created: '2022-04-07T17:11:34.976833+00:00'
  event_record_id: 615
  correlation: {}
  execution:
    process_id: 4444
    thread_id: 2492
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6.sigma.fr
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data: {}
message: ''

References

Event ID 181 — Error accessing local server properties.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Error accessing local server properties. %1

Fields

NameDescription
exception

Event ID 182 — Completed services modification job

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Completed services modification job

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 182
  version: 0
  level: 4
  task: 10
  opcode: 0
  keywords: 2305843009213693952
  time_created: '2022-04-07T17:21:43.028714+00:00'
  event_record_id: 689
  correlation:
    ActivityID: E0AAB88C-4A9F-0000-E7EC-AAE09F4AD801
  execution:
    process_id: 4444
    thread_id: 4448
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6.sigma.fr
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data: {}
message: ''

References

Event ID 183 — Launching wizard from automation job started.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Launching wizard from automation job started. Command: %1

Fields

NameDescription
Command

Event ID 184 — Launching wizard from automation job completed.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Launching wizard from automation job completed. Command: %1

Fields

NameDescription
Command

Event ID 190 — Starting WinRM service status check.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Starting WinRM service status check. Status: %1, Exception: %2

Fields

NameDescription
serviceStatus
exception

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 190
  version: 0
  level: 4
  task: 12
  opcode: 0
  keywords: 2305843009213693952
  time_created: '2022-04-07T17:21:29.061107+00:00'
  event_record_id: 677
  correlation:
    ActivityID: E0AAB88C-4A9F-0000-77EB-AAE09F4AD801
  execution:
    process_id: 4444
    thread_id: 4780
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6.sigma.fr
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data:
  serviceStatus: Running
  exception: None
message: ''

References

Event ID 191 — Completed WinRM service status check.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Completed WinRM service status check. Status: %1, Exception: %2

Fields

NameDescription
serviceStatus
exception

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 191
  version: 0
  level: 4
  task: 12
  opcode: 0
  keywords: 2305843009213693952
  time_created: '2022-04-07T17:21:29.061322+00:00'
  event_record_id: 678
  correlation:
    ActivityID: E0AAB88C-4A9F-0000-77EB-AAE09F4AD801
  execution:
    process_id: 4444
    thread_id: 4780
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6.sigma.fr
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data:
  serviceStatus: Running
  exception: None
message: ''

References

Event ID 192 — Refresh item completed.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Refresh item completed. Server: %1, Session Item Count: %2

Fields

NameDescription
MachineName
Count

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 192
  version: 0
  level: 4
  task: 10
  opcode: 0
  keywords: 2305843009213693952
  time_created: '2022-04-07T17:38:27.540265+00:00'
  event_record_id: 752
  correlation:
    ActivityID: C9DB0EBB-AD74-4A6D-A36D-C691522795E3
  execution:
    process_id: 4444
    thread_id: 4868
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6.sigma.fr
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data:
  MachineName: WIN-FPV0DSIC9O6.sigma.fr
  Count: 1
message: ''

References

Event ID 193 — Error cleaning up credentials from the cred store.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Error cleaning up credentials from the cred store. Error: %1

Fields

NameDescription
errorCode

Event ID 194 — Cluster query item added.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Cluster query item added. Server: %1, Cluster: %2

Fields

NameDescription
MachineName
ClusterName

Event ID 195 — Cluster query item data received.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Cluster query item data received. Server: %1

Fields

NameDescription
MachineName

Event ID 196 — New cluster nodes added to session.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

New cluster nodes added to session. Servers: %1

Fields

NameDescription
MachineName

Event ID 197 — Cluster query item completed.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Cluster query item completed. Server: %1, Session Item Count: %2

Fields

NameDescription
MachineName
Count

Event ID 200 — Refresh item session create started.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Refresh item session create started. Server: %1

Fields

NameDescription
MachineName

Event ID 201 — Refresh item session create completed.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Refresh item session create completed. Server: %1, Error: %2

Fields

NameDescription
MachineName
Error

Event ID 202 — Refresh item session close started.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Refresh item session close started. Server: %1

Fields

NameDescription
MachineName

Event ID 203 — Refresh item session close completed.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Refresh item session close completed. Server: %1, Error: %2

Fields

NameDescription
MachineName
Error

Event ID 204 — Refresh item invocation started.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Refresh item invocation started. Server: %1, Method name: %2

Fields

NameDescription
MachineName
OperationName

Event ID 205 — Refresh item enumeration started.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Refresh item enumeration started. Server: %1, Class name: %2

Fields

NameDescription
MachineName
OperationName

Event ID 206 — Refresh item data received.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Refresh item data received. Server: %1, Method or class name: %2

Fields

NameDescription
MachineName
OperationName

Event ID 207 — Refresh item operation completed.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Refresh item operation completed. Server: %1, Method or class name: %2

Fields

NameDescription
MachineName
OperationName

Event ID 208 — Refresh item operation error.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Refresh item operation error. Server: %1, Method or class name: %2, Error: %3

Fields

NameDescription
MachineName
OperationName
Error

Event ID 209 — Creating new session.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Creating new session. Server: %1, Protocol: %2, User: %3

Fields

NameDescription
serverName
protocol
userName

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 209
  version: 0
  level: 4
  task: 17
  opcode: 0
  keywords: 2305843009213693952
  time_created: '2022-04-07T17:38:27.506487+00:00'
  event_record_id: 746
  correlation:
    ActivityID: 4ACAA8DE-FAC8-4188-A6B0-EFCD7D7B46CA
  execution:
    process_id: 4444
    thread_id: 2632
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6.sigma.fr
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data:
  serverName: localhost
  protocol: DCOM
  userName: 'null'
message: ''

References

Event ID 210 — Enumerate instances started.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Enumerate instances started. Server: %1, Namespace: %2, Class: %3

Fields

NameDescription
serverName
namespaceName
wmiClassName
protocol

Event ID 211 — Enumerate instances completed.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Enumerate instances completed. Server: %1, Namespace: %2, Class: %3

Fields

NameDescription
serverName
namespaceName
wmiClassName
protocol

Event ID 212 — Enumerate instances error.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Enumerate instances error. Server: %1, Namespace: %2, Class: %3, Error: %5

Fields

NameDescription
serverName
namespaceName
wmiClassName
protocol
error

Event ID 213 — Enumerate instances data received.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Enumerate instances data received. Server: %1, Namespace: %2, Class: %3

Fields

NameDescription
serverName
namespaceName
wmiClassName
protocol

Event ID 214 — Invoke method started.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Invoke method started. Server: %1, Namespace: %2, Class: %3, Method: %4

Fields

NameDescription
serverName
namespaceName
wmiClassName
methodName
protocol

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 214
  version: 0
  level: 4
  task: 17
  opcode: 0
  keywords: 2305843009213693952
  time_created: '2022-04-07T17:38:27.506485+00:00'
  event_record_id: 745
  correlation:
    ActivityID: 4ACAA8DE-FAC8-4188-A6B0-EFCD7D7B46CA
  execution:
    process_id: 4444
    thread_id: 2632
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6.sigma.fr
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data:
  serverName: localhost
  namespaceName: root\microsoft\windows\servermanager
  wmiClassName: MSFT_ServerManagerTasks
  methodName: GetServerBpaResult
  protocol: DCOM
message: ''

References

Event ID 215 — Invoke method completed.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Invoke method completed. Server: %1, Namespace: %2, Class: %3, Method: %4

Fields

NameDescription
serverName
namespaceName
wmiClassName
methodName
protocol

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 215
  version: 0
  level: 4
  task: 17
  opcode: 0
  keywords: 2305843009213693952
  time_created: '2022-04-07T17:38:27.540206+00:00'
  event_record_id: 751
  correlation:
    ActivityID: C9DB0EBB-AD74-4A6D-A36D-C691522795E3
  execution:
    process_id: 4444
    thread_id: 4868
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6.sigma.fr
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data:
  serverName: localhost
  namespaceName: root\microsoft\windows\servermanager
  wmiClassName: MSFT_ServerManagerTasks
  methodName: GetServerEventDetail
  protocol: DCOM
message: ''

References

Event ID 216 — Invoke method error.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Invoke method error. Server: %1, Namespace: %2, Class: %3, Method: %4, Error: %6

Fields

NameDescription
serverName
namespaceName
wmiClassName
methodName
protocol
error

Event ID 217 — Invoke method data received.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Invoke method data received. Server: %1, Namespace: %2, Class: %3, Method: %4

Fields

NameDescription
serverName
namespaceName
wmiClassName
methodName
protocol

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 217
  version: 0
  level: 4
  task: 17
  opcode: 0
  keywords: 2305843009213693952
  time_created: '2022-04-07T17:38:27.540179+00:00'
  event_record_id: 750
  correlation:
    ActivityID: C9DB0EBB-AD74-4A6D-A36D-C691522795E3
  execution:
    process_id: 4444
    thread_id: 4868
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6.sigma.fr
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data:
  serverName: localhost
  namespaceName: root\microsoft\windows\servermanager
  wmiClassName: MSFT_ServerManagerTasks
  methodName: GetServerEventDetail
  protocol: DCOM
message: ''

References

Event ID 218 — Invoke method non-terminating error received.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
3
Samples
1

Message

Invoke method non-terminating error received. Server: %1, Namespace: %2, Class: %3, Method: %4, Error Code: %6, Error Message: %7

Fields

NameDescription
serverName
namespaceName
wmiClassName
methodName
protocol
errorCode
errorMessage

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 218
  version: 0
  level: 3
  task: 17
  opcode: 0
  keywords: 2305843009213693952
  time_created: '2022-04-04T11:01:44.968700+00:00'
  event_record_id: 1086
  correlation:
    ActivityID: 748EA6BB-2722-4FDA-B8B7-DA861FFC7DC8
  execution:
    process_id: 3156
    thread_id: 5064
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-TKC15D7KHUR
  security:
    user_id: S-1-5-21-1958040314-2592322477-2606035944-500
event_data:
  serverName: localhost
  namespaceName: root\microsoft\windows\servermanager
  wmiClassName: MSFT_ServerManagerTasks
  methodName: GetServerEventDetail
  protocol: DCOM
  errorCode: 2
  errorMessage: "Events from 'WebServer.Events.xml' could not be enumerated.\r\n"
message: ''

References

Event ID 219 — Invoke method message received.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Invoke method message received. Server: %1, Namespace: %2, Class: %3, Method: %4, Channel: %6, Message: %7

Fields

NameDescription
serverName
namespaceName
wmiClassName
methodName
protocol
channel
message

Event ID 220 — Disconnect from M3P starting.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Disconnect from M3P starting.

Event ID 221 — Disconnect from M3P completed.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Disconnect from M3P completed.

Event ID 300 — Server data processer start.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Server data processer start. Server name: %1

Fields

NameDescription
MachineName

Event ID 301 — Server data processer stop.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Server data processer stop. Server name: %1

Fields

NameDescription
MachineName

Event ID 302 — Server data processor failed.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Server data processor failed. Server name: %1

Fields

NameDescription
serverName
parameterName

Event ID 303 — Server data processor on next start.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Server data processor on next start. Server name: %1, Parameter name: %2, Data: %3

Fields

NameDescription
serverName
parameterName
categories

Event ID 304 — Server data processor on next stop.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Server data processor on next stop. Server name: %1, Parameter name: %2, Data: %3

Fields

NameDescription
serverName
parameterName
categories

Event ID 305 — Feature data processer start.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Feature data processer start. Server name: %1

Fields

NameDescription
MachineName

Event ID 306 — Feature data processer stop.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Feature data processer stop. Server name: %1

Fields

NameDescription
MachineName

Event ID 307 — Feature data processor failed.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Feature data processor failed. Server name: %1

Fields

NameDescription
serverName
parameterName

Event ID 308 — Feature data processor on next start.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Feature data processor on next start. Server name: %1, Parameter name: %2

Fields

NameDescription
serverName
parameterName

Event ID 309 — Feature data processor on next stop.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Feature data processor on next stop. Server name: %1, Parameter name: %2

Fields

NameDescription
serverName
parameterName

Event ID 310 — BPA data processer start.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

BPA data processer start. Server name: %1

Fields

NameDescription
MachineName

Event ID 311 — BPA data processer stop.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

BPA data processer stop. Server name: %1

Fields

NameDescription
MachineName

Event ID 312 — BPA data processor failed.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

BPA data processor failed. Server name: %1

Fields

NameDescription
serverName
parameterName

Event ID 313 — BPA data processor on next start.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

BPA data processor on next start. Server name: %1, Parameter name: %2

Fields

NameDescription
serverName
parameterName

Event ID 314 — BPA data processor on next stop.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

BPA data processor on next stop. Server name: %1, Parameter name: %2

Fields

NameDescription
serverName
parameterName

Event ID 315 — Events data processer start.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Events data processer start. Server name: %1

Fields

NameDescription
MachineName

Event ID 316 — Events data processer stop.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Events data processer stop. Server name: %1

Fields

NameDescription
MachineName

Event ID 317 — Events data processor failed.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Events data processor failed. Server name: %1

Fields

NameDescription
serverName
parameterName

Event ID 318 — Events data processor on next start.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Events data processor on next start. Server name: %1, Parameter name: %2

Fields

NameDescription
serverName
parameterName

Event ID 319 — Events data processor on next stop.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Events data processor on next stop. Server name: %1, Parameter name: %2

Fields

NameDescription
serverName
parameterName

Event ID 320 — Performance counter data processer start.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Performance counter data processer start. Server name: %1

Fields

NameDescription
MachineName

Event ID 321 — Performance counter data processer stop.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Performance counter data processer stop. Server name: %1

Fields

NameDescription
MachineName

Event ID 322 — Performance counter data processor failed.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Performance counter data processor failed. Server name: %1

Fields

NameDescription
serverName
parameterName

Event ID 323 — Performance counter data processor on next start.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Performance counter data processor on next start. Server name: %1, Parameter name: %2

Fields

NameDescription
serverName
parameterName

Event ID 324 — Performance counter data processor on next stop.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Performance counter data processor on next stop. Server name: %1, Parameter name: %2

Fields

NameDescription
serverName
parameterName

Event ID 325 — Services data processer start.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Services data processer start. Server name: %1

Fields

NameDescription
MachineName

Event ID 326 — Services data processer stop.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Services data processer stop. Server name: %1

Fields

NameDescription
MachineName

Event ID 327 — Services data processor failed.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Services data processor failed. Server name: %1

Fields

NameDescription
serverName
parameterName

Event ID 328 — Services data processor on next start.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Services data processor on next start. Server name: %1, Parameter name: %2

Fields

NameDescription
serverName
parameterName

Event ID 329 — Services data processor on next stop.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Services data processor on next stop. Server name: %1, Parameter name: %2

Fields

NameDescription
serverName
parameterName

Event ID 330 — Servers tile view update start.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Servers tile view update start. Name: %1, Count: %2

Fields

NameDescription
tileName
categories

Event ID 331 — Servers tile view update stop.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Servers tile view update stop. Name: %1, Count: %2

Fields

NameDescription
tileName
categories

Event ID 332 — Features tile view update start.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Features tile view update start. Name: %1, Count: %2

Fields

NameDescription
tileName
categories

Event ID 333 — Features tile view update stop.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Features tile view update stop. Name: %1, Count: %2

Fields

NameDescription
tileName
categories

Event ID 334 — BPA tile view update start.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

BPA tile view update start. Name: %1, Count: %2

Fields

NameDescription
tileName
categories

Event ID 335 — BPA tile view update stop.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

BPA tile view update stop. Name: %1, Count: %2

Fields

NameDescription
tileName
categories

Event ID 336 — Events tile view update start.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Events tile view update start. Name: %1, Count: %2

Fields

NameDescription
tileName
categories

Event ID 337 — Events tile view update stop.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Events tile view update stop. Name: %1, Count: %2

Fields

NameDescription
tileName
categories

Event ID 338 — Performance tile view update start.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Performance tile view update start. Name: %1, Count: %2

Fields

NameDescription
tileName
categories

Event ID 339 — Performance tile view update stop.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Performance tile view update stop. Name: %1, Count: %2

Fields

NameDescription
tileName
categories

Event ID 340 — Services tile view update start.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Services tile view update start. Name: %1, Count: %2

Fields

NameDescription
tileName
categories

Event ID 341 — Services tile view update stop.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Services tile view update stop. Name: %1, Count: %2

Fields

NameDescription
tileName
categories

Event ID 342 — Servers thumbnail view update start.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Servers thumbnail view update start. Name: %1, Count: %2

Fields

NameDescription
thumbnailName
categories

Event ID 343 — Servers thumbnail view update stop.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Servers thumbnail view update stop. Name: %1, Count: %2

Fields

NameDescription
thumbnailName
categories

Event ID 344 — Timestamp thumbnail view update start.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Timestamp thumbnail view update start. Name: %1, Time: %2

Fields

NameDescription
thumbnailName
timestamp

Event ID 345 — Timestamp thumbnail view update stop.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Timestamp thumbnail view update stop. Name: %1, Time: %2

Fields

NameDescription
thumbnailName
timestamp

Event ID 346 — BPA thumbnail view update start.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

BPA thumbnail view update start. Name: %1, Count: %2

Fields

NameDescription
thumbnailName
categories

Event ID 347 — BPA thumbnail view update stop.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

BPA thumbnail view update stop. Name: %1, Count: %2

Fields

NameDescription
thumbnailName
categories

Event ID 348 — Events thumbnail view update start.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Events thumbnail view update start. Name: %1, Count: %2

Fields

NameDescription
thumbnailName
categories

Event ID 349 — Events thumbnail view update stop.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Events thumbnail view update stop. Name: %1, Count: %2

Fields

NameDescription
thumbnailName
categories

Event ID 350 — Performance thumbnail view update start.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Performance thumbnail view update start. Name: %1, Count: %2

Fields

NameDescription
thumbnailName
categories

Event ID 351 — Performance thumbnail view update stop.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Performance thumbnail view update stop. Name: %1, Count: %2

Fields

NameDescription
thumbnailName
categories

Event ID 352 — Services thumbnail view update start.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Services thumbnail view update start. Name: %1, Count: %2

Fields

NameDescription
thumbnailName
categories

Event ID 353 — Services thumbnail view update stop.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Services thumbnail view update stop. Name: %1, Count: %2

Fields

NameDescription
thumbnailName
categories

Event ID 354 — Manageability thumbnail view update start.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Manageability thumbnail view update start. Name: %1, Count: %2

Fields

NameDescription
thumbnailName
categories

Event ID 355 — Manageability thumbnail view update stop.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Manageability thumbnail view update stop. Name: %1, Count: %2

Fields

NameDescription
thumbnailName
categories

Event ID 356 — Async job creation started.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Async job creation started. Command: %2, Target: %3, State: %4, Proxy Instance ID: %1

Fields

NameDescription
ID
Command
Target
State

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 356
  version: 0
  level: 4
  task: 12
  opcode: 1
  keywords: 2305843009213693952
  time_created: '2022-04-07T17:21:41.337170+00:00'
  event_record_id: 686
  correlation:
    ActivityID: 1480B89F-E871-42E4-BFB4-C8F88B053137
  execution:
    process_id: 4444
    thread_id: 4380
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6.sigma.fr
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data:
  ID: 97DEB445-282E-4B54-9C43-57E30F4270F5
  Command: ServerManagerShell\Invoke-_InternalServiceMethod
  Target: localhost
  State: Running
message: ''

References

Event ID 2000 — Deployment Wizard is launched.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Deployment Wizard is launched.  Target Server: %1

Fields

NameDescription
serverName

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 2000
  version: 0
  level: 4
  task: 5
  opcode: 0
  keywords: 2305843009213693952
  time_created: '2022-04-07T17:05:14.611551+00:00'
  event_record_id: 85
  correlation:
    ActivityID: DD7B0B6A-4A9E-0001-737B-7BDD9E4AD801
  execution:
    process_id: 1460
    thread_id: 4948
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data:
  serverName: WIN-FPV0DSIC9O6
message: ''

References

Event ID 2001 — Deployment Wizard is closed.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Deployment Wizard is closed.  Target Server: %1

Fields

NameDescription
serverName

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 2001
  version: 0
  level: 4
  task: 9
  opcode: 0
  keywords: 2305843009213693952
  time_created: '2022-04-07T17:07:18.961762+00:00'
  event_record_id: 203
  correlation:
    ActivityID: DD7B0B6A-4A9E-0000-FD97-7BDD9E4AD801
  execution:
    process_id: 1460
    thread_id: 4948
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data:
  serverName: WIN-FPV0DSIC9O6
message: ''

References

Event ID 2002 — Deployment Wizard repository loading start.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Deployment Wizard repository loading start.  Target Server: %1

Fields

NameDescription
serverName

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 2002
  version: 0
  level: 4
  task: 6
  opcode: 0
  keywords: 2305843009213693952
  time_created: '2022-04-07T17:05:14.562299+00:00'
  event_record_id: 81
  correlation:
    ActivityID: DD7B0B6A-4A9E-0000-5585-7BDD9E4AD801
  execution:
    process_id: 1460
    thread_id: 1360
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data:
  serverName: WIN-FPV0DSIC9O6
message: ''

References

Event ID 2003 — Deployment Wizard repository loading completed.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Deployment Wizard repository loading completed.  Target Server: %1. Status: %2

Fields

NameDescription
targetServer
Message

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 2003
  version: 0
  level: 4
  task: 6
  opcode: 0
  keywords: 2305843009213693952
  time_created: '2022-04-07T17:05:15.267300+00:00'
  event_record_id: 89
  correlation:
    ActivityID: DD7B0B6A-4A9E-0000-5585-7BDD9E4AD801
  execution:
    process_id: 1460
    thread_id: 1360
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data:
  targetServer: WIN-FPV0DSIC9O6
  Message: Success
message: ''

References

Event ID 2004 — Deployment Wizard repository loading completed and repository is empty.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Deployment Wizard repository loading completed and repository is empty.  Target Server: %1

Fields

NameDescription
serverName

Event ID 2005 — Deployment Wizard installation type changed.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Deployment Wizard installation type changed.  InstallationType: %1

Fields

NameDescription
Category

Event ID 2006 — Deployment Wizard component selected.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Deployment Wizard component selected.  ComponentId: %1. Display Name: %2

Fields

NameDescription
componentId
displayName

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 2006
  version: 0
  level: 4
  task: 15
  opcode: 0
  keywords: 2305843009213693952
  time_created: '2022-04-07T17:05:53.457840+00:00'
  event_record_id: 102
  correlation:
    ActivityID: DD7B0B6A-4A9E-0000-3986-7BDD9E4AD801
  execution:
    process_id: 1460
    thread_id: 3188
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data:
  componentId: 10
  displayName: Active Directory Domain Services
message: ''

References

Event ID 2007 — Deployment Wizard component unselected.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Deployment Wizard component unselected.  ComponentId: %1. Display Name: %2

Fields

NameDescription
componentId
displayName

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 2007
  version: 0
  level: 4
  task: 15
  opcode: 0
  keywords: 2305843009213693952
  time_created: '2022-04-04T10:56:42.409230+00:00'
  event_record_id: 859
  correlation:
    ActivityID: 066FA786-2FC0-0000-A7F8-7006C02FD801
  execution:
    process_id: 3156
    thread_id: 4644
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-TKC15D7KHUR
  security:
    user_id: S-1-5-21-1958040314-2592322477-2606035944-500
event_data:
  componentId: 468
  displayName: Remote Access
message: ''

References

Event ID 2008 — Deployment Wizard component selection cancelled through dependency dialog.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Deployment Wizard component selection cancelled through dependency dialog.

Event ID 2009 — Deployment Wizard target server collection has changed.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Deployment Wizard target server collection has changed.

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 2009
  version: 0
  level: 4
  task: 15
  opcode: 0
  keywords: 2305843009213693952
  time_created: '2022-04-07T17:05:19.729055+00:00'
  event_record_id: 96
  correlation:
    ActivityID: DD7B0B6A-4A9E-0001-BC7B-7BDD9E4AD801
  execution:
    process_id: 1460
    thread_id: 4948
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data: {}
message: ''

References

Event ID 2010 — Deployment Wizard page enter.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Deployment Wizard page enter. Page title: %1

Fields

NameDescription
pageTitle

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 2010
  version: 0
  level: 4
  task: 15
  opcode: 0
  keywords: 2305843009213693952
  time_created: '2022-04-07T17:06:24.456060+00:00'
  event_record_id: 163
  correlation:
    ActivityID: DD7B0B6A-4A9E-0000-9086-7BDD9E4AD801
  execution:
    process_id: 1460
    thread_id: 4948
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data:
  pageTitle: InstallationCompletionPage
message: ''

References

Event ID 2011 — Deployment Wizard page exit.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Deployment Wizard page exit. Page title: %1

Fields

NameDescription
pageTitle

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 2011
  version: 0
  level: 4
  task: 15
  opcode: 0
  keywords: 2305843009213693952
  time_created: '2022-04-07T17:06:24.453440+00:00'
  event_record_id: 162
  correlation:
    ActivityID: DD7B0B6A-4A9E-0000-9086-7BDD9E4AD801
  execution:
    process_id: 1460
    thread_id: 4948
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data:
  pageTitle: InstallationConfirmationPage
message: ''

References

Event ID 2012 — Deployment Wizard cancel requested.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Deployment Wizard cancel requested. Target Server: %1

Fields

NameDescription
serverName

Event ID 2013 — Deployment Wizard commit action started.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Deployment Wizard commit action started.  Target Server: %1, Job: %2

Fields

NameDescription
MachineName
JobName

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 2013
  version: 0
  level: 4
  task: 12
  opcode: 0
  keywords: 2305843009213693952
  time_created: '2022-04-07T17:06:32.648209+00:00'
  event_record_id: 177
  correlation:
    ActivityID: AA4DB9AF-DA1D-455F-908A-502ABDF549C8
  execution:
    process_id: 1460
    thread_id: 5200
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data:
  MachineName: WIN-FPV0DSIC9O6
  JobName: ID:66eda40e-d1c4-4391-9a10-1a9a078f1add;Feature installation
message: ''

References

Event ID 2014 — Deployment Wizard commit action completed.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Deployment Wizard commit action completed.  Target Server: %1. Job: %2. Status: %3. Reason %4

Fields

NameDescription
MachineName
JobName
Status
Reason

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 2014
  version: 0
  level: 4
  task: 5
  opcode: 0
  keywords: 2305843009213693952
  time_created: '2022-04-07T17:07:17.055539+00:00'
  event_record_id: 198
  correlation:
    ActivityID: AA4DB9AF-DA1D-455F-908A-502ABDF549C8
  execution:
    process_id: 1460
    thread_id: 5236
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data:
  MachineName: localhost
  JobName: ID:66eda40e-d1c4-4391-9a10-1a9a078f1add;Feature installation
  Status: Succeeded
  Reason: ''
message: ''

References

Event ID 2015 — Deployment Wizard component selection step completed.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Deployment Wizard component selection step completed.  ComponentId: %1. Display Name: %2

Fields

NameDescription
componentId
displayName

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 2015
  version: 0
  level: 4
  task: 15
  opcode: 0
  keywords: 2305843009213693952
  time_created: '2022-04-07T17:05:56.402968+00:00'
  event_record_id: 140
  correlation:
    ActivityID: DD7B0B6A-4A9E-0001-777C-7BDD9E4AD801
  execution:
    process_id: 1460
    thread_id: 4948
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data:
  componentId: 10
  displayName: Active Directory Domain Services
message: ''

References

Event ID 2016 — Deployment Wizard component unselection completed.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Deployment Wizard component unselection completed.  ComponentId: %1. Display Name: %2

Fields

NameDescription
componentId
displayName

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 2016
  version: 0
  level: 4
  task: 15
  opcode: 0
  keywords: 2305843009213693952
  time_created: '2022-04-04T10:56:42.427037+00:00'
  event_record_id: 861
  correlation:
    ActivityID: 066FA786-2FC0-0000-A8F8-7006C02FD801
  execution:
    process_id: 3156
    thread_id: 3160
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-TKC15D7KHUR
  security:
    user_id: S-1-5-21-1958040314-2592322477-2606035944-500
event_data:
  componentId: 468
  displayName: Remote Access
message: ''

References

Event ID 2100 — Deployment plugin loading started.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Deployment plugin loading started.  RoleId: %1

Fields

NameDescription
roleId

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 2100
  version: 0
  level: 4
  task: 1
  opcode: 0
  keywords: 2305843009213693952
  time_created: '2022-04-07T17:07:17.045905+00:00'
  event_record_id: 196
  correlation:
    ActivityID: AA4DB9AF-DA1D-455F-908A-502ABDF549C8
  execution:
    process_id: 1460
    thread_id: 4948
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data:
  roleId: 299
message: ''

References

Event ID 2101 — Deployment plugin loading completed.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Deployment plugin loading completed.  RoleId: %1. Status: %2

Fields

NameDescription
roleId
Status
Message

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 2101
  version: 0
  level: 4
  task: 1
  opcode: 0
  keywords: 2305843009213693952
  time_created: '2022-04-07T17:07:17.045906+00:00'
  event_record_id: 197
  correlation:
    ActivityID: AA4DB9AF-DA1D-455F-908A-502ABDF549C8
  execution:
    process_id: 1460
    thread_id: 4948
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data:
  roleId: 299
  Status: Not required
  Message: The feature add-in is not required.
message: ''

References

Event ID 2102 — Deployment component pages added.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Deployment component pages added.  ComponentId: %1

Fields

NameDescription
componentId

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 2102
  version: 0
  level: 4
  task: 7
  opcode: 0
  keywords: 2305843009213693952
  time_created: '2022-04-07T17:05:56.444994+00:00'
  event_record_id: 141
  correlation:
    ActivityID: DD7B0B6A-4A9E-0001-777C-7BDD9E4AD801
  execution:
    process_id: 1460
    thread_id: 4948
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data:
  componentId: 10
message: ''

References

Event ID 2103 — Deployment component pages removed.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Deployment component pages removed.  ComponentId: %1

Fields

NameDescription
componentId

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 2103
  version: 0
  level: 4
  task: 7
  opcode: 0
  keywords: 2305843009213693952
  time_created: '2022-04-04T10:56:42.433764+00:00'
  event_record_id: 862
  correlation:
    ActivityID: 066FA786-2FC0-0000-A8F8-7006C02FD801
  execution:
    process_id: 3156
    thread_id: 3160
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-TKC15D7KHUR
  security:
    user_id: S-1-5-21-1958040314-2592322477-2606035944-500
event_data:
  componentId: 468
message: ''

References

Event ID 2105 — Deployment configuration data export started.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Deployment configuration data export started. File location: %1

Fields

NameDescription
fileLocation

Event ID 2106 — Deployment configuration data export completed.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Deployment configuration data export completed. File location: %1

Fields

NameDescription
fileLocation

Event ID 2107 — Pre-requisite check started for component with ComponentId.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Pre-requisite check started for component with ComponentId: %1

Fields

NameDescription
componentId

Event ID 2108 — Pre-requisite check completed for component with ComponentId: %1, Status: %2.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Pre-requisite check completed for component with ComponentId: %1, Status: %2

Fields

NameDescription
roleId
Status

Event ID 2109 — Pre-uninstall step started for component with ComponentId.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Pre-uninstall step started for component with ComponentId: %1

Fields

NameDescription
componentId

Event ID 2110 — Pre-uninstall step completed for component with ComponentId: %1, Status: %2.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Pre-uninstall step completed for component with ComponentId: %1, Status: %2

Fields

NameDescription
roleId
Status

Event ID 4000 — Add-_InternalWindowsRole workflow entered.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Add-_InternalWindowsRole workflow entered. If this event is not followed by event 4001 or 4002, the workflow either failed, was cancelled, or is still in progress. TargetComputer:%1, ServerComponentNames: %2, Remove: %3, PathToVhdFile: %4, PermitReboot: %5, Source: %6, DeleteComponents: %7

Fields

NameDescription
targetComputer
serverComponentNames
remove
pathToVhdFile
permitReboot
source
deleteComponents

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 4000
  version: 0
  level: 4
  task: 4001
  opcode: 0
  keywords: 2305843009213693952
  time_created: '2022-04-07T17:06:32.576262+00:00'
  event_record_id: 175
  correlation:
    ActivityID: DD7B0B6A-4A9E-0001-E27C-7BDD9E4AD801
  execution:
    process_id: 5272
    thread_id: 2168
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data:
  targetComputer: ''
  serverComponentNames: ServerComponent_AD_Domain_Services ServerComponent_GPMC ServerComponent_RSAT
    ServerComponent_RSAT_AD_AdminCenter ServerComponent_RSAT_AD_PowerShell ServerComponent_RSAT_AD_Tools
    ServerComponent_RSAT_ADDS ServerComponent_RSAT_ADDS_Tools ServerComponent_RSAT_Role_Tools
  remove: false
  pathToVhdFile: ''
  permitReboot: true
  source: ''
  deleteComponents: false
message: ''

References

Event ID 4001 — Add-_InternalWindowsRole workflow ended, TargetComputer:%1, RequestState:%2, RebootRequired: %3, ErrorMessage: %4, ErrorId: %5, ErrorCategory: %6, ...

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational
Level
4
Samples
1

Message

Add-_InternalWindowsRole workflow ended, TargetComputer:%1, RequestState:%2, RebootRequired: %3, ErrorMessage: %4, ErrorId: %5, ErrorCategory: %6, Warning: %7

Fields

NameDescription
targetComputer
requestState
restartRequired
errorMessage
errorId
errorCategory
warnings

Example Event

system:
  provider: Microsoft-Windows-ServerManager-MultiMachine
  guid: D8D37081-10BD-4A89-A971-1CDA6899BDB3
  event_source_name: ''
  event_id: 4001
  version: 0
  level: 4
  task: 4001
  opcode: 0
  keywords: 2305843009213693952
  time_created: '2022-04-07T17:07:16.570811+00:00'
  event_record_id: 178
  correlation:
    ActivityID: DD7B0B6A-4A9E-0001-1F85-7BDD9E4AD801
  execution:
    process_id: 5272
    thread_id: 4992
  channel: Microsoft-Windows-ServerManager-MultiMachine/Operational
  computer: WIN-FPV0DSIC9O6
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data:
  targetComputer: ''
  requestState: 1
  restartRequired: false
  errorMessage: ''
  errorId: ''
  errorCategory: 0
  warnings: ''
message: ''

References

Event ID 4002 — Add-_InternalWindowsRole workflow reported an error installing or removing the requested component(s), TargetComputer:%1, RequestState:%2, RebootRe...

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Add-_InternalWindowsRole workflow reported an error installing or removing the requested component(s), TargetComputer:%1, RequestState:%2, RebootRequired: %3, ErrorMessage: %4, ErrorId: %5, ErrorCategory: %6, Warning: %7

Fields

NameDescription
targetComputer
requestState
restartRequired
errorMessage
errorId
errorCategory
warnings

Event ID 4010 — Add-_InternalWindowsRole workflow launching install/remove operation.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Add-_InternalWindowsRole workflow launching install/remove operation. If this event is not followed by event 4011, the workflow either failed, was cancelled, or is still in progress. TargetComputer:%1, RequestGuid: %2

Fields

NameDescription
targetComputer
requestGuid

Event ID 4011 — Add-_InternalWindowsRole workflow launched install/remove operation, TargetComputer:%1, RequestGuid: %2, RequestState:%3, RebootRequired: %4, Progr...

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Add-_InternalWindowsRole workflow launched install/remove operation, TargetComputer:%1, RequestGuid: %2, RequestState:%3, RebootRequired: %4, ProgressTicks: %5, TotalTicks: %6, ErrorMessage: %7, ErrorId: %8, ErrorCategory: %9, Warning: %10

Fields

NameDescription
targetComputer
requestGuid
requestState
restartRequired
progressTicks
totalTicks
errorMessage
errorId
errorCategory
warnings

Event ID 4012 — Add-_InternalWindowsRole workflow polling for completion.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Add-_InternalWindowsRole workflow polling for completion. If this event is not followed by event 4013, the workflow either failed, was cancelled, or is still in progress. TargetComputer:%1, RequestGuid: %2

Fields

NameDescription
targetComputer
requestGuid

Event ID 4013 — Add-_InternalWindowsRole workflow polled for completion, TargetComputer:%1, RequestGuid: %2, RequestState:%3, RebootRequired: %4, ProgressTicks: %5...

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Add-_InternalWindowsRole workflow polled for completion, TargetComputer:%1, RequestGuid: %2, RequestState:%3, RebootRequired: %4, ProgressTicks: %5, TotalTicks: %6, ErrorMessage: %7, ErrorId: %8, ErrorCategory: %9, Warning: %10

Fields

NameDescription
targetComputer
requestGuid
requestState
restartRequired
progressTicks
totalTicks
errorMessage
errorId
errorCategory
warnings

Event ID 4020 — Add-_InternalWindowsRole workflow has determined that the target computer should be restarted, and is checking whether it has already been restarted.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Add-_InternalWindowsRole workflow has determined that the target computer should be restarted, and is checking whether it has already been restarted. If this event is not followed by event 4021, the workflow either failed, was cancelled, or is still in progress. TargetComputer:%1, InitialLastBootTime: %2

Fields

NameDescription
targetComputer
initialLastBootTime

Event ID 4021 — Add-_InternalWindowsRole workflow has determined that the target computer should be restarted, and finished checking whether it has already been re...

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Add-_InternalWindowsRole workflow has determined that the target computer should be restarted, and finished checking whether it has already been restarted. TargetComputer:%1, InitialLastBootTime: %2, CurrentLastBootTime:%3, AlreadyRebooted:%4

Fields

NameDescription
targetComputer
initialLastBootTime
currentLastBootTime
alreadyRebooted

Event ID 4022 — Add-_InternalWindowsRole workflow is requesting restart of the target computer.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Add-_InternalWindowsRole workflow is requesting restart of the target computer. If this event is not followed by event 4023, the workflow either failed, was cancelled, or is still in progress. TargetComputer:%1

Fields

NameDescription
targetComputer

Event ID 4023 — Add-_InternalWindowsRole workflow has requested restart of the target computer.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Add-_InternalWindowsRole workflow has requested restart of the target computer. TargetComputer:%1

Fields

NameDescription
targetComputer

Event ID 4024 — Add-_InternalWindowsRole workflow failed to restart the target computer within the timeout period and will exit.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

Add-_InternalWindowsRole workflow failed to restart the target computer within the timeout period and will exit. TargetComputer:%1

Fields

NameDescription
targetComputer

Event ID 9000 — Get-WindowsFeature cmdlet started.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Get-WindowsFeature cmdlet started.

Fields

NameDescription
requestGuid
serverComponentNames

Event ID 9001 — Get-WindowsFeature cmdlet ended, Guid: %1, Components: %2.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Get-WindowsFeature cmdlet ended, Guid: %1, Components: %2.

Fields

NameDescription
requestGuid
serverComponentNames

Event ID 9002 — GetServerComponent method started.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

GetServerComponent method started.

Fields

NameDescription
requestGuid
serverComponentNames

Event ID 9003 — GetServerComponent method ended with Success.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

GetServerComponent method ended with Success.

Fields

NameDescription
requestGuid
restartRequired

Event ID 9004 — GetServerComponent method returned InProgress.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

GetServerComponent method returned InProgress.

Fields

NameDescription
requestGuid
ticks
totalTicks

Event ID 9005 — GetServerComponent method returned Failed.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

GetServerComponent method returned Failed.

Fields

NameDescription
requestGuid
message

Event ID 9006 — GetEnumerationState method started.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

GetEnumerationState method started.

Event ID 9007 — GetEnumerationState method ended with Success.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

GetEnumerationState method ended with Success.

Fields

NameDescription
requestGuid
restartRequired

Event ID 9008 — GetEnumerationState method returned InProgress.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

GetEnumerationState method returned InProgress.

Fields

NameDescription
requestGuid
ticks
totalTicks

Event ID 9009 — GetEnumerationState method returned Failed.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

GetEnumerationState method returned Failed.

Fields

NameDescription
requestGuid
message

Event ID 9010 — Get Windows feature failed with Error.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Get Windows feature failed with Error: %1

Fields

NameDescription
message

Event ID 9011 — Component %1 has invalid state %2.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Component %1 has invalid state %2

Fields

NameDescription
message1
currentRoleId

Event ID 9012 — Component %1 has state %2.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Component %1 has state %2

Fields

NameDescription
message1
currentRoleId

Event ID 9100 — Add-WindowsFeature cmdlet started.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Add-WindowsFeature cmdlet started.

Fields

NameDescription
requestGuid
serverComponentNames

Event ID 9101 — Add-WindowsFeature cmdlet ended.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Add-WindowsFeature cmdlet ended. Guid: %1, Components %2.

Fields

NameDescription
requestGuid
serverComponentNames

Event ID 9102 — AddServerComponent method started.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

AddServerComponent method started.

Fields

NameDescription
requestGuid
serverComponentNames

Event ID 9103 — AddServerComponent method ended with Success.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

AddServerComponent method ended with Success.

Fields

NameDescription
requestGuid
restartRequired

Event ID 9104 — AddServerComponent method returned InProgress.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

AddServerComponent method returned InProgress.

Fields

NameDescription
requestGuid
ticks
totalTicks

Event ID 9105 — AddServerComponent method returned Failed.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

AddServerComponent method returned Failed.

Fields

NameDescription
requestGuid
message

Event ID 9106 — GetAlterationState method for Add-WindowsFeature started.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

GetAlterationState method for Add-WindowsFeature started.

Fields

NameDescription
requestGuid

Event ID 9107 — GetAlterationState method for Add-WindowsFeature ended.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

GetAlterationState method for Add-WindowsFeature ended.

Fields

NameDescription
requestGuid
restartRequired

Event ID 9108 — GetAlterationState method for Add-WindowsFeature returned InProgress.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

GetAlterationState method for Add-WindowsFeature returned InProgress.

Fields

NameDescription
requestGuid
ticks
totalTicks

Event ID 9109 — GetAlterationState method for Add-WindowsFeature returned Failed.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

GetAlterationState method for Add-WindowsFeature returned Failed.

Fields

NameDescription
requestGuid
message

Event ID 9110 — Mutual Exclusion conflict detected during add.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Mutual Exclusion conflict detected during add.

Fields

NameDescription
requestGuid
message

Event ID 9200 — Remove-WindowsFeature cmdlet started.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Remove-WindowsFeature cmdlet started.

Fields

NameDescription
requestGuid
serverComponentNames

Event ID 9201 — Remove-WindowsFeature cmdlet ended.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Remove-WindowsFeature cmdlet ended. Guid: %1, Components: %2.

Fields

NameDescription
requestGuid
serverComponentNames

Event ID 9202 — RemoveServerComponent method started.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

RemoveServerComponent method started.

Fields

NameDescription
requestGuid
serverComponentNames

Event ID 9203 — RemoveServerComponent method ended with Success.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

RemoveServerComponent method ended with Success.

Fields

NameDescription
requestGuid
restartRequired

Event ID 9204 — RemoveServerComponent method returned InProgress.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

RemoveServerComponent method returned InProgress.

Fields

NameDescription
requestGuid
ticks
totalTicks

Event ID 9205 — RemoveServerComponent method returned Failed.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

RemoveServerComponent method returned Failed.

Fields

NameDescription
requestGuid
message

Event ID 9206 — GetAlterationState method for Remove-WindowsFeature started.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

GetAlterationState method for Remove-WindowsFeature started.

Fields

NameDescription
requestGuid

Event ID 9207 — GetAlterationState method for Remove-WindowsFeature ended.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

GetAlterationState method for Remove-WindowsFeature ended.

Fields

NameDescription
requestGuid
restartRequired

Event ID 9208 — GetAlterationState method for Remove-WindowsFeature returned InProgress.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

GetAlterationState method for Remove-WindowsFeature returned InProgress.

Fields

NameDescription
requestGuid
ticks
totalTicks

Event ID 9209 — GetAlterationState method for Remove-WindowsFeature returned Failed.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

GetAlterationState method for Remove-WindowsFeature returned Failed.

Fields

NameDescription
requestGuid
message

Event ID 9210 — Remove Windows feature failed with Error.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Remove Windows feature failed with Error: %1

Fields

NameDescription
message

Event ID 9211 — Add Windows feature failed with Error.

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Operational

Message

Add Windows feature failed with Error: %1

Fields

NameDescription
message

Event ID 9301 —

Provider
Microsoft-Windows-ServerManager-MultiMachine
Channel
Debug

Message

%1

Fields

NameDescription
message