Message	Id	Level	Task	Opcode	Keywords	RecordId	ProviderName	ProviderId	LogName	ProcessId	ThreadId	MachineName	UserId	TimeCreated	ActivityId	ContainerLog	MatchedQueryIds	Bookmark	LevelDisplayName	OpcodeDisplayName	TaskDisplayName	KeywordsDisplayNames	Properties
The disconnect reason is 14	103	4	4	17	4611686018427387904	231	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3264	hv-neutron-tstw	S-1-5-20	1/4/2022 2:45:14 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	CloseConnection	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Interface method called: GetServerAutoReconnectInfo	72	4	4	13	4611686018427387904	230	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3264	hv-neutron-tstw	S-1-5-20	1/4/2022 2:45:14 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	RCMProtocolImpl	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Interface method called: GetServerAutoReconnectInfo	72	4	4	13	4611686018427387904	229	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3264	hv-neutron-tstw	S-1-5-20	1/4/2022 2:45:14 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	RCMProtocolImpl	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Interface method called: DisconnectNotify	72	4	4	13	4611686018427387904	228	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3264	hv-neutron-tstw	S-1-5-20	1/4/2022 2:45:14 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	RCMProtocolImpl	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Channel Microsoft::Windows::RDS::DisplayControl has been closed between the server and the client on transport tunnel: 1.	148	4	4	17	4611686018427387904	227	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3380	hv-neutron-tstw	S-1-5-20	1/4/2022 2:45:14 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	CloseConnection	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Channel Microsoft::Windows::RDS::Geometry::v08.01 has been closed between the server and the client on transport tunnel: 1.	148	4	4	17	4611686018427387904	226	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3380	hv-neutron-tstw	S-1-5-20	1/4/2022 2:45:14 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	CloseConnection	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Channel AUDIO_PLAYBACK_LOSSY_DVC has been closed between the server and the client on transport tunnel: 1.	148	4	4	17	4611686018427387904	225	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3380	hv-neutron-tstw	S-1-5-20	1/4/2022 2:45:14 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	CloseConnection	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Channel cliprdr has been closed between the server and the client on transport tunnel: 1.	148	4	4	17	4611686018427387904	224	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3380	hv-neutron-tstw	S-1-5-20	1/4/2022 2:45:14 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	CloseConnection	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Channel rdpsnd has been closed between the server and the client on transport tunnel: 1.	148	4	4	17	4611686018427387904	223	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3380	hv-neutron-tstw	S-1-5-20	1/4/2022 2:45:14 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	CloseConnection	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Channel rdpdr has been closed between the server and the client on transport tunnel: 1.	148	4	4	17	4611686018427387904	222	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3380	hv-neutron-tstw	S-1-5-20	1/4/2022 2:45:14 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	CloseConnection	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Channel Microsoft::Windows::RDS::Geometry::v08.01 has been closed between the server and the client on transport tunnel: 1.	148	4	4	17	4611686018427387904	221	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3380	hv-neutron-tstw	S-1-5-20	1/4/2022 2:45:14 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	CloseConnection	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Channel Microsoft::Windows::RDS::Video::Data::v08.01 has been closed between the server and the client on transport tunnel: 1.	148	4	4	17	4611686018427387904	220	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3380	hv-neutron-tstw	S-1-5-20	1/4/2022 2:45:14 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	CloseConnection	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Channel Microsoft::Windows::RDS::Video::Control::v08.01 has been closed between the server and the client on transport tunnel: 1.	148	4	4	17	4611686018427387904	219	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3380	hv-neutron-tstw	S-1-5-20	1/4/2022 2:45:14 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	CloseConnection	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Channel ECHO has been closed between the server and the client on transport tunnel: 1.	148	4	4	17	4611686018427387904	218	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3380	hv-neutron-tstw	S-1-5-20	1/4/2022 2:45:14 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	CloseConnection	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Channel Microsoft::Windows::RDS::Graphics has been closed between the server and the client on transport tunnel: 1.	148	4	4	17	4611686018427387904	217	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3380	hv-neutron-tstw	S-1-5-20	1/4/2022 2:45:14 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	CloseConnection	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Channel Microsoft::Windows::RDS::Frame_Buffer::Control::v08.01 has been closed between the server and the client on transport tunnel: 1.	148	4	4	17	4611686018427387904	216	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3380	hv-neutron-tstw	S-1-5-20	1/4/2022 2:45:14 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	CloseConnection	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Channel rdpgrfx has been closed between the server and the client on transport tunnel: 0.	148	4	4	17	4611686018427387904	215	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3380	hv-neutron-tstw	S-1-5-20	1/4/2022 2:45:14 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	CloseConnection	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Channel AUDIO_PLAYBACK_DVC has been closed between the server and the client on transport tunnel: 1.	148	4	4	17	4611686018427387904	214	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3380	hv-neutron-tstw	S-1-5-20	1/4/2022 2:45:14 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	CloseConnection	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Interface method called: SetErrorInfo(0x0)	72	4	4	13	4611686018427387904	213	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3264	hv-neutron-tstw	S-1-5-20	1/4/2022 2:45:14 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	RCMProtocolImpl	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Interface method called: PreDisconnect(0)	72	4	4	13	4611686018427387904	212	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3264	hv-neutron-tstw	S-1-5-20	1/4/2022 2:45:14 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	RCMProtocolImpl	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Disconnect trace:CUMRDPConnection Disconnect trace:'calling spGfxPlugin->PreDisconnect()' in CUMRDPConnection::PreDisconnect at 4477 err=[0x0], Error code:0x0	228	3	4	19	4611686018427387904	211	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3264	hv-neutron-tstw	S-1-5-20	1/4/2022 2:45:14 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Channel rdplic has been closed between the server and the client on transport tunnel: 0.	148	4	4	17	4611686018427387904	210	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3380	hv-neutron-tstw	S-1-5-20	1/4/2022 2:45:14 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	CloseConnection	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Channel rdpcmd has been closed between the server and the client on transport tunnel: 0.	148	4	4	17	4611686018427387904	209	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3380	hv-neutron-tstw	S-1-5-20	1/4/2022 2:45:14 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	CloseConnection	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Channel rdpinpt has been closed between the server and the client on transport tunnel: 0.	148	4	4	17	4611686018427387904	208	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3380	hv-neutron-tstw	S-1-5-20	1/4/2022 2:45:14 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	CloseConnection	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
During this connection, server has not sent data or graphics update for 0 seconds (Idle1: 0, Idle2: 0).	145	4	4	19	4611686018427387904	207	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3380	hv-neutron-tstw	S-1-5-20	1/4/2022 2:45:14 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The server has terminated main RDP connection with the client.	102	4	4	17	4611686018427387904	206	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3380	hv-neutron-tstw	S-1-5-20	1/4/2022 2:45:14 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	CloseConnection	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Interface method called: OnDisconnected	72	4	4	13	4611686018427387904	205	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3380	hv-neutron-tstw	S-1-5-20	1/4/2022 2:45:14 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	RCMProtocolImpl	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
RDP_SEC: An error was encountered when transitioning from FStatePassthrough in response to FEventCheckAndCompleteReadsFailed (error code 0x8007139F).	226	3	4	19	4611686018427387904	204	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3264	hv-neutron-tstw	S-1-5-20	1/4/2022 2:45:14 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Received Disconnect Provider Indication from the client.	107	4	4	17	4611686018427387904	203	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3264	hv-neutron-tstw	S-1-5-20	1/4/2022 2:45:14 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	CloseConnection	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
RDP_TCP: An error was encountered when transitioning from StateUnknown in response to Event_Disconnect (error code 0x80070040).	226	3	4	19	4611686018427387904	202	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	4720	hv-neutron-tstw	S-1-5-20	1/4/2022 2:45:14 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
TCP socket WRITE operation failed, error 64	143	3	4	15	4611686018427387904	201	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	4720	hv-neutron-tstw	S-1-5-20	1/4/2022 2:45:14 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	EstablishConnection	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The connection is not using advanced RemoteFX RemoteApp graphics	258	4	4	21	4611686018427387904	200	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3268	hv-neutron-tstw	S-1-5-20	1/4/2022 2:45:12 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	AdvancedRemoteAppNotEnabled	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The connection is not using advanced RemoteFX RemoteApp graphics	258	4	4	21	4611686018427387904	199	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3328	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:50 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	AdvancedRemoteAppNotEnabled	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
A channel cliprdr has been connected between the server and the client using transport tunnel: 1.	132	4	4	15	4611686018427387904	198	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3264	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:50 PM	546f59d4-5318-47b0-abbd-9ee4d9bf0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	EstablishConnection	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
A channel Microsoft::Windows::RDS::DisplayControl has been connected between the server and the client using transport tunnel: 1.	132	4	4	15	4611686018427387904	197	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	4720	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:50 PM	546f59d4-5318-47b0-abbd-9ee4d9bf0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	EstablishConnection	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Channel Microsoft::Windows::RDS::Input has been closed between the server and the client on transport tunnel: 1.	148	4	4	17	4611686018427387904	196	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3380	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:50 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	CloseConnection	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Failed CreateVirtualChannel call on this Connections Stack' in CUMRDPConnection::CreateVirtualChannel at 2349 err=[0xd0000001]	227	2	4	19	4611686018427387904	195	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3328	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:50 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
A channel Microsoft::Windows::RDS::Input has been connected between the server and the client using transport tunnel: 1.	132	4	4	15	4611686018427387904	194	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	4720	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:50 PM	546f59d4-5318-47b0-abbd-9ee4d9bf0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	EstablishConnection	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
A channel Microsoft::Windows::RDS::Geometry::v08.01 has been connected between the server and the client using transport tunnel: 1.	132	4	4	15	4611686018427387904	193	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3328	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:50 PM	546f59d4-5318-47b0-abbd-9ee4d9bf0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	EstablishConnection	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The connection is not using advanced RemoteFX RemoteApp graphics	258	4	4	21	4611686018427387904	192	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3268	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:50 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	AdvancedRemoteAppNotEnabled	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Interface method called: LogonNotify(SessionId=2)	72	4	4	13	4611686018427387904	191	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3264	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:50 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	RCMProtocolImpl	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Interface method called: SendLogonErrorInfoToClient(WinlogonStatus: 0x2, ClientError: 0xfffffffe)	72	4	4	13	4611686018427387904	190	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3328	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:46 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	RCMProtocolImpl	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
A channel AUDIO_PLAYBACK_LOSSY_DVC has been connected between the server and the client using transport tunnel: 1.	132	4	4	15	4611686018427387904	189	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3268	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:46 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	EstablishConnection	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
A channel AUDIO_PLAYBACK_DVC has been connected between the server and the client using transport tunnel: 1.	132	4	4	15	4611686018427387904	188	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3264	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:46 PM	546f59d4-5318-47b0-abbd-9ee4d9bf0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	EstablishConnection	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
A channel rdpdr has been connected between the server and the client using transport tunnel: 1.	132	4	4	15	4611686018427387904	187	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3328	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:46 PM	546f59d4-5318-47b0-abbd-9ee4d9bf0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	EstablishConnection	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Failed GetConnectionProperty' in CUMRDPConnection::QueryProperty at 2735 err=[0x80004001]	227	2	4	19	4611686018427387904	186	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3468	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:46 PM	f462c12c-0c2b-4164-af5e-17d6460f0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Connection doesn't support logon error redirector' in CUMRDPConnection::GetLogonErrorRedirector at 4073 err=[0x80004001]	227	2	4	19	4611686018427387904	185	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3468	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:46 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The connection is not using advanced RemoteFX RemoteApp graphics	258	4	4	21	4611686018427387904	184	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3468	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:46 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	AdvancedRemoteAppNotEnabled	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The connection is not using advanced RemoteFX RemoteApp graphics	258	4	4	21	4611686018427387904	183	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3468	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:46 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	AdvancedRemoteAppNotEnabled	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The connection is not using advanced RemoteFX RemoteApp graphics	258	4	4	21	4611686018427387904	182	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3468	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:46 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	AdvancedRemoteAppNotEnabled	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Channel Microsoft::Windows::RDS::Telemetry has been closed between the server and the client on transport tunnel: 1.	148	4	4	17	4611686018427387904	181	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3468	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:46 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	CloseConnection	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
TMT: ConnectionName=RDP-Tcp#0, PromptForCredentials=0, PromptForCredentialsDone=0, GfxChannelOpened=1563, FirstGraphicsReceived=1875 [ms]	68	4	4	13	4611686018427387904	180	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3328	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:45 PM	546f59d4-5318-47b0-abbd-9ee4d9bf0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	RCMProtocolImpl	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The RemoteFX Adaptive Graphics internal configuration changed to optimize for the minimum use of network bandwidth. Server: HV-NEUTRON-TSTW	166	4	4	19	4611686018427387904	179	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	1336	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:45 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The resolution requested by the client: Monitor 0: (1920, 1080), origin: (0, 0). Server: HV-NEUTRON-TSTW	168	4	4	11	4611686018427387904	178	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	1336	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:45 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Initialize	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Interface method called: ConnectNotify(SessionId=2)	72	4	4	13	4611686018427387904	177	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	4720	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:45 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	RCMProtocolImpl	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
A channel Microsoft::Windows::RDS::Geometry::v08.01 has been connected between the server and the client using transport tunnel: 1.	132	4	4	15	4611686018427387904	176	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	4720	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:45 PM	546f59d4-5318-47b0-abbd-9ee4d9bf0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	EstablishConnection	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
A channel Microsoft::Windows::RDS::Video::Data::v08.01 has been connected between the server and the client using transport tunnel: 1.	132	4	4	15	4611686018427387904	175	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	4720	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:45 PM	546f59d4-5318-47b0-abbd-9ee4d9bf0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	EstablishConnection	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
A channel Microsoft::Windows::RDS::Video::Control::v08.01 has been connected between the server and the client using transport tunnel: 1.	132	4	4	15	4611686018427387904	174	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	4720	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:45 PM	546f59d4-5318-47b0-abbd-9ee4d9bf0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	EstablishConnection	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The client supports version 0xA0200 of the RDP graphics protocol, client mode: 0, AVC available: 1, Initial profile: 2. Server: HV-NEUTRON-TSTW	162	4	4	19	4611686018427387904	173	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	4720	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:45 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
A channel Microsoft::Windows::RDS::Graphics has been connected between the server and the client using transport tunnel: 1.	132	4	4	15	4611686018427387904	172	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	4720	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:45 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	EstablishConnection	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
A channel Microsoft::Windows::RDS::Telemetry has been connected between the server and the client using transport tunnel: 1.	132	4	4	15	4611686018427387904	171	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3268	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:45 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	EstablishConnection	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The multi-transport connection finished for tunnel: 1, its transport type set to UDP.	135	4	4	15	4611686018427387904	170	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3268	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:45 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	EstablishConnection	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Interface method called: OnReady	72	4	4	13	4611686018427387904	169	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3380	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:45 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	RCMProtocolImpl	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Interface method called: OnConnected	72	4	4	13	4611686018427387904	168	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3380	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:45 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	RCMProtocolImpl	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The client operating system type is (1, 3). Server: HV-NEUTRON-TSTW	169	4	4	19	4611686018427387904	167	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	2120	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:45 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The multi-transport connection finished for tunnel: 1, its transport type set to UDP.	135	4	4	15	4611686018427387904	166	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	2120	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:45 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	EstablishConnection	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
A channel rdpinpt has been connected between the server and the client using transport tunnel: 0.	132	4	4	15	4611686018427387904	165	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	2120	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:45 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	EstablishConnection	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
A channel rdpgrfx has been connected between the server and the client using transport tunnel: 0.	132	4	4	15	4611686018427387904	164	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	1336	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:45 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	EstablishConnection	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Remote Desktop Protocol will use the RemoteFX guest mode module to connect to the client computer.	33	4	4	11	4611686018427387904	163	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3328	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:45 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Initialize	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The connection RDP-Tcp#0 was assigned to session 2	66	4	4	13	4611686018427387904	162	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3328	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:45 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	RCMProtocolImpl	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The server accepted a new UDP connection from client [172.16.0.35]:58094.	131	4	4	15	4611686018427387904	161	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3432	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:45 PM	546f59d4-5318-47b0-abbd-9ee4d9bf0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	EstablishConnection	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Cid[0] UDP connection received SYN with data. ISN[995397179] MTU: U[1232] D[1232] SynEX[1] Version[2] Prefered[2]' in CRdpUdpConnection::OnDataAvailable at 753 err=[0x0]	229	4	4	19	4611686018427387904	160	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3432	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:45 PM	546f59d4-5318-47b0-abbd-9ee4d9bf0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Interface method called: PreCreate	72	4	4	13	4611686018427387904	159	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	4452	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:45 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	RCMProtocolImpl	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Interface method called: AuthenticateClientToSession	72	4	4	13	4611686018427387904	158	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	4452	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:45 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	RCMProtocolImpl	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The server has initiated a multi-transport request to the client, for tunnel: 1.	130	4	4	15	4611686018427387904	157	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3404	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:45 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	EstablishConnection	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The multi-transport connection finished for tunnel: 3, its transport type set to TCP: Reason Code: 2 (Forced by Server Configuration).	135	4	4	15	4611686018427387904	156	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3404	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:45 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	EstablishConnection	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The server has confirmed that the client's multi-transport capability.	100	4	4	15	4611686018427387904	155	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3404	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:45 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	EstablishConnection	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
A TCP connection has been successfully established.	98	4	4	15	4611686018427387904	154	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3404	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:45 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	EstablishConnection	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Interface method called: ProtocolComplete	72	4	4	13	4611686018427387904	153	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	4452	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:45 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	RCMProtocolImpl	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Interface method called: SendClientLicense	72	4	4	13	4611686018427387904	152	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	4452	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:45 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	RCMProtocolImpl	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Interface method called: GetSecurityFilterCreds	72	4	4	13	4611686018427387904	151	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	4452	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:45 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	RCMProtocolImpl	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Client timezone is [2] hour from UTC;	104	4	4	15	4611686018427387904	150	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	4452	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:45 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	EstablishConnection	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Interface method called: AcceptConnection	72	4	4	13	4611686018427387904	149	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	4452	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:45 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	RCMProtocolImpl	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Interface method called: OnStartLicensing	72	4	4	13	4611686018427387904	148	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	2120	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:45 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	RCMProtocolImpl	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
A channel rdpcmd has been connected between the server and the client using transport tunnel: 0.	132	4	4	15	4611686018427387904	147	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	2120	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:45 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	EstablishConnection	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
A channel rdplic has been connected between the server and the client using transport tunnel: 0.	132	4	4	15	4611686018427387904	146	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	2120	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:45 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	EstablishConnection	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The network characteristics detection function has been disabled because of Reason Code: 2(Server Configuration)..	101	3	4	16	4611686018427387904	145	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	2120	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:45 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	NetworkDetect	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PerfCounter session started with instance ID 0	141	4	4	11	4611686018427387904	144	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	4452	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:44 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Initialize	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Interface method called: SendPolicyData	72	4	4	13	4611686018427387904	143	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	4452	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:44 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	RCMProtocolImpl	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Interface method called: PrepareForAccept	72	4	4	13	4611686018427387904	142	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	4452	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:44 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	RCMProtocolImpl	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Connection RDP-Tcp#0 created	65	4	4	13	4611686018427387904	141	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3384	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:44 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	RCMProtocolImpl	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The server accepted a new TCP connection from client 172.16.0.35:57899.	131	4	4	15	4611686018427387904	140	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3388	hv-neutron-tstw	S-1-5-20	1/4/2022 2:36:44 PM	f42093c8-036b-47d6-bc12-23a3356d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	EstablishConnection	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Windows 8 or later detected, setting transport default mode to UDP + TCP' in CUMRDPListenerBase::Initialize at 422 err=[0x0]	229	4	4	19	4611686018427387904	139	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3268	hv-neutron-tstw	S-1-5-20	1/4/2022 2:27:35 PM	f462c12c-0c2b-4164-af5e-17d6460f0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Reverse Connection Listener Type not found. Default to TCP only used.' in CUMRDPProtocolManager::CreateListener at 3762 err=[0x2]	227	2	4	19	4611686018427387904	138	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3268	hv-neutron-tstw	S-1-5-20	1/4/2022 2:27:35 PM	f462c12c-0c2b-4164-af5e-17d6460f0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Reverse Connection Listener Name not found. Default Listener Name will be used.' in CUMRDPProtocolManager::CreateListener at 3749 err=[0x2]	227	2	4	19	4611686018427387904	137	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3268	hv-neutron-tstw	S-1-5-20	1/4/2022 2:27:35 PM	f462c12c-0c2b-4164-af5e-17d6460f0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'CUMRDPProtocolManager::CreateListener(31C5CE94259D4006A9E4) DEBUG/VM/ReverseTCP/ReverseUDP/INET' in CUMRDPProtocolManager::CreateListener at 3732 err=[0x0]	229	4	4	19	4611686018427387904	136	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3268	hv-neutron-tstw	S-1-5-20	1/4/2022 2:27:35 PM	f462c12c-0c2b-4164-af5e-17d6460f0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The server is using UDP to bind to port 15629.	129	4	4	18	4611686018427387904	135	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3268	hv-neutron-tstw	S-1-5-20	1/4/2022 2:27:35 PM	f462c12c-0c2b-4164-af5e-17d6460f0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	NetworkBinding	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The server is using UDP to bind to port 15629.	129	4	4	18	4611686018427387904	134	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3268	hv-neutron-tstw	S-1-5-20	1/4/2022 2:27:35 PM	f462c12c-0c2b-4164-af5e-17d6460f0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	NetworkBinding	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The server is using TCP to bind to port 15629.	129	4	4	18	4611686018427387904	133	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3268	hv-neutron-tstw	S-1-5-20	1/4/2022 2:27:35 PM	f462c12c-0c2b-4164-af5e-17d6460f0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	NetworkBinding	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The server is using TCP to bind to port 15629.	129	4	4	18	4611686018427387904	132	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3268	hv-neutron-tstw	S-1-5-20	1/4/2022 2:27:35 PM	f462c12c-0c2b-4164-af5e-17d6460f0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	NetworkBinding	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Windows 8 or later detected, setting transport default mode to UDP + TCP' in CUMRDPListenerBase::Initialize at 422 err=[0x0]	229	4	4	19	4611686018427387904	131	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3268	hv-neutron-tstw	S-1-5-20	1/4/2022 2:27:35 PM	f462c12c-0c2b-4164-af5e-17d6460f0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Creating standard listener:RDP-Tcp' in CUMRDPProtocolManager::CreateListener at 3850 err=[0x0]	229	4	4	19	4611686018427387904	130	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3268	hv-neutron-tstw	S-1-5-20	1/4/2022 2:27:35 PM	f462c12c-0c2b-4164-af5e-17d6460f0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Reverse Connection Listener Type not found. Default to TCP only used.' in CUMRDPProtocolManager::CreateListener at 3762 err=[0x2]	227	2	4	19	4611686018427387904	129	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3268	hv-neutron-tstw	S-1-5-20	1/4/2022 2:27:35 PM	f462c12c-0c2b-4164-af5e-17d6460f0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Reverse Connection Listener Name not found. Default Listener Name will be used.' in CUMRDPProtocolManager::CreateListener at 3749 err=[0x2]	227	2	4	19	4611686018427387904	128	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3268	hv-neutron-tstw	S-1-5-20	1/4/2022 2:27:35 PM	f462c12c-0c2b-4164-af5e-17d6460f0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'CUMRDPProtocolManager::CreateListener(RDP-Tcp) DEBUG/VM/ReverseTCP/ReverseUDP/INET' in CUMRDPProtocolManager::CreateListener at 3732 err=[0x0]	229	4	4	19	4611686018427387904	127	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	3148	3268	hv-neutron-tstw	S-1-5-20	1/4/2022 2:27:35 PM	f462c12c-0c2b-4164-af5e-17d6460f0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Windows 8 or later detected, setting transport default mode to UDP + TCP' in CUMRDPListenerBase::Initialize at 422 err=[0x0]	229	4	4	19	4611686018427387904	126	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	984	420	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:41:29 AM	f462a289-5ea2-4e24-8d1c-4f9d50380000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Reverse Connection Listener Type not found. Default to TCP only used.' in CUMRDPProtocolManager::CreateListener at 3762 err=[0x2]	227	2	4	19	4611686018427387904	125	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	984	420	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:41:29 AM	f462a289-5ea2-4e24-8d1c-4f9d50380000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Reverse Connection Listener Name not found. Default Listener Name will be used.' in CUMRDPProtocolManager::CreateListener at 3749 err=[0x2]	227	2	4	19	4611686018427387904	124	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	984	420	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:41:29 AM	f462a289-5ea2-4e24-8d1c-4f9d50380000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'CUMRDPProtocolManager::CreateListener(31C5CE94259D4006A9E4) DEBUG/VM/ReverseTCP/ReverseUDP/INET' in CUMRDPProtocolManager::CreateListener at 3732 err=[0x0]	229	4	4	19	4611686018427387904	123	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	984	420	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:41:29 AM	f462a289-5ea2-4e24-8d1c-4f9d50380000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The server is using UDP to bind to port 15629.	129	4	4	18	4611686018427387904	122	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	984	420	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:41:29 AM	f462a289-5ea2-4e24-8d1c-4f9d50380000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	NetworkBinding	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The server is using UDP to bind to port 15629.	129	4	4	18	4611686018427387904	121	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	984	420	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:41:29 AM	f462a289-5ea2-4e24-8d1c-4f9d50380000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	NetworkBinding	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The server is using TCP to bind to port 15629.	129	4	4	18	4611686018427387904	120	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	984	420	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:41:29 AM	f462a289-5ea2-4e24-8d1c-4f9d50380000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	NetworkBinding	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The server is using TCP to bind to port 15629.	129	4	4	18	4611686018427387904	119	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	984	420	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:41:29 AM	f462a289-5ea2-4e24-8d1c-4f9d50380000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	NetworkBinding	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Windows 8 or later detected, setting transport default mode to UDP + TCP' in CUMRDPListenerBase::Initialize at 422 err=[0x0]	229	4	4	19	4611686018427387904	118	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	984	420	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:41:29 AM	f462a289-5ea2-4e24-8d1c-4f9d50380000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Creating standard listener:RDP-Tcp' in CUMRDPProtocolManager::CreateListener at 3850 err=[0x0]	229	4	4	19	4611686018427387904	117	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	984	420	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:41:29 AM	f462a289-5ea2-4e24-8d1c-4f9d50380000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Reverse Connection Listener Type not found. Default to TCP only used.' in CUMRDPProtocolManager::CreateListener at 3762 err=[0x2]	227	2	4	19	4611686018427387904	116	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	984	420	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:41:29 AM	f462a289-5ea2-4e24-8d1c-4f9d50380000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Reverse Connection Listener Name not found. Default Listener Name will be used.' in CUMRDPProtocolManager::CreateListener at 3749 err=[0x2]	227	2	4	19	4611686018427387904	115	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	984	420	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:41:29 AM	f462a289-5ea2-4e24-8d1c-4f9d50380000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'CUMRDPProtocolManager::CreateListener(RDP-Tcp) DEBUG/VM/ReverseTCP/ReverseUDP/INET' in CUMRDPProtocolManager::CreateListener at 3732 err=[0x0]	229	4	4	19	4611686018427387904	114	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	984	420	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:41:29 AM	f462a289-5ea2-4e24-8d1c-4f9d50380000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Windows 8 or later detected, setting transport default mode to UDP + TCP' in CUMRDPListenerBase::Initialize at 422 err=[0x0]	229	4	4	19	4611686018427387904	113	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	968	800	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:27:15 AM	f462577a-4b56-4363-8375-9b7bca5a0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Reverse Connection Listener Type not found. Default to TCP only used.' in CUMRDPProtocolManager::CreateListener at 3762 err=[0x2]	227	2	4	19	4611686018427387904	112	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	968	800	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:27:15 AM	f462577a-4b56-4363-8375-9b7bca5a0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Reverse Connection Listener Name not found. Default Listener Name will be used.' in CUMRDPProtocolManager::CreateListener at 3749 err=[0x2]	227	2	4	19	4611686018427387904	111	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	968	800	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:27:15 AM	f462577a-4b56-4363-8375-9b7bca5a0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'CUMRDPProtocolManager::CreateListener(31C5CE94259D4006A9E4) DEBUG/VM/ReverseTCP/ReverseUDP/INET' in CUMRDPProtocolManager::CreateListener at 3732 err=[0x0]	229	4	4	19	4611686018427387904	110	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	968	800	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:27:15 AM	f462577a-4b56-4363-8375-9b7bca5a0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The server is using UDP to bind to port 15629.	129	4	4	18	4611686018427387904	109	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	968	800	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:27:15 AM	f462577a-4b56-4363-8375-9b7bca5a0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	NetworkBinding	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The server is using UDP to bind to port 15629.	129	4	4	18	4611686018427387904	108	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	968	800	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:27:15 AM	f462577a-4b56-4363-8375-9b7bca5a0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	NetworkBinding	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The server is using TCP to bind to port 15629.	129	4	4	18	4611686018427387904	107	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	968	800	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:27:15 AM	f462577a-4b56-4363-8375-9b7bca5a0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	NetworkBinding	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The server is using TCP to bind to port 15629.	129	4	4	18	4611686018427387904	106	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	968	800	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:27:15 AM	f462577a-4b56-4363-8375-9b7bca5a0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	NetworkBinding	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Windows 8 or later detected, setting transport default mode to UDP + TCP' in CUMRDPListenerBase::Initialize at 422 err=[0x0]	229	4	4	19	4611686018427387904	105	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	968	800	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:27:15 AM	f462577a-4b56-4363-8375-9b7bca5a0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Creating standard listener:RDP-Tcp' in CUMRDPProtocolManager::CreateListener at 3850 err=[0x0]	229	4	4	19	4611686018427387904	104	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	968	800	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:27:15 AM	f462577a-4b56-4363-8375-9b7bca5a0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Reverse Connection Listener Type not found. Default to TCP only used.' in CUMRDPProtocolManager::CreateListener at 3762 err=[0x2]	227	2	4	19	4611686018427387904	103	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	968	800	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:27:15 AM	f462577a-4b56-4363-8375-9b7bca5a0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Reverse Connection Listener Name not found. Default Listener Name will be used.' in CUMRDPProtocolManager::CreateListener at 3749 err=[0x2]	227	2	4	19	4611686018427387904	102	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	968	800	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:27:15 AM	f462577a-4b56-4363-8375-9b7bca5a0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'CUMRDPProtocolManager::CreateListener(RDP-Tcp) DEBUG/VM/ReverseTCP/ReverseUDP/INET' in CUMRDPProtocolManager::CreateListener at 3732 err=[0x0]	229	4	4	19	4611686018427387904	101	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	968	800	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:27:15 AM	f462577a-4b56-4363-8375-9b7bca5a0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Windows 8 or later detected, setting transport default mode to UDP + TCP' in CUMRDPListenerBase::Initialize at 422 err=[0x0]	229	4	4	19	4611686018427387904	100	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	952	396	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:26:40 AM	f462bcc9-4a9a-4242-9ba3-88859f990000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Reverse Connection Listener Type not found. Default to TCP only used.' in CUMRDPProtocolManager::CreateListener at 3762 err=[0x2]	227	2	4	19	4611686018427387904	99	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	952	396	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:26:40 AM	f462bcc9-4a9a-4242-9ba3-88859f990000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Reverse Connection Listener Name not found. Default Listener Name will be used.' in CUMRDPProtocolManager::CreateListener at 3749 err=[0x2]	227	2	4	19	4611686018427387904	98	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	952	396	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:26:40 AM	f462bcc9-4a9a-4242-9ba3-88859f990000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'CUMRDPProtocolManager::CreateListener(31C5CE94259D4006A9E4) DEBUG/VM/ReverseTCP/ReverseUDP/INET' in CUMRDPProtocolManager::CreateListener at 3732 err=[0x0]	229	4	4	19	4611686018427387904	97	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	952	396	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:26:40 AM	f462bcc9-4a9a-4242-9ba3-88859f990000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The server is using UDP to bind to port 15629.	129	4	4	18	4611686018427387904	96	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	952	396	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:26:40 AM	f462bcc9-4a9a-4242-9ba3-88859f990000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	NetworkBinding	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The server is using UDP to bind to port 15629.	129	4	4	18	4611686018427387904	95	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	952	396	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:26:40 AM	f462bcc9-4a9a-4242-9ba3-88859f990000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	NetworkBinding	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The server is using TCP to bind to port 15629.	129	4	4	18	4611686018427387904	94	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	952	396	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:26:40 AM	f462bcc9-4a9a-4242-9ba3-88859f990000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	NetworkBinding	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The server is using TCP to bind to port 15629.	129	4	4	18	4611686018427387904	93	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	952	396	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:26:40 AM	f462bcc9-4a9a-4242-9ba3-88859f990000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	NetworkBinding	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Windows 8 or later detected, setting transport default mode to UDP + TCP' in CUMRDPListenerBase::Initialize at 422 err=[0x0]	229	4	4	19	4611686018427387904	92	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	952	396	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:26:40 AM	f462bcc9-4a9a-4242-9ba3-88859f990000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Creating standard listener:RDP-Tcp' in CUMRDPProtocolManager::CreateListener at 3850 err=[0x0]	229	4	4	19	4611686018427387904	91	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	952	396	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:26:40 AM	f462bcc9-4a9a-4242-9ba3-88859f990000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Reverse Connection Listener Type not found. Default to TCP only used.' in CUMRDPProtocolManager::CreateListener at 3762 err=[0x2]	227	2	4	19	4611686018427387904	90	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	952	396	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:26:40 AM	f462bcc9-4a9a-4242-9ba3-88859f990000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Reverse Connection Listener Name not found. Default Listener Name will be used.' in CUMRDPProtocolManager::CreateListener at 3749 err=[0x2]	227	2	4	19	4611686018427387904	89	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	952	396	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:26:40 AM	f462bcc9-4a9a-4242-9ba3-88859f990000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'CUMRDPProtocolManager::CreateListener(RDP-Tcp) DEBUG/VM/ReverseTCP/ReverseUDP/INET' in CUMRDPProtocolManager::CreateListener at 3732 err=[0x0]	229	4	4	19	4611686018427387904	88	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	952	396	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:26:40 AM	f462bcc9-4a9a-4242-9ba3-88859f990000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Windows 8 or later detected, setting transport default mode to UDP + TCP' in CUMRDPListenerBase::Initialize at 422 err=[0x0]	229	4	4	19	4611686018427387904	87	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	964	532	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:23:00 AM	f4626442-17da-4103-8310-2fd3aafa0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Reverse Connection Listener Type not found. Default to TCP only used.' in CUMRDPProtocolManager::CreateListener at 3762 err=[0x2]	227	2	4	19	4611686018427387904	86	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	964	532	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:23:00 AM	f4626442-17da-4103-8310-2fd3aafa0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Reverse Connection Listener Name not found. Default Listener Name will be used.' in CUMRDPProtocolManager::CreateListener at 3749 err=[0x2]	227	2	4	19	4611686018427387904	85	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	964	532	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:23:00 AM	f4626442-17da-4103-8310-2fd3aafa0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'CUMRDPProtocolManager::CreateListener(31C5CE94259D4006A9E4) DEBUG/VM/ReverseTCP/ReverseUDP/INET' in CUMRDPProtocolManager::CreateListener at 3732 err=[0x0]	229	4	4	19	4611686018427387904	84	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	964	532	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:23:00 AM	f4626442-17da-4103-8310-2fd3aafa0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The server is using UDP to bind to port 15629.	129	4	4	18	4611686018427387904	83	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	964	532	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:23:00 AM	f4626442-17da-4103-8310-2fd3aafa0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	NetworkBinding	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The server is using UDP to bind to port 15629.	129	4	4	18	4611686018427387904	82	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	964	532	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:23:00 AM	f4626442-17da-4103-8310-2fd3aafa0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	NetworkBinding	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The server is using TCP to bind to port 15629.	129	4	4	18	4611686018427387904	81	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	964	532	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:23:00 AM	f4626442-17da-4103-8310-2fd3aafa0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	NetworkBinding	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The server is using TCP to bind to port 15629.	129	4	4	18	4611686018427387904	80	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	964	532	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:23:00 AM	f4626442-17da-4103-8310-2fd3aafa0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	NetworkBinding	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Windows 8 or later detected, setting transport default mode to UDP + TCP' in CUMRDPListenerBase::Initialize at 422 err=[0x0]	229	4	4	19	4611686018427387904	79	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	964	532	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:23:00 AM	f4626442-17da-4103-8310-2fd3aafa0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Creating standard listener:RDP-Tcp' in CUMRDPProtocolManager::CreateListener at 3850 err=[0x0]	229	4	4	19	4611686018427387904	78	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	964	532	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:23:00 AM	f4626442-17da-4103-8310-2fd3aafa0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Reverse Connection Listener Type not found. Default to TCP only used.' in CUMRDPProtocolManager::CreateListener at 3762 err=[0x2]	227	2	4	19	4611686018427387904	77	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	964	532	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:23:00 AM	f4626442-17da-4103-8310-2fd3aafa0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Reverse Connection Listener Name not found. Default Listener Name will be used.' in CUMRDPProtocolManager::CreateListener at 3749 err=[0x2]	227	2	4	19	4611686018427387904	76	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	964	532	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:23:00 AM	f4626442-17da-4103-8310-2fd3aafa0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'CUMRDPProtocolManager::CreateListener(RDP-Tcp) DEBUG/VM/ReverseTCP/ReverseUDP/INET' in CUMRDPProtocolManager::CreateListener at 3732 err=[0x0]	229	4	4	19	4611686018427387904	75	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	964	532	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:23:00 AM	f4626442-17da-4103-8310-2fd3aafa0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Windows 8 or later detected, setting transport default mode to UDP + TCP' in CUMRDPListenerBase::Initialize at 422 err=[0x0]	229	4	4	19	4611686018427387904	74	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	940	92	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:54:48 AM	f4628412-5c34-4b9c-a1b5-f3dc75f10000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Reverse Connection Listener Type not found. Default to TCP only used.' in CUMRDPProtocolManager::CreateListener at 3762 err=[0x2]	227	2	4	19	4611686018427387904	73	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	940	92	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:54:48 AM	f4628412-5c34-4b9c-a1b5-f3dc75f10000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Reverse Connection Listener Name not found. Default Listener Name will be used.' in CUMRDPProtocolManager::CreateListener at 3749 err=[0x2]	227	2	4	19	4611686018427387904	72	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	940	92	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:54:48 AM	f4628412-5c34-4b9c-a1b5-f3dc75f10000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'CUMRDPProtocolManager::CreateListener(31C5CE94259D4006A9E4) DEBUG/VM/ReverseTCP/ReverseUDP/INET' in CUMRDPProtocolManager::CreateListener at 3732 err=[0x0]	229	4	4	19	4611686018427387904	71	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	940	92	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:54:48 AM	f4628412-5c34-4b9c-a1b5-f3dc75f10000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The server is using UDP to bind to port 15629.	129	4	4	18	4611686018427387904	70	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	940	92	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:54:48 AM	f4628412-5c34-4b9c-a1b5-f3dc75f10000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	NetworkBinding	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The server is using UDP to bind to port 15629.	129	4	4	18	4611686018427387904	69	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	940	92	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:54:48 AM	f4628412-5c34-4b9c-a1b5-f3dc75f10000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	NetworkBinding	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The server is using TCP to bind to port 15629.	129	4	4	18	4611686018427387904	68	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	940	92	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:54:48 AM	f4628412-5c34-4b9c-a1b5-f3dc75f10000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	NetworkBinding	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The server is using TCP to bind to port 15629.	129	4	4	18	4611686018427387904	67	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	940	92	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:54:48 AM	f4628412-5c34-4b9c-a1b5-f3dc75f10000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	NetworkBinding	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Windows 8 or later detected, setting transport default mode to UDP + TCP' in CUMRDPListenerBase::Initialize at 422 err=[0x0]	229	4	4	19	4611686018427387904	66	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	940	92	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:54:48 AM	f4628412-5c34-4b9c-a1b5-f3dc75f10000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Creating standard listener:RDP-Tcp' in CUMRDPProtocolManager::CreateListener at 3850 err=[0x0]	229	4	4	19	4611686018427387904	65	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	940	92	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:54:48 AM	f4628412-5c34-4b9c-a1b5-f3dc75f10000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Reverse Connection Listener Type not found. Default to TCP only used.' in CUMRDPProtocolManager::CreateListener at 3762 err=[0x2]	227	2	4	19	4611686018427387904	64	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	940	92	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:54:48 AM	f4628412-5c34-4b9c-a1b5-f3dc75f10000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Reverse Connection Listener Name not found. Default Listener Name will be used.' in CUMRDPProtocolManager::CreateListener at 3749 err=[0x2]	227	2	4	19	4611686018427387904	63	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	940	92	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:54:48 AM	f4628412-5c34-4b9c-a1b5-f3dc75f10000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'CUMRDPProtocolManager::CreateListener(RDP-Tcp) DEBUG/VM/ReverseTCP/ReverseUDP/INET' in CUMRDPProtocolManager::CreateListener at 3732 err=[0x0]	229	4	4	19	4611686018427387904	62	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	940	92	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:54:48 AM	f4628412-5c34-4b9c-a1b5-f3dc75f10000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Windows 8 or later detected, setting transport default mode to UDP + TCP' in CUMRDPListenerBase::Initialize at 422 err=[0x0]	229	4	4	19	4611686018427387904	61	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	940	1012	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:50:02 AM	f462d7e1-d113-46f5-a693-6bd857000000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Reverse Connection Listener Type not found. Default to TCP only used.' in CUMRDPProtocolManager::CreateListener at 3762 err=[0x2]	227	2	4	19	4611686018427387904	60	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	940	1012	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:50:02 AM	f462d7e1-d113-46f5-a693-6bd857000000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Reverse Connection Listener Name not found. Default Listener Name will be used.' in CUMRDPProtocolManager::CreateListener at 3749 err=[0x2]	227	2	4	19	4611686018427387904	59	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	940	1012	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:50:02 AM	f462d7e1-d113-46f5-a693-6bd857000000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'CUMRDPProtocolManager::CreateListener(31C5CE94259D4006A9E4) DEBUG/VM/ReverseTCP/ReverseUDP/INET' in CUMRDPProtocolManager::CreateListener at 3732 err=[0x0]	229	4	4	19	4611686018427387904	58	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	940	1012	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:50:02 AM	f462d7e1-d113-46f5-a693-6bd857000000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The server is using UDP to bind to port 15629.	129	4	4	18	4611686018427387904	57	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	940	1012	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:50:02 AM	f462d7e1-d113-46f5-a693-6bd857000000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	NetworkBinding	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The server is using UDP to bind to port 15629.	129	4	4	18	4611686018427387904	56	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	940	1012	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:50:02 AM	f462d7e1-d113-46f5-a693-6bd857000000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	NetworkBinding	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The server is using TCP to bind to port 15629.	129	4	4	18	4611686018427387904	55	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	940	1012	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:50:02 AM	f462d7e1-d113-46f5-a693-6bd857000000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	NetworkBinding	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The server is using TCP to bind to port 15629.	129	4	4	18	4611686018427387904	54	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	940	1012	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:50:02 AM	f462d7e1-d113-46f5-a693-6bd857000000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	NetworkBinding	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Windows 8 or later detected, setting transport default mode to UDP + TCP' in CUMRDPListenerBase::Initialize at 422 err=[0x0]	229	4	4	19	4611686018427387904	53	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	940	1012	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:50:02 AM	f462d7e1-d113-46f5-a693-6bd857000000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Creating standard listener:RDP-Tcp' in CUMRDPProtocolManager::CreateListener at 3850 err=[0x0]	229	4	4	19	4611686018427387904	52	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	940	1012	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:50:02 AM	f462d7e1-d113-46f5-a693-6bd857000000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Reverse Connection Listener Type not found. Default to TCP only used.' in CUMRDPProtocolManager::CreateListener at 3762 err=[0x2]	227	2	4	19	4611686018427387904	51	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	940	1012	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:50:02 AM	f462d7e1-d113-46f5-a693-6bd857000000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Reverse Connection Listener Name not found. Default Listener Name will be used.' in CUMRDPProtocolManager::CreateListener at 3749 err=[0x2]	227	2	4	19	4611686018427387904	50	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	940	1012	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:50:02 AM	f462d7e1-d113-46f5-a693-6bd857000000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'CUMRDPProtocolManager::CreateListener(RDP-Tcp) DEBUG/VM/ReverseTCP/ReverseUDP/INET' in CUMRDPProtocolManager::CreateListener at 3732 err=[0x0]	229	4	4	19	4611686018427387904	49	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	940	1012	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:50:02 AM	f462d7e1-d113-46f5-a693-6bd857000000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Windows 8 or later detected, setting transport default mode to UDP + TCP' in CUMRDPListenerBase::Initialize at 422 err=[0x0]	229	4	4	19	4611686018427387904	48	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	972	340	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:23:55 AM	f4624cae-69bd-4d38-876f-5a416b4d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Reverse Connection Listener Type not found. Default to TCP only used.' in CUMRDPProtocolManager::CreateListener at 3762 err=[0x2]	227	2	4	19	4611686018427387904	47	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	972	340	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:23:55 AM	f4624cae-69bd-4d38-876f-5a416b4d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Reverse Connection Listener Name not found. Default Listener Name will be used.' in CUMRDPProtocolManager::CreateListener at 3749 err=[0x2]	227	2	4	19	4611686018427387904	46	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	972	340	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:23:55 AM	f4624cae-69bd-4d38-876f-5a416b4d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'CUMRDPProtocolManager::CreateListener(31C5CE94259D4006A9E4) DEBUG/VM/ReverseTCP/ReverseUDP/INET' in CUMRDPProtocolManager::CreateListener at 3732 err=[0x0]	229	4	4	19	4611686018427387904	45	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	972	340	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:23:55 AM	f4624cae-69bd-4d38-876f-5a416b4d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The server is using UDP to bind to port 15629.	129	4	4	18	4611686018427387904	44	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	972	340	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:23:55 AM	f4624cae-69bd-4d38-876f-5a416b4d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	NetworkBinding	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The server is using UDP to bind to port 15629.	129	4	4	18	4611686018427387904	43	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	972	340	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:23:55 AM	f4624cae-69bd-4d38-876f-5a416b4d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	NetworkBinding	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The server is using TCP to bind to port 15629.	129	4	4	18	4611686018427387904	42	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	972	340	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:23:55 AM	f4624cae-69bd-4d38-876f-5a416b4d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	NetworkBinding	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The server is using TCP to bind to port 15629.	129	4	4	18	4611686018427387904	41	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	972	340	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:23:55 AM	f4624cae-69bd-4d38-876f-5a416b4d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	NetworkBinding	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Windows 8 or later detected, setting transport default mode to UDP + TCP' in CUMRDPListenerBase::Initialize at 422 err=[0x0]	229	4	4	19	4611686018427387904	40	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	972	340	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:23:55 AM	f4624cae-69bd-4d38-876f-5a416b4d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Creating standard listener:RDP-Tcp' in CUMRDPProtocolManager::CreateListener at 3850 err=[0x0]	229	4	4	19	4611686018427387904	39	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	972	340	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:23:55 AM	f4624cae-69bd-4d38-876f-5a416b4d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Reverse Connection Listener Type not found. Default to TCP only used.' in CUMRDPProtocolManager::CreateListener at 3762 err=[0x2]	227	2	4	19	4611686018427387904	38	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	972	340	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:23:55 AM	f4624cae-69bd-4d38-876f-5a416b4d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Reverse Connection Listener Name not found. Default Listener Name will be used.' in CUMRDPProtocolManager::CreateListener at 3749 err=[0x2]	227	2	4	19	4611686018427387904	37	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	972	340	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:23:55 AM	f4624cae-69bd-4d38-876f-5a416b4d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'CUMRDPProtocolManager::CreateListener(RDP-Tcp) DEBUG/VM/ReverseTCP/ReverseUDP/INET' in CUMRDPProtocolManager::CreateListener at 3732 err=[0x0]	229	4	4	19	4611686018427387904	36	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	972	340	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:23:55 AM	f4624cae-69bd-4d38-876f-5a416b4d0000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Windows 8 or later detected, setting transport default mode to UDP + TCP' in CUMRDPListenerBase::Initialize at 422 err=[0x0]	229	4	4	19	4611686018427387904	35	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	940	1020	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 6:06:24 PM	f4621545-cfc5-42fe-bf6f-6d3e31c20000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Reverse Connection Listener Type not found. Default to TCP only used.' in CUMRDPProtocolManager::CreateListener at 3762 err=[0x2]	227	2	4	19	4611686018427387904	34	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	940	1020	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 6:06:24 PM	f4621545-cfc5-42fe-bf6f-6d3e31c20000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Reverse Connection Listener Name not found. Default Listener Name will be used.' in CUMRDPProtocolManager::CreateListener at 3749 err=[0x2]	227	2	4	19	4611686018427387904	33	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	940	1020	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 6:06:24 PM	f4621545-cfc5-42fe-bf6f-6d3e31c20000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'CUMRDPProtocolManager::CreateListener(31C5CE94259D4006A9E4) DEBUG/VM/ReverseTCP/ReverseUDP/INET' in CUMRDPProtocolManager::CreateListener at 3732 err=[0x0]	229	4	4	19	4611686018427387904	32	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	940	1020	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 6:06:24 PM	f4621545-cfc5-42fe-bf6f-6d3e31c20000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The server is using UDP to bind to port 15629.	129	4	4	18	4611686018427387904	31	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	940	1020	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 6:06:24 PM	f4621545-cfc5-42fe-bf6f-6d3e31c20000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	NetworkBinding	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The server is using UDP to bind to port 15629.	129	4	4	18	4611686018427387904	30	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	940	1020	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 6:06:24 PM	f4621545-cfc5-42fe-bf6f-6d3e31c20000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	NetworkBinding	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The server is using TCP to bind to port 15629.	129	4	4	18	4611686018427387904	29	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	940	1020	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 6:06:24 PM	f4621545-cfc5-42fe-bf6f-6d3e31c20000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	NetworkBinding	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The server is using TCP to bind to port 15629.	129	4	4	18	4611686018427387904	28	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	940	1020	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 6:06:24 PM	f4621545-cfc5-42fe-bf6f-6d3e31c20000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	NetworkBinding	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Windows 8 or later detected, setting transport default mode to UDP + TCP' in CUMRDPListenerBase::Initialize at 422 err=[0x0]	229	4	4	19	4611686018427387904	27	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	940	1020	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 6:06:24 PM	f4621545-cfc5-42fe-bf6f-6d3e31c20000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Creating standard listener:RDP-Tcp' in CUMRDPProtocolManager::CreateListener at 3850 err=[0x0]	229	4	4	19	4611686018427387904	26	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	940	1020	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 6:06:24 PM	f4621545-cfc5-42fe-bf6f-6d3e31c20000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Reverse Connection Listener Type not found. Default to TCP only used.' in CUMRDPProtocolManager::CreateListener at 3762 err=[0x2]	227	2	4	19	4611686018427387904	25	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	940	1020	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 6:06:24 PM	f4621545-cfc5-42fe-bf6f-6d3e31c20000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Reverse Connection Listener Name not found. Default Listener Name will be used.' in CUMRDPProtocolManager::CreateListener at 3749 err=[0x2]	227	2	4	19	4611686018427387904	24	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	940	1020	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 6:06:24 PM	f4621545-cfc5-42fe-bf6f-6d3e31c20000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'CUMRDPProtocolManager::CreateListener(RDP-Tcp) DEBUG/VM/ReverseTCP/ReverseUDP/INET' in CUMRDPProtocolManager::CreateListener at 3732 err=[0x0]	229	4	4	19	4611686018427387904	23	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	940	1020	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 6:06:24 PM	f4621545-cfc5-42fe-bf6f-6d3e31c20000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Windows 8 or later detected, setting transport default mode to UDP + TCP' in CUMRDPListenerBase::Initialize at 422 err=[0x0]	229	4	4	19	4611686018427387904	22	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	956	88	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 5:42:11 PM	f462c821-a45c-45f2-8bbb-cfbb56220000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Reverse Connection Listener Type not found. Default to TCP only used.' in CUMRDPProtocolManager::CreateListener at 3762 err=[0x2]	227	2	4	19	4611686018427387904	21	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	956	88	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 5:42:11 PM	f462c821-a45c-45f2-8bbb-cfbb56220000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Reverse Connection Listener Name not found. Default Listener Name will be used.' in CUMRDPProtocolManager::CreateListener at 3749 err=[0x2]	227	2	4	19	4611686018427387904	20	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	956	88	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 5:42:11 PM	f462c821-a45c-45f2-8bbb-cfbb56220000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'CUMRDPProtocolManager::CreateListener(31C5CE94259D4006A9E4) DEBUG/VM/ReverseTCP/ReverseUDP/INET' in CUMRDPProtocolManager::CreateListener at 3732 err=[0x0]	229	4	4	19	4611686018427387904	19	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	956	88	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 5:42:11 PM	f462c821-a45c-45f2-8bbb-cfbb56220000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The server is using UDP to bind to port 15629.	129	4	4	18	4611686018427387904	18	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	956	88	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 5:42:11 PM	f462c821-a45c-45f2-8bbb-cfbb56220000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	NetworkBinding	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The server is using UDP to bind to port 15629.	129	4	4	18	4611686018427387904	17	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	956	88	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 5:42:11 PM	f462c821-a45c-45f2-8bbb-cfbb56220000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	NetworkBinding	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The server is using TCP to bind to port 15629.	129	4	4	18	4611686018427387904	16	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	956	88	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 5:42:11 PM	f462c821-a45c-45f2-8bbb-cfbb56220000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	NetworkBinding	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The server is using TCP to bind to port 15629.	129	4	4	18	4611686018427387904	15	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	956	88	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 5:42:11 PM	f462c821-a45c-45f2-8bbb-cfbb56220000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	NetworkBinding	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Windows 8 or later detected, setting transport default mode to UDP + TCP' in CUMRDPListenerBase::Initialize at 422 err=[0x0]	229	4	4	19	4611686018427387904	14	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	956	88	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 5:42:11 PM	f462c821-a45c-45f2-8bbb-cfbb56220000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Creating standard listener:RDP-Tcp' in CUMRDPProtocolManager::CreateListener at 3850 err=[0x0]	229	4	4	19	4611686018427387904	13	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	956	88	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 5:42:11 PM	f462c821-a45c-45f2-8bbb-cfbb56220000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Reverse Connection Listener Type not found. Default to TCP only used.' in CUMRDPProtocolManager::CreateListener at 3762 err=[0x2]	227	2	4	19	4611686018427387904	12	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	956	88	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 5:42:11 PM	f462c821-a45c-45f2-8bbb-cfbb56220000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Reverse Connection Listener Name not found. Default Listener Name will be used.' in CUMRDPProtocolManager::CreateListener at 3749 err=[0x2]	227	2	4	19	4611686018427387904	11	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	956	88	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 5:42:11 PM	f462c821-a45c-45f2-8bbb-cfbb56220000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'CUMRDPProtocolManager::CreateListener(RDP-Tcp) DEBUG/VM/ReverseTCP/ReverseUDP/INET' in CUMRDPProtocolManager::CreateListener at 3732 err=[0x0]	229	4	4	19	4611686018427387904	10	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	956	88	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 5:42:11 PM	f462c821-a45c-45f2-8bbb-cfbb56220000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The server is using UDP to bind to port 15629.	129	4	4	18	4611686018427387904	9	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	2980	3032	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 5:02:04 PM	f462ae1e-ecf4-4ef1-9123-eb41fc650000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	NetworkBinding	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The server is using UDP to bind to port 15629.	129	4	4	18	4611686018427387904	8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	2980	3032	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 5:02:04 PM	f462ae1e-ecf4-4ef1-9123-eb41fc650000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	NetworkBinding	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The server is using TCP to bind to port 15629.	129	4	4	18	4611686018427387904	7	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	2980	3032	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 5:02:04 PM	f462ae1e-ecf4-4ef1-9123-eb41fc650000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	NetworkBinding	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
The server is using TCP to bind to port 15629.	129	4	4	18	4611686018427387904	6	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	2980	3032	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 5:02:04 PM	f462ae1e-ecf4-4ef1-9123-eb41fc650000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	NetworkBinding	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Windows 8 or later detected, setting transport default mode to UDP + TCP' in CUMRDPListenerBase::Initialize at 422 err=[0x0]	229	4	4	19	4611686018427387904	5	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	2980	3032	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 5:02:04 PM	f462ae1e-ecf4-4ef1-9123-eb41fc650000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Creating standard listener:RDP-Tcp' in CUMRDPProtocolManager::CreateListener at 3850 err=[0x0]	229	4	4	19	4611686018427387904	4	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	2980	3032	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 5:02:04 PM	f462ae1e-ecf4-4ef1-9123-eb41fc650000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Reverse Connection Listener Type not found. Default to TCP only used.' in CUMRDPProtocolManager::CreateListener at 3762 err=[0x2]	227	2	4	19	4611686018427387904	3	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	2980	3032	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 5:02:04 PM	f462ae1e-ecf4-4ef1-9123-eb41fc650000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'Reverse Connection Listener Name not found. Default Listener Name will be used.' in CUMRDPProtocolManager::CreateListener at 3749 err=[0x2]	227	2	4	19	4611686018427387904	2	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	2980	3032	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 5:02:04 PM	f462ae1e-ecf4-4ef1-9123-eb41fc650000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
'CUMRDPProtocolManager::CreateListener(RDP-Tcp) DEBUG/VM/ReverseTCP/ReverseUDP/INET' in CUMRDPProtocolManager::CreateListener at 3732 err=[0x0]	229	4	4	19	4611686018427387904	1	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS	1139c61b-b549-4251-8ed3-27250a1edec8	Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational	2980	3032	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 5:02:04 PM	f462ae1e-ecf4-4ef1-9123-eb41fc650000	microsoft-windows-remotedesktopservices-rdpcorets/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Runtime	RemoteFX module	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]