Event ID 161 — authFailureMessage.

{
  "system": {
    "provider": "Microsoft-Windows-WinRM",
    "guid": "A7975C8F-AC13-49F1-87DA-5A984A4AB417",
    "event_source_name": "",
    "event_id": 161,
    "version": 0,
    "level": 2,
    "task": 7,
    "opcode": 0,
    "keywords": 4611686018427387914,
    "time_created": "2023-11-06T00:47:48.782381+00:00",
    "event_record_id": 83,
    "correlation": {
      "ActivityID": "E4DB489E-1037-0002-A38B-E4E43710DA01"
    },
    "execution": {
      "process_id": 16164,
      "thread_id": 16312
    },
    "channel": "Microsoft-Windows-WinRM/Operational",
    "computer": "WinDev2310Eval",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "authFailureMessage": "The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: \"winrm quickconfig\"."
  },
  "message": ""
}