| Message | Id | Version | Qualifiers | Level | Task | Opcode | Keywords | RecordId | ProviderName | ProviderId | LogName | ProcessId | ThreadId | MachineName | UserId | TimeCreated | ActivityId | RelatedActivityId | ContainerLog | MatchedQueryIds | Bookmark | LevelDisplayName | OpcodeDisplayName | TaskDisplayName | KeywordsDisplayNames | Properties |
|---|
| The Software Protection service has stopped.
| 903 | 0 | 16384 | 0 | 0 | 0 | 36028797018963968 | 621 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1.nc-master-1.local | | 1/29/2022 10:13:10 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully scheduled Software Protection service for re-start at 2022-01-30T22:12:10Z. Reason: TBL. | 16384 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 620 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1.nc-master-1.local | | 1/29/2022 10:13:10 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has started.
10.0.14393.351 | 902 | 0 | 16384 | 0 | 0 | 0 | 36028797018963968 | 619 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1.nc-master-1.local | | 1/29/2022 10:12:40 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Time-based license remaining validity time 259075 minutes. | 1037 | 0 | 32768 | 4 | 0 | 0 | 36028797018963968 | 618 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1.nc-master-1.local | | 1/29/2022 10:12:40 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has completed licensing status check.
Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
Licensing Status=
1: 9dfa8ec0-7665-4b9d-b2cb-bfc2dc37c9f4, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0x00000000 180 259075)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )]
| 1003 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 617 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1.nc-master-1.local | | 1/29/2022 10:12:40 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Initialization status for service objects.
C:\windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000
| 1066 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 616 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1.nc-master-1.local | | 1/29/2022 10:12:40 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service is starting.
Parameters:caller=wlms.exe | 900 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 615 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1.nc-master-1.local | | 1/29/2022 10:12:40 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T22:07:23.588Coordinated Universal Time 1 0 libwnbd.dll!WnbdWaitDispatcher INFO The dispatcher isn't running. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 614 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 10:07:23 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T22:07:23.588Coordinated Universal Time 1 0 libwnbd.dll!WnbdIoctlShow INFO Could not find the specified disk. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 613 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 10:07:23 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T22:07:23.572Coordinated Universal Time 1e 0 libwnbd.dll!WnbdHandleRequest INFO Received disconnect request. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 612 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 10:07:23 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T22:07:23.572Coordinated Universal Time 1d 0 libwnbd.dll!WnbdHandleRequest INFO Received disconnect request. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 611 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 10:07:23 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T22:07:23.572Coordinated Universal Time 1f 0 libwnbd.dll!WnbdHandleRequest INFO Received disconnect request. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 610 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 10:07:23 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T22:07:23.572Coordinated Universal Time 1c 0 libwnbd.dll!WnbdHandleRequest INFO Received disconnect request. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 609 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 10:07:23 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T22:04:57.064Coordinated Universal Time 1 0 libwnbd.dll!WnbdCreate INFO Mapped device. Connection id: 13. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 608 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 10:04:57 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T22:04:56.935Coordinated Universal Time 1 0 rbd-wnbd: Mapping RBD image: volumes/volume-c67b06c0-6f82-48ec-a2ca-52b8c5a21631 | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 607 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 10:04:56 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T22:04:56.935Coordinated Universal Time 1 0 ceph version 15.0.0-20191-g654a88ba0b (654a88ba0b699ab0f12fa98de3845c4501e3985b) pacific (dev), process rbd-wnbd, pid 6024 | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 606 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 10:04:56 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T22:04:56.579Coordinated Universal Time 1 -1 rbd-wnbd: Could not load registry disk info for: volumes/volume-c67b06c0-6f82-48ec-a2ca-52b8c5a21631. Error: -2 | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 605 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 10:04:56 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T21:43:23.536Coordinated Universal Time 1 0 libwnbd.dll!WnbdWaitDispatcher INFO The dispatcher isn't running. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 604 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 9:43:23 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T21:43:23.536Coordinated Universal Time 1 0 libwnbd.dll!WnbdIoctlShow INFO Could not find the specified disk. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 603 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 9:43:23 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T21:43:23.536Coordinated Universal Time 1f 0 libwnbd.dll!WnbdHandleRequest INFO Received disconnect request. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 602 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 9:43:23 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T21:43:23.536Coordinated Universal Time 1e 0 libwnbd.dll!WnbdHandleRequest INFO Received disconnect request. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 601 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 9:43:23 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T21:43:23.536Coordinated Universal Time 1c 0 libwnbd.dll!WnbdHandleRequest INFO Received disconnect request. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 600 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 9:43:23 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T21:43:23.536Coordinated Universal Time 1d 0 libwnbd.dll!WnbdHandleRequest INFO Received disconnect request. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 599 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 9:43:23 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T21:43:17.411Coordinated Universal Time 1 0 libwnbd.dll!WnbdCreate INFO Mapped device. Connection id: 12. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 598 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 9:43:17 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T21:43:17.324Coordinated Universal Time 1 0 rbd-wnbd: Mapping RBD image: volumes/volume-635d0b4c-1f18-4627-b307-24fe28e991cb | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 597 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 9:43:17 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T21:43:17.324Coordinated Universal Time 1 0 ceph version 15.0.0-20191-g654a88ba0b (654a88ba0b699ab0f12fa98de3845c4501e3985b) pacific (dev), process rbd-wnbd, pid 5580 | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 596 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 9:43:17 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T21:43:16.934Coordinated Universal Time 1 -1 rbd-wnbd: Could not load registry disk info for: volumes/volume-635d0b4c-1f18-4627-b307-24fe28e991cb. Error: -2 | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 595 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 9:43:16 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has stopped.
| 903 | 0 | 16384 | 0 | 0 | 0 | 36028797018963968 | 594 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1.nc-master-1.local | | 1/29/2022 9:43:10 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully scheduled Software Protection service for re-start at 2022-01-30T21:42:10Z. Reason: TBL. | 16384 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 593 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1.nc-master-1.local | | 1/29/2022 9:43:10 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has started.
10.0.14393.351 | 902 | 0 | 16384 | 0 | 0 | 0 | 36028797018963968 | 592 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1.nc-master-1.local | | 1/29/2022 9:42:40 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Time-based license remaining validity time 259105 minutes. | 1037 | 0 | 32768 | 4 | 0 | 0 | 36028797018963968 | 591 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1.nc-master-1.local | | 1/29/2022 9:42:40 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has completed licensing status check.
Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
Licensing Status=
1: 9dfa8ec0-7665-4b9d-b2cb-bfc2dc37c9f4, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0x00000000 180 259105)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )]
| 1003 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 590 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1.nc-master-1.local | | 1/29/2022 9:42:39 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Initialization status for service objects.
C:\windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000
| 1066 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 589 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1.nc-master-1.local | | 1/29/2022 9:42:39 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service is starting.
Parameters:caller=wlms.exe | 900 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 588 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1.nc-master-1.local | | 1/29/2022 9:42:39 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T21:26:44.038Coordinated Universal Time 1 0 libwnbd.dll!WnbdWaitDispatcher INFO The dispatcher isn't running. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 587 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 9:26:44 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T21:26:44.038Coordinated Universal Time 1 0 libwnbd.dll!WnbdIoctlShow INFO Could not find the specified disk. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 586 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 9:26:44 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T21:26:44.038Coordinated Universal Time 1d 0 libwnbd.dll!WnbdHandleRequest INFO Received disconnect request. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 585 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 9:26:44 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T21:26:44.038Coordinated Universal Time 1f 0 libwnbd.dll!WnbdHandleRequest INFO Received disconnect request. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 584 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 9:26:44 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T21:26:44.038Coordinated Universal Time 1e 0 libwnbd.dll!WnbdHandleRequest INFO Received disconnect request. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 583 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 9:26:44 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T21:26:44.038Coordinated Universal Time 1c 0 libwnbd.dll!WnbdHandleRequest INFO Received disconnect request. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 582 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 9:26:44 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T21:25:33.757Coordinated Universal Time 1 0 libwnbd.dll!WnbdCreate INFO Mapped device. Connection id: 11. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 581 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 9:25:33 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T21:25:33.662Coordinated Universal Time 1 0 rbd-wnbd: Mapping RBD image: volumes/volume-3b58e828-0a9f-4cf2-be3d-4d994fa321f2 | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 580 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 9:25:33 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T21:25:33.662Coordinated Universal Time 1 0 ceph version 15.0.0-20191-g654a88ba0b (654a88ba0b699ab0f12fa98de3845c4501e3985b) pacific (dev), process rbd-wnbd, pid 5996 | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 579 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 9:25:33 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T21:25:33.295Coordinated Universal Time 1 -1 rbd-wnbd: Could not load registry disk info for: volumes/volume-3b58e828-0a9f-4cf2-be3d-4d994fa321f2. Error: -2 | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 578 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 9:25:33 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T21:20:45.030Coordinated Universal Time 1 0 libwnbd.dll!WnbdWaitDispatcher INFO The dispatcher isn't running. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 577 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 9:20:45 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T21:20:45.030Coordinated Universal Time 1 0 libwnbd.dll!WnbdIoctlShow INFO Could not find the specified disk. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 576 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 9:20:45 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T21:20:45.019Coordinated Universal Time 1f 0 libwnbd.dll!WnbdHandleRequest INFO Received disconnect request. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 575 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 9:20:45 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T21:20:45.019Coordinated Universal Time 1d 0 libwnbd.dll!WnbdHandleRequest INFO Received disconnect request. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 574 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 9:20:45 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T21:20:45.019Coordinated Universal Time 1e 0 libwnbd.dll!WnbdHandleRequest INFO Received disconnect request. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 573 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 9:20:45 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T21:20:45.019Coordinated Universal Time 1c 0 libwnbd.dll!WnbdHandleRequest INFO Received disconnect request. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 572 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 9:20:45 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T21:19:40.450Coordinated Universal Time 1 0 libwnbd.dll!WnbdCreate INFO Mapped device. Connection id: 10. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 571 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 9:19:40 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T21:19:40.350Coordinated Universal Time 1 0 rbd-wnbd: Mapping RBD image: volumes/volume-ab55244a-8e54-4c7e-8fd3-7e2fbe6cf0b6 | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 570 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 9:19:40 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T21:19:40.350Coordinated Universal Time 1 0 ceph version 15.0.0-20191-g654a88ba0b (654a88ba0b699ab0f12fa98de3845c4501e3985b) pacific (dev), process rbd-wnbd, pid 5504 | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 569 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 9:19:40 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T21:19:39.995Coordinated Universal Time 1 -1 rbd-wnbd: Could not load registry disk info for: volumes/volume-ab55244a-8e54-4c7e-8fd3-7e2fbe6cf0b6. Error: -2 | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 568 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 9:19:39 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has stopped.
| 903 | 0 | 16384 | 0 | 0 | 0 | 36028797018963968 | 567 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1.nc-master-1.local | | 1/29/2022 9:13:09 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully scheduled Software Protection service for re-start at 2022-01-30T21:12:09Z. Reason: TBL. | 16384 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 566 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1.nc-master-1.local | | 1/29/2022 9:13:09 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has started.
10.0.14393.351 | 902 | 0 | 16384 | 0 | 0 | 0 | 36028797018963968 | 565 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1.nc-master-1.local | | 1/29/2022 9:12:39 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Time-based license remaining validity time 259135 minutes. | 1037 | 0 | 32768 | 4 | 0 | 0 | 36028797018963968 | 564 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1.nc-master-1.local | | 1/29/2022 9:12:39 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has completed licensing status check.
Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
Licensing Status=
1: 9dfa8ec0-7665-4b9d-b2cb-bfc2dc37c9f4, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0x00000000 180 259135)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )]
| 1003 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 563 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1.nc-master-1.local | | 1/29/2022 9:12:39 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Initialization status for service objects.
C:\windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000
| 1066 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 562 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1.nc-master-1.local | | 1/29/2022 9:12:39 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service is starting.
Parameters:caller=wlms.exe | 900 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 561 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1.nc-master-1.local | | 1/29/2022 9:12:39 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T21:07:02.496Coordinated Universal Time 1 0 libwnbd.dll!WnbdWaitDispatcher INFO The dispatcher isn't running. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 560 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 9:07:02 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T21:07:02.496Coordinated Universal Time 1 0 libwnbd.dll!WnbdIoctlShow INFO Could not find the specified disk. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 559 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 9:07:02 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T21:07:02.496Coordinated Universal Time 1f 0 libwnbd.dll!WnbdHandleRequest INFO Received disconnect request. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 558 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 9:07:02 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T21:07:02.496Coordinated Universal Time 1e 0 libwnbd.dll!WnbdHandleRequest INFO Received disconnect request. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 557 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 9:07:02 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T21:07:02.496Coordinated Universal Time 1d 0 libwnbd.dll!WnbdHandleRequest INFO Received disconnect request. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 556 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 9:07:02 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T21:07:02.496Coordinated Universal Time 1c 0 libwnbd.dll!WnbdHandleRequest INFO Received disconnect request. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 555 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 9:07:02 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T21:05:45.315Coordinated Universal Time 1 0 libwnbd.dll!WnbdCreate INFO Mapped device. Connection id: 9. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 554 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 9:05:45 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T21:05:45.163Coordinated Universal Time 1 0 rbd-wnbd: Mapping RBD image: volumes/volume-7e8cfa75-20c6-4bb8-ba8f-f16b6befc7a0 | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 553 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 9:05:45 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T21:05:45.163Coordinated Universal Time 1 0 ceph version 15.0.0-20191-g654a88ba0b (654a88ba0b699ab0f12fa98de3845c4501e3985b) pacific (dev), process rbd-wnbd, pid 4364 | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 552 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 9:05:45 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T21:05:44.706Coordinated Universal Time 1 -1 rbd-wnbd: Could not load registry disk info for: volumes/volume-7e8cfa75-20c6-4bb8-ba8f-f16b6befc7a0. Error: -2 | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 551 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 9:05:44 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T21:01:01.715Coordinated Universal Time 1 0 libwnbd.dll!WnbdWaitDispatcher INFO The dispatcher isn't running. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 550 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 9:01:01 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T21:01:01.715Coordinated Universal Time 1 0 libwnbd.dll!WnbdIoctlShow INFO Could not find the specified disk. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 549 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 9:01:01 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T21:01:01.715Coordinated Universal Time 1f 0 libwnbd.dll!WnbdHandleRequest INFO Received disconnect request. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 548 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 9:01:01 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T21:01:01.699Coordinated Universal Time 1e 0 libwnbd.dll!WnbdHandleRequest INFO Received disconnect request. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 547 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 9:01:01 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T21:01:01.699Coordinated Universal Time 1d 0 libwnbd.dll!WnbdHandleRequest INFO Received disconnect request. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 546 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 9:01:01 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T21:01:01.699Coordinated Universal Time 1c 0 libwnbd.dll!WnbdHandleRequest INFO Received disconnect request. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 545 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 9:01:01 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T21:00:58.750Coordinated Universal Time 1 0 libwnbd.dll!WnbdCreate INFO Mapped device. Connection id: 8. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 544 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 9:00:58 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T21:00:58.591Coordinated Universal Time 1 0 rbd-wnbd: Mapping RBD image: volumes/volume-0e406c47-282d-4d04-a08f-8cfecc4290c6 | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 543 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 9:00:58 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T21:00:58.591Coordinated Universal Time 1 0 ceph version 15.0.0-20191-g654a88ba0b (654a88ba0b699ab0f12fa98de3845c4501e3985b) pacific (dev), process rbd-wnbd, pid 3392 | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 542 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 9:00:58 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T21:00:58.199Coordinated Universal Time 1 -1 rbd-wnbd: Could not load registry disk info for: volumes/volume-0e406c47-282d-4d04-a08f-8cfecc4290c6. Error: -2 | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 541 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 9:00:58 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:56:05.599Coordinated Universal Time 1 0 libwnbd.dll!WnbdWaitDispatcher INFO The dispatcher isn't running. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 540 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:56:05 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:56:05.599Coordinated Universal Time 1 0 libwnbd.dll!WnbdIoctlShow INFO Could not find the specified disk. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 539 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:56:05 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:56:05.599Coordinated Universal Time 1e 0 libwnbd.dll!WnbdHandleRequest INFO Received disconnect request. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 538 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:56:05 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:56:05.599Coordinated Universal Time 1f 0 libwnbd.dll!WnbdHandleRequest INFO Received disconnect request. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 537 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:56:05 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:56:05.599Coordinated Universal Time 1d 0 libwnbd.dll!WnbdHandleRequest INFO Received disconnect request. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 536 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:56:05 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:56:05.599Coordinated Universal Time 1c 0 libwnbd.dll!WnbdHandleRequest INFO Received disconnect request. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 535 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:56:05 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:55:36.870Coordinated Universal Time 1 0 libwnbd.dll!WnbdCreate INFO Mapped device. Connection id: 7. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 534 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:55:36 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:55:36.698Coordinated Universal Time 1 0 rbd-wnbd: Mapping RBD image: volumes/volume-8eda1e64-86ba-46a5-aebf-7b4f1e362b3f | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 533 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:55:36 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:55:36.698Coordinated Universal Time 1 0 ceph version 15.0.0-20191-g654a88ba0b (654a88ba0b699ab0f12fa98de3845c4501e3985b) pacific (dev), process rbd-wnbd, pid 3804 | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 532 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:55:36 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:55:36.336Coordinated Universal Time 1 -1 rbd-wnbd: Could not load registry disk info for: volumes/volume-8eda1e64-86ba-46a5-aebf-7b4f1e362b3f. Error: -2 | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 531 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:55:36 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:55:19.973Coordinated Universal Time 1 0 libwnbd.dll!WnbdWaitDispatcher INFO The dispatcher isn't running. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 530 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:55:19 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:55:19.973Coordinated Universal Time 1 0 libwnbd.dll!WnbdIoctlShow INFO Could not find the specified disk. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 529 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:55:19 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:55:19.973Coordinated Universal Time 1d 0 libwnbd.dll!WnbdHandleRequest INFO Received disconnect request. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 528 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:55:19 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:55:19.973Coordinated Universal Time 1f 0 libwnbd.dll!WnbdHandleRequest INFO Received disconnect request. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 527 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:55:19 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:55:19.973Coordinated Universal Time 1e 0 libwnbd.dll!WnbdHandleRequest INFO Received disconnect request. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 526 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:55:19 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:55:19.973Coordinated Universal Time 1c 0 libwnbd.dll!WnbdHandleRequest INFO Received disconnect request. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 525 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:55:19 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:55:02.943Coordinated Universal Time 1 0 libwnbd.dll!WnbdWaitDispatcher INFO The dispatcher isn't running. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 524 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:55:02 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:55:02.943Coordinated Universal Time 1 0 libwnbd.dll!WnbdIoctlShow INFO Could not find the specified disk. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 523 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:55:02 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:55:02.927Coordinated Universal Time 1e 0 libwnbd.dll!WnbdHandleRequest INFO Received disconnect request. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 522 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:55:02 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:55:02.927Coordinated Universal Time 1d 0 libwnbd.dll!WnbdHandleRequest INFO Received disconnect request. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 521 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:55:02 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:55:02.927Coordinated Universal Time 1f 0 libwnbd.dll!WnbdHandleRequest INFO Received disconnect request. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 520 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:55:02 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:55:02.927Coordinated Universal Time 1c 0 libwnbd.dll!WnbdHandleRequest INFO Received disconnect request. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 519 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:55:02 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:54:59.473Coordinated Universal Time 1 0 libwnbd.dll!WnbdCreate INFO Mapped device. Connection id: 6. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 518 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:54:59 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:54:59.379Coordinated Universal Time 1 0 rbd-wnbd: Mapping RBD image: volumes/volume-3338b79e-f1f2-4a40-a449-d821ab32db3e | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 517 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:54:59 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:54:59.379Coordinated Universal Time 1 0 ceph version 15.0.0-20191-g654a88ba0b (654a88ba0b699ab0f12fa98de3845c4501e3985b) pacific (dev), process rbd-wnbd, pid 5204 | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 516 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:54:59 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:54:59.145Coordinated Universal Time 1 0 libwnbd.dll!WnbdWaitDispatcher INFO The dispatcher isn't running. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 515 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:54:59 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:54:59.145Coordinated Universal Time 1 0 libwnbd.dll!WnbdIoctlShow INFO Could not find the specified disk. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 514 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:54:59 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:54:59.145Coordinated Universal Time 1f 0 libwnbd.dll!WnbdHandleRequest INFO Received disconnect request. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 513 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:54:59 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:54:59.130Coordinated Universal Time 1e 0 libwnbd.dll!WnbdHandleRequest INFO Received disconnect request. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 512 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:54:59 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:54:59.130Coordinated Universal Time 1c 0 libwnbd.dll!WnbdHandleRequest INFO Received disconnect request. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 511 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:54:59 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:54:59.130Coordinated Universal Time 1d 0 libwnbd.dll!WnbdHandleRequest INFO Received disconnect request. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 510 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:54:59 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:54:36.707Coordinated Universal Time 1 0 libwnbd.dll!WnbdCreate INFO Mapped device. Connection id: 5. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 509 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:54:36 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:54:36.571Coordinated Universal Time 1 0 rbd-wnbd: Mapping RBD image: volumes/volume-cba11deb-d106-470d-9716-98b046d7dece | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 508 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:54:36 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:54:36.571Coordinated Universal Time 1 0 ceph version 15.0.0-20191-g654a88ba0b (654a88ba0b699ab0f12fa98de3845c4501e3985b) pacific (dev), process rbd-wnbd, pid 568 | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 507 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:54:36 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:54:36.555Coordinated Universal Time 1 -1 rbd-wnbd: Could not load registry disk info for: volumes/volume-3338b79e-f1f2-4a40-a449-d821ab32db3e. Error: -2 | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 506 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:54:36 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:53:53.351Coordinated Universal Time 1 0 libwnbd.dll!WnbdCreate INFO Mapped device. Connection id: 4. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 505 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:53:53 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:53:53.245Coordinated Universal Time 1 0 rbd-wnbd: Mapping RBD image: volumes/volume-19eb68a0-1d8d-4519-9ceb-4ddb7679608a | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 504 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:53:53 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:53:53.245Coordinated Universal Time 1 0 ceph version 15.0.0-20191-g654a88ba0b (654a88ba0b699ab0f12fa98de3845c4501e3985b) pacific (dev), process rbd-wnbd, pid 5056 | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 503 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:53:53 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:53:53.211Coordinated Universal Time 1 -1 rbd-wnbd: Could not load registry disk info for: volumes/volume-cba11deb-d106-470d-9716-98b046d7dece. Error: -2 | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 502 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:53:53 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:53:34.558Coordinated Universal Time 1 -1 rbd-wnbd: Could not load registry disk info for: volumes/volume-19eb68a0-1d8d-4519-9ceb-4ddb7679608a. Error: -2 | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 501 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:53:34 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Performance counters for the WmiApRpl (WmiApRpl) service were loaded successfully. The Record Data in the data section contains the new index values assigned to this service. | 1000 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 500 | Microsoft-Windows-LoadPerf | 122ee297-bb47-41ae-b265-1ca8d1886d40 | Application | 4868 | 2216 | nch1-master-1.nc-master-1.local | S-1-5-18 | 1/29/2022 8:50:33 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:50:14.548Coordinated Universal Time 1 0 libwnbd.dll!WnbdWaitDispatcher INFO The dispatcher isn't running. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 499 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:50:14 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:50:14.548Coordinated Universal Time 1 0 libwnbd.dll!WnbdIoctlShow INFO Could not find the specified disk. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 498 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:50:14 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:50:14.527Coordinated Universal Time 1c 0 libwnbd.dll!WnbdHandleRequest INFO Received disconnect request. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 497 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:50:14 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:50:14.527Coordinated Universal Time 1e 0 libwnbd.dll!WnbdHandleRequest INFO Received disconnect request. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 496 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:50:14 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:50:14.527Coordinated Universal Time 1f 0 libwnbd.dll!WnbdHandleRequest INFO Received disconnect request. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 495 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:50:14 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:50:14.527Coordinated Universal Time 1d 0 libwnbd.dll!WnbdHandleRequest INFO Received disconnect request. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 494 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:50:14 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:49:53.262Coordinated Universal Time 1 0 libwnbd.dll!WnbdCreate INFO Mapped device. Connection id: 3. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 493 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:49:53 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:49:53.144Coordinated Universal Time 1 0 rbd-wnbd: Mapping RBD image: volumes/volume-3751bb46-9a8b-4302-9c63-b2bed6fccd8d | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 492 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:49:53 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:49:53.144Coordinated Universal Time 1 0 ceph version 15.0.0-20191-g654a88ba0b (654a88ba0b699ab0f12fa98de3845c4501e3985b) pacific (dev), process rbd-wnbd, pid 4648 | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 491 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:49:53 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:49:52.730Coordinated Universal Time 1 -1 rbd-wnbd: Could not load registry disk info for: volumes/volume-3751bb46-9a8b-4302-9c63-b2bed6fccd8d. Error: -2 | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 490 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:49:52 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:48:54.531Coordinated Universal Time 1 0 libwnbd.dll!WnbdWaitDispatcher INFO The dispatcher isn't running. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 489 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:48:54 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:48:54.531Coordinated Universal Time 1 0 libwnbd.dll!WnbdIoctlShow INFO Could not find the specified disk. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 488 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:48:54 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:48:54.531Coordinated Universal Time 1f 0 libwnbd.dll!WnbdHandleRequest INFO Received disconnect request. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 487 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:48:54 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:48:54.531Coordinated Universal Time 1d 0 libwnbd.dll!WnbdHandleRequest INFO Received disconnect request. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 486 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:48:54 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:48:54.531Coordinated Universal Time 1c 0 libwnbd.dll!WnbdHandleRequest INFO Received disconnect request. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 485 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:48:54 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:48:54.531Coordinated Universal Time 1e 0 libwnbd.dll!WnbdHandleRequest INFO Received disconnect request. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 484 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:48:54 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:48:32.404Coordinated Universal Time 1 0 libwnbd.dll!WnbdCreate INFO Mapped device. Connection id: 2. | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 483 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:48:32 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:48:32.247Coordinated Universal Time 1 0 rbd-wnbd: Mapping RBD image: volumes/volume-2f30ed55-0acd-4ecb-ab85-59809b7d14bd | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 482 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:48:32 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:48:32.247Coordinated Universal Time 1 0 ceph version 15.0.0-20191-g654a88ba0b (654a88ba0b699ab0f12fa98de3845c4501e3985b) pacific (dev), process rbd-wnbd, pid 4132 | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 481 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:48:32 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 2022-01-29T20:48:31.764Coordinated Universal Time 1 -1 rbd-wnbd: Could not load registry disk info for: volumes/volume-2f30ed55-0acd-4ecb-ab85-59809b7d14bd. Error: -2 | 2 | | 16384 | 4 | 0 | | 36028797018963968 | 480 | rbd-wnbd | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:48:31 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has stopped.
| 903 | 0 | 16384 | 0 | 0 | 0 | 36028797018963968 | 479 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1.nc-master-1.local | | 1/29/2022 8:45:11 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully scheduled Software Protection service for re-start at 2022-01-30T20:44:11Z. Reason: TBL. | 16384 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 478 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1.nc-master-1.local | | 1/29/2022 8:45:11 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has started.
10.0.14393.351 | 902 | 0 | 16384 | 0 | 0 | 0 | 36028797018963968 | 477 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1.nc-master-1.local | | 1/29/2022 8:44:41 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Time-based license remaining validity time 259163 minutes. | 1037 | 0 | 32768 | 4 | 0 | 0 | 36028797018963968 | 476 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1.nc-master-1.local | | 1/29/2022 8:44:41 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has completed licensing status check.
Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
Licensing Status=
1: 9dfa8ec0-7665-4b9d-b2cb-bfc2dc37c9f4, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0x00000000 180 259163)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )]
| 1003 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 475 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1.nc-master-1.local | | 1/29/2022 8:44:41 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Initialization status for service objects.
C:\windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000
| 1066 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 474 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1.nc-master-1.local | | 1/29/2022 8:44:41 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service is starting.
Parameters:<none> | 900 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 473 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1.nc-master-1.local | | 1/29/2022 8:44:40 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSDTC started with the following settings:
Security Configuration (OFF = 0 and ON = 1):
Allow Remote Administrator = 0,
Network Clients = 0,
Transaction Manager Communication:
Allow Inbound Transactions = 0,
Allow Outbound Transactions = 0,
Transaction Internet Protocol (TIP) = 0,
Enable XA Transactions = 0,
Enable SNA LU 6.2 Transactions = 1,
MSDTC Communications Security = Mutual Authentication Required,
Account = NT AUTHORITY\NetworkService,
Firewall Exclusion Detected = 0
Transaction Bridge Installed = 0
Filtering Duplicate Events = 1
| 4202 | 0 | 16384 | 4 | 2 | 0 | 36028797018963968 | 472 | Microsoft-Windows-MSDTC 2 | 5d9e0020-3761-4f36-90c8-38ce6511bd12 | Application | 0 | 0 | nch1-master-1.nc-master-1.local | | 1/29/2022 8:44:40 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | TM | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 0 | | 0 | 4 | 0 | | 36028797018963968 | 471 | neutron-hyperv-agent | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:43:35 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | | | | | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 0 | | 0 | 4 | 0 | | 36028797018963968 | 470 | nova-compute | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:43:32 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | | | | | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Search Service has created default configuration for new user 'NC-MASTER-1\administrator' .
| 5 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 469 | Microsoft-Windows-Search-ProfileNotify | fc6f77dd-769a-470e-bcf9-1b6555a118be | Application | 0 | 0 | nch1-master-1.nc-master-1.local | | 1/29/2022 8:43:30 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has stopped.
| 903 | 0 | 16384 | 0 | 0 | 0 | 36028797018963968 | 468 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1.nc-master-1.local | | 1/29/2022 8:43:19 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully scheduled Software Protection service for re-start at 2022-01-30T20:42:19Z. Reason: TBL. | 16384 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 467 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1.nc-master-1.local | | 1/29/2022 8:43:19 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 0 | | 0 | 4 | 0 | | 36028797018963968 | 466 | cloudbase-init | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:42:58 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | | | | | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Security policy in the Group policy objects has been applied successfully. | 1704 | | 16384 | 4 | 0 | | 36028797018963968 | 465 | SceCli | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:42:42 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Management Instrumentation Service subsystems initialized successfully | 5617 | 2 | | 4 | 0 | 0 | -9223372036854775808 | 464 | Microsoft-Windows-WMI | 1edeee53-0afe-4609-b846-d8c0b2075b1f | Application | 1464 | 2404 | nch1-master-1.nc-master-1.local | S-1-5-18 | 1/29/2022 8:42:41 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 0 | | 0 | 4 | 0 | | 36028797018963968 | 463 | cloudbase-init | | Application | | | nch1-master-1.nc-master-1.local | | 1/29/2022 8:42:39 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | | | | | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has started.
10.0.14393.351 | 902 | 0 | 16384 | 0 | 0 | 0 | 36028797018963968 | 462 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1.nc-master-1.local | | 1/29/2022 8:42:39 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Time-based license remaining validity time 259165 minutes. | 1037 | 0 | 32768 | 4 | 0 | 0 | 36028797018963968 | 461 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1.nc-master-1.local | | 1/29/2022 8:42:39 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has completed licensing status check.
Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
Licensing Status=
1: 9dfa8ec0-7665-4b9d-b2cb-bfc2dc37c9f4, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0x00000000 180 259165)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )]
| 1003 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 460 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1.nc-master-1.local | | 1/29/2022 8:42:39 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Initialization status for service objects.
C:\windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000
| 1066 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 459 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1.nc-master-1.local | | 1/29/2022 8:42:39 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service is starting.
Parameters:caller=wlms.exe | 900 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 458 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1.nc-master-1.local | | 1/29/2022 8:42:38 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Management Instrumentation Service started sucessfully | 5615 | 2 | | 4 | 0 | 0 | -9223372036854775808 | 457 | Microsoft-Windows-WMI | 1edeee53-0afe-4609-b846-d8c0b2075b1f | Application | 1464 | 1532 | nch1-master-1.nc-master-1.local | S-1-5-18 | 1/29/2022 8:42:37 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The User Profile Service has started successfully.
| 1531 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 456 | Microsoft-Windows-User Profiles Service | 89b1e9f0-5aff-44a6-9b44-0a07a7ce5845 | Application | 1464 | 1492 | nch1-master-1.nc-master-1.local | S-1-5-18 | 1/29/2022 8:42:37 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The User Profile Service has stopped.
| 1532 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 455 | Microsoft-Windows-User Profiles Service | 89b1e9f0-5aff-44a6-9b44-0a07a7ce5845 | Application | 600 | 1740 | nch1-master-1 | S-1-5-18 | 1/29/2022 8:42:14 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The MS DTC service is stopping. | 4111 | 0 | 16384 | 4 | 1 | 0 | 36028797018963968 | 454 | Microsoft-Windows-MSDTC | 719be4ed-e9bc-4dd8-a7cf-c85ce8e4975d | Application | 0 | 0 | nch1-master-1 | | 1/29/2022 8:42:14 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | SVC | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has stopped.
| 903 | 0 | 16384 | 0 | 0 | 0 | 36028797018963968 | 453 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1 | | 1/29/2022 8:34:47 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully scheduled Software Protection service for re-start at 2022-01-30T20:33:47Z. Reason: TBL. | 16384 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 452 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1 | | 1/29/2022 8:34:47 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has started.
10.0.14393.351 | 902 | 0 | 16384 | 0 | 0 | 0 | 36028797018963968 | 451 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1 | | 1/29/2022 8:34:17 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Time-based license remaining validity time 259174 minutes. | 1037 | 0 | 32768 | 4 | 0 | 0 | 36028797018963968 | 450 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1 | | 1/29/2022 8:34:17 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has completed licensing status check.
Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
Licensing Status=
1: 9dfa8ec0-7665-4b9d-b2cb-bfc2dc37c9f4, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0x00000000 180 259174)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )]
| 1003 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 449 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1 | | 1/29/2022 8:34:17 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Initialization status for service objects.
C:\windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000
| 1066 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 448 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1 | | 1/29/2022 8:34:17 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service is starting.
Parameters:caller=wlms.exe | 900 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 447 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1 | | 1/29/2022 8:34:17 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Performance counters for the WmiApRpl (WmiApRpl) service were loaded successfully. The Record Data in the data section contains the new index values assigned to this service. | 1000 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 446 | Microsoft-Windows-LoadPerf | 122ee297-bb47-41ae-b265-1ca8d1886d40 | Application | 4800 | 4876 | nch1-master-1 | S-1-5-18 | 1/29/2022 8:28:00 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Ending session 0 started ?2022?-?01?-?29T20:19:17.500124700Z. | 10001 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 445 | Microsoft-Windows-RestartManager | 0888e5ef-9b98-4695-979d-e92ce4247224 | Application | 4924 | 1332 | nch1-master-1 | S-1-5-21-2871682650-1179182404-4190192590-1001 | 1/29/2022 8:19:24 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Ending a Windows Installer transaction: c:\openstack\tmp\ceph-wnbd.msi. Client Process Id: 4752. | 1042 | | 0 | 4 | 0 | | 36028797018963968 | 444 | MsiInstaller | | Application | | | nch1-master-1 | S-1-5-18 | 1/29/2022 8:19:24 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Installer installed the product. Product Name: Ceph for Windows. Product Version: 1.0.0.0. Product Language: 1033. Manufacturer: Ceph. Installation success or error status: 0. | 1033 | | 0 | 4 | 0 | | 36028797018963968 | 443 | MsiInstaller | | Application | | | nch1-master-1 | S-1-5-21-2871682650-1179182404-4190192590-1001 | 1/29/2022 8:19:23 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Product: Ceph for Windows -- Installation completed successfully. | 11707 | | 0 | 4 | 0 | | 36028797018963968 | 442 | MsiInstaller | | Application | | | nch1-master-1 | S-1-5-21-2871682650-1179182404-4190192590-1001 | 1/29/2022 8:19:23 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Starting session 0 - ?2022?-?01?-?29T20:19:17.500124700Z. | 10000 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 441 | Microsoft-Windows-RestartManager | 0888e5ef-9b98-4695-979d-e92ce4247224 | Application | 4924 | 4400 | nch1-master-1 | S-1-5-21-2871682650-1179182404-4190192590-1001 | 1/29/2022 8:19:17 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Beginning a Windows Installer transaction: c:\openstack\tmp\ceph-wnbd.msi. Client Process Id: 4752. | 1040 | | 0 | 4 | 0 | | 36028797018963968 | 440 | MsiInstaller | | Application | | | nch1-master-1 | S-1-5-21-2871682650-1179182404-4190192590-1001 | 1/29/2022 8:19:17 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successful auto update of third-party root list with effective date: ?Monday, ?October ?18, ?2021 8:14:37 PM. | 4111 | 0 | 0 | 4 | 0 | 0 | -9187343239835811840 | 439 | Microsoft-Windows-CAPI2 | 5bbca4a8-b209-48dc-a8c7-b23d3e5216fb | Application | 1344 | 1908 | nch1-master-1 | | 1/29/2022 8:19:16 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successful auto property update of third-party root certificate:: Subject: <CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE> Sha1 thumbprint: <02FAF3E291435468607857694DF5E45B68851868>. | 4109 | 0 | 0 | 4 | 0 | 0 | -9187343239835811840 | 438 | Microsoft-Windows-CAPI2 | 5bbca4a8-b209-48dc-a8c7-b23d3e5216fb | Application | 1344 | 1908 | nch1-master-1 | | 1/29/2022 8:19:16 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successful auto property update of third-party root certificate:: Subject: <CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US> Sha1 thumbprint: <4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5>. | 4109 | 0 | 0 | 4 | 0 | 0 | -9187343239835811840 | 437 | Microsoft-Windows-CAPI2 | 5bbca4a8-b209-48dc-a8c7-b23d3e5216fb | Application | 1344 | 1908 | nch1-master-1 | | 1/29/2022 8:19:16 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successful auto property update of third-party root certificate:: Subject: <OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US> Sha1 thumbprint: <742C3192E607E424EB4549542BE1BBC53E6174E2>. | 4109 | 0 | 0 | 4 | 0 | 0 | -9187343239835811840 | 436 | Microsoft-Windows-CAPI2 | 5bbca4a8-b209-48dc-a8c7-b23d3e5216fb | Application | 1344 | 1908 | nch1-master-1 | | 1/29/2022 8:19:16 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successful auto property update of third-party root certificate:: Subject: <CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US> Sha1 thumbprint: <A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436>. | 4109 | 0 | 0 | 4 | 0 | 0 | -9187343239835811840 | 435 | Microsoft-Windows-CAPI2 | 5bbca4a8-b209-48dc-a8c7-b23d3e5216fb | Application | 1344 | 1908 | nch1-master-1 | | 1/29/2022 8:19:16 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successful auto property update of third-party root certificate:: Subject: <CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE> Sha1 thumbprint: <D4DE20D05E66FC53FE1A50882C78DB2852CAE474>. | 4109 | 0 | 0 | 4 | 0 | 0 | -9187343239835811840 | 434 | Microsoft-Windows-CAPI2 | 5bbca4a8-b209-48dc-a8c7-b23d3e5216fb | Application | 1344 | 1908 | nch1-master-1 | | 1/29/2022 8:19:16 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successful auto property update of third-party root certificate:: Subject: <CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3> Sha1 thumbprint: <D69B561148F01C77C54578C10926DF5B856976AD>. | 4109 | 0 | 0 | 4 | 0 | 0 | -9187343239835811840 | 433 | Microsoft-Windows-CAPI2 | 5bbca4a8-b209-48dc-a8c7-b23d3e5216fb | Application | 1344 | 1908 | nch1-master-1 | | 1/29/2022 8:19:16 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successful auto property update of third-party root certificate:: Subject: <CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US> Sha1 thumbprint: <DF3C24F9BFD666761B268073FE06D1CC8D4F82A4>. | 4109 | 0 | 0 | 4 | 0 | 0 | -9187343239835811840 | 432 | Microsoft-Windows-CAPI2 | 5bbca4a8-b209-48dc-a8c7-b23d3e5216fb | Application | 1344 | 1908 | nch1-master-1 | | 1/29/2022 8:19:16 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Installer installed the product. Product Name: Ceph for Windows. Product Version: 1.0.0.0. Product Language: 1033. Manufacturer: Ceph. Installation success or error status: 0. | 1033 | | 0 | 4 | 0 | | 36028797018963968 | 431 | MsiInstaller | | Application | | | nch1-master-1 | S-1-5-21-2871682650-1179182404-4190192590-1001 | 1/29/2022 8:19:16 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Ending session 0 started ?2022?-?01?-?29T20:11:25.166710600Z. | 10001 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 430 | Microsoft-Windows-RestartManager | 0888e5ef-9b98-4695-979d-e92ce4247224 | Application | 168 | 3728 | nch1-master-1 | S-1-5-21-2871682650-1179182404-4190192590-1001 | 1/29/2022 8:11:26 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Ending a Windows Installer transaction: C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi. Client Process Id: 4284. | 1042 | | 0 | 4 | 0 | | 36028797018963968 | 429 | MsiInstaller | | Application | | | nch1-master-1 | S-1-5-18 | 1/29/2022 8:11:26 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Installer installed the product. Product Name: Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030. Product Version: 11.0.61030. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 0. | 1033 | | 0 | 4 | 0 | | 36028797018963968 | 428 | MsiInstaller | | Application | | | nch1-master-1 | S-1-5-21-2871682650-1179182404-4190192590-1001 | 1/29/2022 8:11:26 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Product: Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 -- Installation completed successfully. | 11707 | | 0 | 4 | 0 | | 36028797018963968 | 427 | MsiInstaller | | Application | | | nch1-master-1 | S-1-5-21-2871682650-1179182404-4190192590-1001 | 1/29/2022 8:11:26 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Starting session 0 - ?2022?-?01?-?29T20:11:25.166710600Z. | 10000 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 426 | Microsoft-Windows-RestartManager | 0888e5ef-9b98-4695-979d-e92ce4247224 | Application | 168 | 1708 | nch1-master-1 | S-1-5-21-2871682650-1179182404-4190192590-1001 | 1/29/2022 8:11:25 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Ending session 0 started ?2022?-?01?-?29T20:11:24.397837400Z. | 10001 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 425 | Microsoft-Windows-RestartManager | 0888e5ef-9b98-4695-979d-e92ce4247224 | Application | 168 | 3728 | nch1-master-1 | S-1-5-21-2871682650-1179182404-4190192590-1001 | 1/29/2022 8:11:25 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Starting session 0 - ?2022?-?01?-?29T20:11:24.397837400Z. | 10000 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 424 | Microsoft-Windows-RestartManager | 0888e5ef-9b98-4695-979d-e92ce4247224 | Application | 168 | 4592 | nch1-master-1 | S-1-5-21-2871682650-1179182404-4190192590-1001 | 1/29/2022 8:11:24 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Beginning a Windows Installer transaction: C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi. Client Process Id: 4284. | 1040 | | 0 | 4 | 0 | | 36028797018963968 | 423 | MsiInstaller | | Application | | | nch1-master-1 | S-1-5-21-2871682650-1179182404-4190192590-1001 | 1/29/2022 8:11:25 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Ending a Windows Installer transaction: C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi. Client Process Id: 4284. | 1042 | | 0 | 4 | 0 | | 36028797018963968 | 422 | MsiInstaller | | Application | | | nch1-master-1 | S-1-5-18 | 1/29/2022 8:11:25 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Installer installed the product. Product Name: Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030. Product Version: 11.0.61030. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 0. | 1033 | | 0 | 4 | 0 | | 36028797018963968 | 421 | MsiInstaller | | Application | | | nch1-master-1 | S-1-5-21-2871682650-1179182404-4190192590-1001 | 1/29/2022 8:11:25 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Product: Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 -- Installation completed successfully. | 11707 | | 0 | 4 | 0 | | 36028797018963968 | 420 | MsiInstaller | | Application | | | nch1-master-1 | S-1-5-21-2871682650-1179182404-4190192590-1001 | 1/29/2022 8:11:25 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Beginning a Windows Installer transaction: C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi. Client Process Id: 4284. | 1040 | | 0 | 4 | 0 | | 36028797018963968 | 419 | MsiInstaller | | Application | | | nch1-master-1 | S-1-5-21-2871682650-1179182404-4190192590-1001 | 1/29/2022 8:11:24 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Installer reconfigured the product. Product Name: Cloudbase-Init 0.9.12.dev26. Product Version: 0.9.12.0. Product Language: 1033. Manufacturer: Cloudbase Solutions Srl. Reconfiguration success or error status: 0. | 1035 | | 0 | 4 | 0 | | 36028797018963968 | 418 | MsiInstaller | | Application | | | nch1-master-1 | S-1-5-18 | 1/29/2022 8:11:15 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Performance counters for the WmiApRpl (WmiApRpl) service were loaded successfully. The Record Data in the data section contains the new index values assigned to this service. | 1000 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 417 | Microsoft-Windows-LoadPerf | 122ee297-bb47-41ae-b265-1ca8d1886d40 | Application | 1600 | 1612 | nch1-master-1 | S-1-5-18 | 1/29/2022 8:10:28 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successful auto update of third-party root certificate:: Subject: <CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3> Sha1 thumbprint: <D69B561148F01C77C54578C10926DF5B856976AD>. | 4097 | 0 | 0 | 4 | 0 | 0 | -9187343239835811840 | 416 | Microsoft-Windows-CAPI2 | 5bbca4a8-b209-48dc-a8c7-b23d3e5216fb | Application | 1344 | 1704 | nch1-master-1 | | 1/29/2022 8:09:52 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has stopped.
| 903 | 0 | 16384 | 0 | 0 | 0 | 36028797018963968 | 415 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1 | | 1/29/2022 8:08:04 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully scheduled Software Protection service for re-start at 2022-01-30T20:07:04Z. Reason: TBL. | 16384 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 414 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1 | | 1/29/2022 8:08:04 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| SLUI.exe was launched with the following command-line parameters:
RuleId=379cccfb-d4e0-48fe-b0f2-0136097be147;Action=CleanupState;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9dfa8ec0-7665-4b9d-b2cb-bfc2dc37c9f4;Trigger=TimerEvent | 8197 | 0 | 49152 | 4 | 0 | 0 | 36028797018963968 | 413 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1 | | 1/29/2022 8:07:34 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The rules engine successfully re-evaluated the schedule.
Kernel policies:
Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;GraceEndDate=2022/07/28:20:07:33;LastConsumptionReason=0x4004fc04;LastNotificationId=Cleanup;LicenseState=SL_LICENSING_STATUS_LICENSED;PartialProductKey=TVKQ6;ProductKeyType=Retail:TB:Eval;SkuId=9dfa8ec0-7665-4b9d-b2cb-bfc2dc37c9f4;ruleId=379cccfb-d4e0-48fe-b0f2-0136097be147;uxDifferentiator=TIMEBASED_EVAL | 8230 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 412 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1 | | 1/29/2022 8:07:34 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| SLUI.exe was launched with the following command-line parameters:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9dfa8ec0-7665-4b9d-b2cb-bfc2dc37c9f4;NotificationInterval=1440;Trigger=TimerEvent | 8197 | 0 | 49152 | 4 | 0 | 0 | 36028797018963968 | 411 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1 | | 1/29/2022 8:07:33 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Time-based license remaining validity time 259200 minutes. | 1037 | 0 | 32768 | 4 | 0 | 0 | 36028797018963968 | 410 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1 | | 1/29/2022 8:07:33 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has completed licensing status check.
Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
Licensing Status=
1: 9dfa8ec0-7665-4b9d-b2cb-bfc2dc37c9f4, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0x00000000 180 259200)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )]
| 1003 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 409 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1 | | 1/29/2022 8:07:33 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has completed licensing status check.
Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
Licensing Status=
1: 9dfa8ec0-7665-4b9d-b2cb-bfc2dc37c9f4, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0x00000000 180 259200)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )]
| 1003 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 408 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1 | | 1/29/2022 8:07:33 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| These policies are being excluded since they are only defined with override-only attribute.
Policy Names=(Security-SPP-Reserved-EnableNotificationMode)
App Id=55c92734-d682-4d71-983e-d6ec3f16059f
Sku Id=9dfa8ec0-7665-4b9d-b2cb-bfc2dc37c9f4 | 1033 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 407 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1 | | 1/29/2022 8:07:33 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Duplicate definition of policy found. Policy name=Security-SPP-Reserved-LicenseProperties Priority=100 | 1034 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 406 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1 | | 1/29/2022 8:07:33 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Validity period has been started. Validity minutes=259200 Grace type=9. | 1036 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 405 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1 | | 1/29/2022 8:07:33 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The MSA client has been successfully triggered to update the Device License | 12311 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 404 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1 | | 1/29/2022 8:07:31 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully acquired genuine ticket for template Id {99d92734-d682-4d71-983e-d6ec3f16059f} | 12304 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 403 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1 | | 1/29/2022 8:07:31 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Genuine state set to genuine for application Id 55c92734-d682-4d71-983e-d6ec3f16059f | 12305 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 402 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1 | | 1/29/2022 8:07:31 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Genuine validation data collection ended.
| 20489 | 0 | 49152 | 4 | 0 | 0 | 36028797018963968 | 401 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1 | | 1/29/2022 8:07:30 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Duplicate definition of policy found. Policy name=Security-SPP-WriteWauMarker Priority=500 | 1034 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 400 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1 | | 1/29/2022 8:07:30 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Health check passed.
| 20482 | 0 | 49152 | 4 | 0 | 0 | 36028797018963968 | 399 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1 | | 1/29/2022 8:07:29 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Health check initiated.
| 20481 | 0 | 49152 | 4 | 0 | 0 | 36028797018963968 | 398 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1 | | 1/29/2022 8:07:28 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Genuine validation data collection started.
| 20488 | 0 | 49152 | 4 | 0 | 0 | 36028797018963968 | 397 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1 | | 1/29/2022 8:07:22 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Genuine information set for application. 0x00000000, 9dfa8ec0-7665-4b9d-b2cb-bfc2dc37c9f4, SL_ACTIVATION_VALIDATION_IN_PROGRESS.
| 1067 | 0 | 32768 | 4 | 0 | 0 | 36028797018963968 | 396 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1 | | 1/29/2022 8:07:20 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has successfully installed the license.
License Title=XrML 2.1 License - {msft:sl/EUL/ACTIVATED/PRIVATE}
License Id=75d61d45-141d-4167-8147-04c8897b80d7 | 1004 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 395 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1 | | 1/29/2022 8:07:20 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has successfully installed the license.
License Title=XrML 2.1 License - {msft:sl/EUL/ACTIVATED/PUBLIC}
License Id=bebdac4e-d429-48df-ba58-8a0850b6e264 | 1004 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 394 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1 | | 1/29/2022 8:07:20 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Acquisition of End User License was successful.
Sku Id=9dfa8ec0-7665-4b9d-b2cb-bfc2dc37c9f4 | 1013 | 0 | 16384 | 0 | 0 | 0 | 36028797018963968 | 393 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1 | | 1/29/2022 8:07:19 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successful auto update of third-party root certificate:: Subject: <CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US> Sha1 thumbprint: <DF3C24F9BFD666761B268073FE06D1CC8D4F82A4>. | 4097 | 0 | 0 | 4 | 0 | 0 | -9187343239835811840 | 392 | Microsoft-Windows-CAPI2 | 5bbca4a8-b209-48dc-a8c7-b23d3e5216fb | Application | 1344 | 1376 | nch1-master-1 | | 1/29/2022 8:07:18 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The rules engine successfully re-evaluated the schedule.
Kernel policies:
Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;GraceEndDate=2022/02/08:20:03:14;LastConsumptionReason=0x4004f00c;LastNotificationId=NeverActivated;LicenseState=SL_LICENSING_STATUS_IN_GRACE_PERIOD;PartialProductKey=TVKQ6;ProductKeyType=Retail:TB:Eval;SkuId=9dfa8ec0-7665-4b9d-b2cb-bfc2dc37c9f4;ruleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;uxDifferentiator=TIMEBASED_EVAL | 8230 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 391 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1 | | 1/29/2022 8:07:15 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSDTC started with the following settings:
Security Configuration (OFF = 0 and ON = 1):
Allow Remote Administrator = 0,
Network Clients = 0,
Transaction Manager Communication:
Allow Inbound Transactions = 0,
Allow Outbound Transactions = 0,
Transaction Internet Protocol (TIP) = 0,
Enable XA Transactions = 0,
Enable SNA LU 6.2 Transactions = 1,
MSDTC Communications Security = Mutual Authentication Required,
Account = NT AUTHORITY\NetworkService,
Firewall Exclusion Detected = 0
Transaction Bridge Installed = 0
Filtering Duplicate Events = 1
| 4202 | 0 | 16384 | 4 | 2 | 0 | 36028797018963968 | 390 | Microsoft-Windows-MSDTC 2 | 5d9e0020-3761-4f36-90c8-38ce6511bd12 | Application | 0 | 0 | nch1-master-1 | | 1/29/2022 8:06:33 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | TM | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 0 | | 0 | 4 | 0 | | 36028797018963968 | 389 | cloudbase-init | | Application | | | nch1-master-1 | | 1/29/2022 8:05:17 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | | | | | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has completed licensing status check.
Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
Licensing Status=
1: 9dfa8ec0-7665-4b9d-b2cb-bfc2dc37c9f4, 1, 1 [(0 )(1 )(2 )(3 [0x00000000, 0, 1], [(?)( 1 0x00000000)( 6 0x00000000 10 14398)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])]
| 1003 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 388 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1 | | 1/29/2022 8:05:06 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Profile notification of event Create for component {DE3F3560-3032-41B4-B6CF-F703B1B95640} failed, error code is Access is denied.
.
| 1534 | 0 | | 3 | 0 | 0 | -9223372036854775808 | 387 | Microsoft-Windows-User Profiles Service | 89b1e9f0-5aff-44a6-9b44-0a07a7ce5845 | Application | 600 | 3480 | nch1-master-1 | S-1-5-21-2871682650-1179182404-4190192590-1000 | 1/29/2022 8:05:05 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Warning | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Search Service failed to create default configuration for new user 'NCH1-MASTER-1\Admin' in response to user profile creation. Error code 0x80070005.
Access is denied.
. | 6 | 0 | 49152 | 2 | 0 | 0 | 36028797018963968 | 386 | Microsoft-Windows-Search-ProfileNotify | fc6f77dd-769a-470e-bcf9-1b6555a118be | Application | 0 | 0 | nch1-master-1 | | 1/29/2022 8:05:05 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 0 | | 0 | 4 | 0 | | 36028797018963968 | 385 | cloudbase-init | | Application | | | nch1-master-1 | | 1/29/2022 8:04:26 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | | | | | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Search Service has created default configuration for new user 'NCH1-MASTER-1\cloudbase-init' .
| 5 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 384 | Microsoft-Windows-Search-ProfileNotify | fc6f77dd-769a-470e-bcf9-1b6555a118be | Application | 0 | 0 | nch1-master-1 | | 1/29/2022 8:04:23 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successful auto update of third-party root certificate:: Subject: <CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US> Sha1 thumbprint: <A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436>. | 4097 | 0 | 0 | 4 | 0 | 0 | -9187343239835811840 | 383 | Microsoft-Windows-CAPI2 | 5bbca4a8-b209-48dc-a8c7-b23d3e5216fb | Application | 1344 | 1984 | nch1-master-1 | | 1/29/2022 8:04:18 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Management Instrumentation Service subsystems initialized successfully | 5617 | 2 | | 4 | 0 | 0 | -9223372036854775808 | 382 | Microsoft-Windows-WMI | 1edeee53-0afe-4609-b846-d8c0b2075b1f | Application | 600 | 1956 | nch1-master-1 | S-1-5-18 | 1/29/2022 8:04:17 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has completed licensing status check.
Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
Licensing Status=
1: 9dfa8ec0-7665-4b9d-b2cb-bfc2dc37c9f4, 1, 0 [(0 )(1 )(2 )(3 [0x00000000, 0, 1], [(?)( 1 0x00000000)( 6 0x00000000 10 14398)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])]
| 1003 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 381 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1 | | 1/29/2022 8:04:16 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Duplicate definition of policy found. Policy name=Security-SPP-WriteWauMarker Priority=500 | 1034 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 380 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1 | | 1/29/2022 8:04:16 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Management Instrumentation Service started sucessfully | 5615 | 2 | | 4 | 0 | 0 | -9223372036854775808 | 379 | Microsoft-Windows-WMI | 1edeee53-0afe-4609-b846-d8c0b2075b1f | Application | 600 | 1208 | nch1-master-1 | S-1-5-18 | 1/29/2022 8:04:15 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The User Profile Service has started successfully.
| 1531 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 378 | Microsoft-Windows-User Profiles Service | 89b1e9f0-5aff-44a6-9b44-0a07a7ce5845 | Application | 600 | 1740 | nch1-master-1 | S-1-5-18 | 1/29/2022 8:04:15 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Proof of Purchase installed successfully.
ACID=9dfa8ec0-7665-4b9d-b2cb-bfc2dc37c9f4
PKeyId=771fdd12-cf29-6d27-eb0d-9c7435943845 | 1016 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 377 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | nch1-master-1 | | 1/29/2022 8:04:16 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. | 4625 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 376 | Microsoft-Windows-EventSystem | 899daace-4868-4295-afcd-9eb8fb497561 | Application | 0 | 0 | nch1-master-1 | | 1/29/2022 8:04:15 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The User Profile Service has stopped.
| 1532 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 375 | Microsoft-Windows-User Profiles Service | 89b1e9f0-5aff-44a6-9b44-0a07a7ce5845 | Application | 520 | 1488 | WIN-5T344G8GM1H | S-1-5-18 | 1/29/2022 8:03:38 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The VSS service is shutting down due to shutdown event from the Service Control Manager. | 8225 | | 0 | 4 | 0 | | 36028797018963968 | 374 | VSS | | Application | | | WIN-5T344G8GM1H | | 1/29/2022 8:03:38 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successful auto update of disallowed certificate list with effective date: ?Tuesday, ?March ?16, ?2021 7:29:24 AM. | 4112 | 0 | 0 | 4 | 0 | 0 | -9187343239835811840 | 373 | Microsoft-Windows-CAPI2 | 5bbca4a8-b209-48dc-a8c7-b23d3e5216fb | Application | 1704 | 1824 | WIN-5T344G8GM1H | | 1/29/2022 8:02:35 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Volume Shadow Copy Service: Writer with name Microsoft Hyper-V VSS Writer and ID {66841cd4-6ded-4f4b-8f17-fd23f8ddc3de} attempted to subscribe during setup.
Operation:
Initializing Writer
Context:
Writer Class Id: {66841cd4-6ded-4f4b-8f17-fd23f8ddc3de}
Writer Name: Microsoft Hyper-V VSS Writer | 8212 | | 0 | 4 | 0 | | 36028797018963968 | 372 | VSS | | Application | | | WIN-5T344G8GM1H | | 1/29/2022 8:02:34 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Management Instrumentation Service subsystems initialized successfully | 5617 | 2 | | 4 | 0 | 0 | -9223372036854775808 | 371 | Microsoft-Windows-WMI | 1edeee53-0afe-4609-b846-d8c0b2075b1f | Application | 520 | 516 | WIN-5T344G8GM1H | S-1-5-18 | 1/29/2022 8:02:23 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Management Instrumentation Service started sucessfully | 5615 | 2 | | 4 | 0 | 0 | -9223372036854775808 | 370 | Microsoft-Windows-WMI | 1edeee53-0afe-4609-b846-d8c0b2075b1f | Application | 520 | 1556 | WIN-5T344G8GM1H | S-1-5-18 | 1/29/2022 8:02:22 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The User Profile Service has started successfully.
| 1531 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 369 | Microsoft-Windows-User Profiles Service | 89b1e9f0-5aff-44a6-9b44-0a07a7ce5845 | Application | 520 | 1488 | WIN-5T344G8GM1H | S-1-5-18 | 1/29/2022 8:02:22 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Volume Shadow Copy Service: Writer with name Shadow Copy Optimization Writer and ID {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} attempted to subscribe during setup.
Operation:
Initializing Writer
Context:
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer | 8212 | | 0 | 4 | 0 | | 36028797018963968 | 368 | VSS | | Application | | | WIN-5T344G8GM1H | | 1/29/2022 8:02:22 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Volume Shadow Copy Service: Writer with name ASR Writer and ID {be000cbe-11fe-4426-9c58-531aa6355fc4} attempted to subscribe during setup.
Operation:
Initializing Writer
Context:
Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Writer Name: ASR Writer | 8212 | | 0 | 4 | 0 | | 36028797018963968 | 367 | VSS | | Application | | | WIN-5T344G8GM1H | | 1/29/2022 8:02:22 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Volume Shadow Copy Service: Writer with name COM+ REGDB Writer and ID {542da469-d3e1-473c-9f4f-7847f01fc64f} attempted to subscribe during setup.
Operation:
Initializing Writer
Context:
Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
Writer Name: COM+ REGDB Writer | 8212 | | 0 | 4 | 0 | | 36028797018963968 | 366 | VSS | | Application | | | WIN-5T344G8GM1H | | 1/29/2022 8:02:22 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Volume Shadow Copy Service: Writer with name Registry Writer and ID {afbab4a2-367d-4d15-a586-71dbb18f8485} attempted to subscribe during setup.
Operation:
Initializing Writer
Context:
Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
Writer Name: Registry Writer | 8212 | | 0 | 4 | 0 | | 36028797018963968 | 365 | VSS | | Application | | | WIN-5T344G8GM1H | | 1/29/2022 8:02:22 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The User Profile Service has stopped.
| 1532 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 364 | Microsoft-Windows-User Profiles Service | 89b1e9f0-5aff-44a6-9b44-0a07a7ce5845 | Application | 976 | 1228 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:48:13 AM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required.
DETAIL -
9 user registry handles leaked from \Registry\User\S-1-5-21-416071247-492812682-1642729393-500:
Process 764 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-416071247-492812682-1642729393-500\System\GameConfigStore\Parents
Process 764 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-416071247-492812682-1642729393-500\System\GameConfigStore
Process 312 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-416071247-492812682-1642729393-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Process 976 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-416071247-492812682-1642729393-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Process 976 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-416071247-492812682-1642729393-500\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 976 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-416071247-492812682-1642729393-500\SOFTWARE\Microsoft\Internet Explorer\Main
Process 3092 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-416071247-492812682-1642729393-500\SOFTWARE\Microsoft\ActiveSync\Partners
Process 764 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-416071247-492812682-1642729393-500\System\GameConfigStore\Children
Process 976 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-416071247-492812682-1642729393-500\SOFTWARE\Microsoft\Internet Explorer\Security
| 1530 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 363 | Microsoft-Windows-User Profiles Service | 89b1e9f0-5aff-44a6-9b44-0a07a7ce5845 | Application | 976 | 3432 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:48:12 AM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The winlogon notification subscriber <SessionEnv> failed a notification event. | 6001 | 0 | 32768 | 3 | 0 | 0 | 36028797018963968 | 362 | Microsoft-Windows-Winlogon | dbe9b383-7cf3-4331-91cc-a3cb16a3b538 | Application | 0 | 0 | WIN-5T344G8GM1H | | 1/19/2018 9:48:12 AM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Warning | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| SLUI.exe was launched with the following command-line parameters:
RuleId=984306a1-75fc-4a6b-b3f9-8501ba26a448;Action=NotifyUser;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;NotificationInterval=1440;Trigger=TimerEvent | 8197 | 0 | 49152 | 4 | 0 | 0 | 36028797018963968 | 361 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | WIN-5T344G8GM1H | | 1/19/2018 9:48:10 AM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The rules engine successfully re-evaluated the schedule.
Kernel policies:
Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;LastNotificationId=RebootRequired;ruleId=984306a1-75fc-4a6b-b3f9-8501ba26a448 | 8230 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 360 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | WIN-5T344G8GM1H | | 1/19/2018 9:48:10 AM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has completed licensing status check.
Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
Licensing Status=
1: 9dfa8ec0-7665-4b9d-b2cb-bfc2dc37c9f4, 1, 0 [(0 [0xC004D302, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
| 1003 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 359 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | WIN-5T344G8GM1H | | 1/19/2018 9:48:10 AM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Rearm successful for AppId = 55c92734-d682-4d71-983e-d6ec3f16059f, SkuId = (null) - 5 Rearms Remaining. | 12306 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 358 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | WIN-5T344G8GM1H | | 1/19/2018 9:48:10 AM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has started.
10.0.14393.351 | 902 | 0 | 16384 | 0 | 0 | 0 | 36028797018963968 | 357 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | WIN-5T344G8GM1H | | 1/19/2018 9:48:10 AM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has completed licensing status check.
Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
Licensing Status=
1: 9dfa8ec0-7665-4b9d-b2cb-bfc2dc37c9f4, 1, 0 [(0 [0xC004E003, 0, 0], [( 2 0xC004F00F 0 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)( 1 0x00000000)(?)( 2 0xC004F00F 0 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 [0x00000000, 0, 1], [(?)( 1 0x00000000)( 6 0x00000000 10 14400)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])]
| 1003 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 356 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | WIN-5T344G8GM1H | | 1/19/2018 9:48:10 AM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Grace period has been started. Grace days=10 Grace type=6. | 1025 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 355 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | WIN-5T344G8GM1H | | 1/19/2018 9:48:10 AM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Duplicate definition of policy found. Policy name=Security-SPP-WriteWauMarker Priority=500 | 1034 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 354 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | WIN-5T344G8GM1H | | 1/19/2018 9:48:10 AM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The hardware has changed. | 1024 | 0 | 32768 | 4 | 0 | 0 | 36028797018963968 | 353 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | WIN-5T344G8GM1H | | 1/19/2018 9:48:10 AM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Hardware has changed from previous boot.
AppId=55c92734-d682-4d71-983e-d6ec3f16059f, SkuId=9dfa8ec0-7665-4b9d-b2cb-bfc2dc37c9f4. | 1040 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 352 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | WIN-5T344G8GM1H | | 1/19/2018 9:48:09 AM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Initialization status for service objects.
C:\windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000
| 1066 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 351 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | WIN-5T344G8GM1H | | 1/19/2018 9:48:09 AM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service is starting.
Parameters:caller=Sysprep.exe | 900 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 350 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | WIN-5T344G8GM1H | | 1/19/2018 9:48:09 AM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The MS DTC service is stopping. | 4111 | 0 | 16384 | 4 | 1 | 0 | 36028797018963968 | 349 | Microsoft-Windows-MSDTC | 719be4ed-e9bc-4dd8-a7cf-c85ce8e4975d | Application | 0 | 0 | WIN-5T344G8GM1H | | 1/19/2018 9:47:34 AM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | SVC | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |