Message

TPM Owner Authorization information was backed up successfully to Active Directory Domain Services.

Message

Failed to backup TPM Owner Authorization information to Active Directory Domain Services.
Errorcode: %1
Check that your computer is connected to the domain.  If your computer is connected to the domain, have your Domain Administrator check that the Active Directory schema is appropriate for backup of Windows 8 TPM Owner Authorization information and that the current Computer object has write permission to the TPM object.  Installations of Windows Server 2008 R2 or before need a schema extension in order to be ready for backup of Windows 8 TPM Owner Authorization information.  Consult online documentation for more information about setting up Active Directory Domain Services for TPM.

Fields

Message

The Trusted Platform Module (TPM) hardware on this computer has failed to set its Dictionary Attack Parameters to legacy mode.

Message

Successfully sent physical presence request to clear the Trusted Platform Module(TPM).

Message

Failed to send physical presence request to clear the Trusted Platform Module(TPM).

Fields

Message

Failed to get isOwned status from Trusted Platform Module(TPM), proceeding to clear TPM assuming that TPM is owned. Error code:%1

Fields

Message

The TPM has been cleared. Reason: %1.

Fields

Message

TPM Owner Authorization configuration changed from '%1' to '%2'.

Fields

Message

The TPM was successfully provisioned and is now ready for use.

Message

The Trusted Platform Module (TPM) hardware on this computer cannot be provisioned for use automatically.  To set up the TPM interactively use the TPM management console (Start->tpm.msc) and use the action to make the TPM ready.

Error: %1
Additional Information: %2

Fields

Message

The Ownership of the Trusted Platform Module (TPM) hardware on this computer was successfully taken (TPM TakeOwnership command) by the system.

Message

The NGC key generation task was successfully triggered.

Message

The triggering of the NGC key generation task failed.

Fields

Message

The NGC certificate enrollment task was successfully triggered.

Message

The triggering of the NGC certificate enrollment task failed.

Fields

Message

The Secure Boot update was not applied due to a known incompatibility with the current BitLocker configuration.

Fields

Message

Potentially revoked boot manager was detected in EFI partition. For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931

Fields

Message

Secure Boot Dbx update applied successfully

Example Event

system:
  provider: Microsoft-Windows-TPM-WMI
  guid: 7D5387B0-CBE0-11DA-A94D-0800200C9A66
  event_source_name: ''
  event_id: 1034
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 9223372036854775808
  time_created: '2023-11-05T22:27:36.527418+00:00'
  event_record_id: 1724
  correlation: {}
  execution:
    process_id: 1092
    thread_id: 956
  channel: System
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-18
event_data: {}
message: ''

References

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Message

Secure Boot Dbx update applied successfully

Message

Secure Boot Db update applied successfully

Message

Secure Boot Dbx update to revoke Microsoft Windows Production PCA 2011 is applied successfully

Message

Pre-attestation health checks confirm that the device is expected to pass attestation.
 Please see %1 for detailed information on what checks were made.

Fields

Message

Pre-attestation health checks confirm that the device meets most attestation criteria, but failing is still possible.
 Please see %1 for detailed information on what checks were made.

Fields

Message

Pre-attestation health checks confirm a critical component has failed, and the device is not expected to pass attestation.
 Please see %1 for detailed information on what checks were made.

Fields

Message

Pre-attestation health check detailed information: %1

Fields

Message

Secure Boot Dbx update to revoke older Boot Manager SVNs is applied successfully

Message

Secure Boot KEK update applied successfully

Message

Secure Boot DB update to install Microsoft Option ROM UEFI CA 2023 certificate applied successfully

Message

Secure Boot DB update to install Microsoft UEFI CA 2023 certificate applied successfully

Message

Measured boot files deleted successfully. The following %1 files were deleted: %2

Fields

Message

Measured boot file %1 was not deleted successfully due to error %2.

Fields

Message

This event triggers the TBS device identifier generation.

Example Event

system:
  provider: Microsoft-Windows-TPM-WMI
  guid: 7D5387B0-CBE0-11DA-A94D-0800200C9A66
  event_source_name: ''
  event_id: 1281
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 9223372036854775808
  time_created: '2022-04-07T16:48:26.716878+00:00'
  event_record_id: 346
  correlation: {}
  execution:
    process_id: 4332
    thread_id: 4368
  channel: System
  computer: WIN-FPV0DSIC9O6
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data: {}
message: ''

References

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Message

The TBS device identifier has been generated.

Message

EK Certificate tool started.

Message

EK Certificate tool succeeded in %1 milliseconds.

Fields

Message

EK Certificate tool failed in %1 milliseconds with error %2.

Fields

Message

The Device Health Certificate was successfully provisioned from %1.

Fields

Message

The Device Health Certificate provisioning could not connect to %1. %2

Fields

Message

The Device Health Certificate could not be provisioned from %1. HTTP status code %2: %3

Fields

Message

The Trusted Platform Module (TPM) hardware on this computer is scheduled to be cleared by the system.

Message

The Trusted Platform Module (TPM) firmware on this PC has a known security problem. Please contact your PC manufacturer to find out if an update is available. For more information please go to https://go.microsoft.com/fwlink/?linkid=852572

Message

The system firmware returned an error %1 when attempting to update a Secure Boot variable. For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931

Fields

Message

The Secure Boot update failed to update a Secure Boot variable with error %1. For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931

Fields

Message

The Secure Boot update failed as the Windows UEFI CA 2023 certificate is not present in Db

Message

The Secure Boot Dbx update failed as boot manager is not signed with the Windows UEFI CA 2023 certificate

Message

Boot Manager signed with Windows UEFI CA 2023 was installed successfully

Message

A reboot is required before installing the Secure Boot update. Reason: %1

Fields

Message

Secure Boot certificates have been updated but are not yet applied to the device firmware. Review the published guidance to complete the update and ensure full protection. This device signature information is included here.
DeviceAttributes: %1
BucketId: %2
BucketConfidenceLevel: %3
UpdateType: %4
For more information, please see https://go.microsoft.com/fwlink/?linkid=2301018.

Fields

Message

The Secure Boot update %1 was blocked due to a known firmware issue on the device. Check with your device vendor for a firmware update that addresses the issue. This device signature information is included here.
DeviceAttributes: %2
BucketId: %3
BucketConfidenceLevel: %4
SkipReason: %5.
For more information, please see https://go.microsoft.com/fwlink/?linkid=2339472

Fields

Message

A PK-signed Key Exchange Key (KEK) cannot be found for this device. Check with the device manufacturer for proper key provisioning.
This device signature information is included here.
DeviceAttributes: %1
BucketId: %2
BucketConfidenceLevel: %3.
For more information, please see https://go.microsoft.com/fwlink/?linkid=2339472

Fields

Message

This device has updated Secure Boot CA/keys. This device signature information is included here.
DeviceAttributes: %1
BucketId: %2
BucketConfidenceLevel: %3
UpdateType: %4
For more information, please see https://go.microsoft.com/fwlink/?linkid=2301018.

Fields