| 0x30000009 | Send |
Send |
| 0x50000002 | Error |
Error |
| 0x50000003 | Warning |
Warning |
| 0x50000004 | Information |
Information |
| 0x70000001 | API |
API |
| 0x70000002 | Attest |
Attest |
| 0x70000003 | Http |
Http |
| 0x70000004 | Rtpm |
Rtpm |
| 0x70000005 | Kps |
Kps |
| 0x90000001 | Microsoft-Windows-HostGuardianService-Client/Admin |
Microsoft-Windows-HostGuardianService-Client/Admin |
| 0x90000002 | Microsoft-Windows-HostGuardianService-Client/Operational |
Microsoft-Windows-HostGuardianService-Client/Operational |
| 0x90000003 | Microsoft-Windows-HostGuardianService-Client/Debug |
Microsoft-Windows-HostGuardianService-Client/Debug |
| 0x90000004 | Microsoft-Windows-HostGuardianService-Client/Analytic |
Microsoft-Windows-HostGuardianService-Client/Analytic |
| 0xB0000064 | %1 |
%1 |
| 0xB0000070 | Started operation '%1'. |
Started operation '%1'. |
| 0xB0000071 | Operation '%1' ended with result: '%2'. |
Operation '%1' ended with result: '%2'. |
| 0xB00000C8 | A new ActivityID has been generated. |
A new ActivityID has been generated. |
| 0xB00003EA | Remote attestation initiated. |
Remote attestation initiated. |
| 0xB00003EB | Remote attestation completed.%nOperationMode: %1%nStatus: %2%nSubstatus: %3 |
Remote attestation completed.%nOperationMode: %1%nStatus: %2%nSubstatus: %3 |
| 0xB00003EC | ClientAttestationHttpRequestSend: HostId %1 |
ClientAttestationHttpRequestSend: HostId %1 |
| 0xB00003ED | ClientAttestationHttpResponseReceived: %1 |
ClientAttestationHttpResponseReceived: %1 |
| 0xB00003EE | ClientAttestationHttpError: %1 |
ClientAttestationHttpError: %1 |
| 0xB00003EF | The remote attestation request failed because this host is not included in the authorized list of host endorsement keys (EKs) on the attestation server. Error: %1 . To add this host to the authorized list of host EKs, perform the following steps:%n 1. On this host, run the Get-PlatformIdentifier cmdlet to retrieve the host EK in the form of a XML file.%n 2. On the Attestation server, run the Add-HgsAttestationTpmHost cmdlet, specifying the XML file generated by the Get-PlatformIdentifier cmdlet.%nEvent IDs 1007 and 3007 represent the same event. |
The remote attestation request failed because this host is not included in the authorized list of host endorsement keys (EKs) on the attestation server. Error: %1 . To add this host to the authorized list of host EKs, perform the following steps:%n 1. On this host, run the Get-PlatformIdentifier cmdlet to retrieve the host EK in the form of a XML file.%n 2. On the Attestation server, run the Add-HgsAttestationTpmHost cmdlet, specifying the XML file generated by the Get-PlatformIdentifier cmdlet.%nEvent IDs 1007 and 3007 represent the same event. |
| 0xB00003F0 | The remote attestation request failed because the host did not start with Secure Boot enabled or the Secure Boot settings and TPM measurements did not match a valid baseline host. Error: %1. To ensure a successful attestation request, verify that the host configuration matches a valid baseline host. If this is a baseline host, you must first perform the following steps:%n 1. On this host, run the Get-HgsAttestationBaselinePolicy cmdlet to generate a policy file.%n 2. On the attestation server, run the Add-HgsAttestationTpmPolicy cmdlet, specifying the policy file generated by the Get-HgsAttestationBaselinePolicy cmdlet. This adds the policy as a valid baseline TPM policy.%nEvent IDs 1008 and 3008 represent the same event. |
The remote attestation request failed because the host did not start with Secure Boot enabled or the Secure Boot settings and TPM measurements did not match a valid baseline host. Error: %1. To ensure a successful attestation request, verify that the host configuration matches a valid baseline host. If this is a baseline host, you must first perform the following steps:%n 1. On this host, run the Get-HgsAttestationBaselinePolicy cmdlet to generate a policy file.%n 2. On the attestation server, run the Add-HgsAttestationTpmPolicy cmdlet, specifying the policy file generated by the Get-HgsAttestationBaselinePolicy cmdlet. This adds the policy as a valid baseline TPM policy.%nEvent IDs 1008 and 3008 represent the same event. |
| 0xB00003F1 | The remote attestation request failed because this host's Code Integrity policy does not match a valid Code Integrity policy on the attestation server. Error: %1. To ensure a successful attestation request, verify that this host is configured with a valid Code Integrity policy. For help, refer to http://go.microsoft.com/fwlink/?LinkId=734772%nEvent IDs 1009 and 3009 represent the same event. |
The remote attestation request failed because this host's Code Integrity policy does not match a valid Code Integrity policy on the attestation server. Error: %1. To ensure a successful attestation request, verify that this host is configured with a valid Code Integrity policy. For help, refer to http://go.microsoft.com/fwlink/?LinkId=734772%nEvent IDs 1009 and 3009 represent the same event. |
| 0xB00003F2 | The remote attestation request failed because this host is not part of an Active Directory host group which is authorized by the attestation server. Error: %1. To ensure a successful attestation request, verify that the host is a member of an authorized Active Directory host group. If the Active Directory host group is not authorized by the Attestation server, you must first perform the following steps:%n 1. On the attestation server, run the Add-HgsAttestationHostGroup cmdlet to add it as a valid Active Directory host group.%nEvent IDs 1010 and 3010 represent the same event. |
The remote attestation request failed because this host is not part of an Active Directory host group which is authorized by the attestation server. Error: %1. To ensure a successful attestation request, verify that the host is a member of an authorized Active Directory host group. If the Active Directory host group is not authorized by the Attestation server, you must first perform the following steps:%n 1. On the attestation server, run the Add-HgsAttestationHostGroup cmdlet to add it as a valid Active Directory host group.%nEvent IDs 1010 and 3010 represent the same event. |
| 0xB00003F4 | Determining TPM endorsement key failed. Error: %1 |
Determining TPM endorsement key failed. Error: %1 |
| 0xB00003F5 | The remote attestation request failed because of a TPM error. Try clearing and reprovisioning the TPM. Error: %1%nEvent IDs 1013 and 3013 represent the same event. |
The remote attestation request failed because of a TPM error. Try clearing and reprovisioning the TPM. Error: %1%nEvent IDs 1013 and 3013 represent the same event. |
| 0xB00003F6 | Connection to %1 failed. Reconnecting to another IP. |
Connection to %1 failed. Reconnecting to another IP. |
| 0xB00003F7 | Switching to Active Directory attestation mode. |
Switching to Active Directory attestation mode. |
| 0xB00003F8 | Connecting to Remote Attestation service at %1 |
Connecting to Remote Attestation service at %1 |
| 0xB00003F9 | Reconnecting to Remote Attestation service at %1 |
Reconnecting to Remote Attestation service at %1 |
| 0xB00003FA | Remote attestation succeeded and returned a health certificate with the thumbprint %1. |
Remote attestation succeeded and returned a health certificate with the thumbprint %1. |
| 0xB00003FB | The remote attestation request failed because the Remote Attestation Service could not be reached.%nEvent IDs 1019 and 3019 represent the same event. |
The remote attestation request failed because the Remote Attestation Service could not be reached.%nEvent IDs 1019 and 3019 represent the same event. |
| 0xB00003FC | The remote attestation request failed. Error: %1. For help, see http://go.microsoft.com/fwlink/?LinkId=735076%nEvent IDs 1020 and 3020 represent the same event. |
The remote attestation request failed. Error: %1. For help, see http://go.microsoft.com/fwlink/?LinkId=735076%nEvent IDs 1020 and 3020 represent the same event. |
| 0xB00003FD | The remote attestation request failed because this host was not booted correctly. Error: %1. To ensure a successful attestation request, verify that the host's most recent boot was a full boot.%nEvent IDs 1021 and 3021 represent the same event. |
The remote attestation request failed because this host was not booted correctly. Error: %1. To ensure a successful attestation request, verify that the host's most recent boot was a full boot.%nEvent IDs 1021 and 3021 represent the same event. |
| 0xB00003FE | The remote attestation request failed because at least one Debug Mode is enabled among Hypervisor, Boot, UEFI, and Kernel.%nEvent IDs 1022 and 3022 represent the same event. |
The remote attestation request failed because at least one Debug Mode is enabled among Hypervisor, Boot, UEFI, and Kernel.%nEvent IDs 1022 and 3022 represent the same event. |
| 0xB00003FF | Determining TPM endorsement key failed. Switching to Active Directory attestation mode. |
Determining TPM endorsement key failed. Switching to Active Directory attestation mode. |
| 0xB0000400 | The remote attestation request failed because this host was not configured properly. Error: %1. To ensure a successful attestation request, verify that the host's configuration contains an attestation service URL that is valid.%nEvent IDs 1024 and 3024 represent the same event. |
The remote attestation request failed because this host was not configured properly. Error: %1. To ensure a successful attestation request, verify that the host's configuration contains an attestation service URL that is valid.%nEvent IDs 1024 and 3024 represent the same event. |
| 0xB0000401 | The remote attestation request failed because Isolated User Mode could not be detected. Verify that the Isolated User Mode feature is installed and that Virtualization Based Security has not been disabled manually or by local/domain-level policy.%nEvent IDs 1025 and 3025 represent the same event. |
The remote attestation request failed because Isolated User Mode could not be detected. Verify that the Isolated User Mode feature is installed and that Virtualization Based Security has not been disabled manually or by local/domain-level policy.%nEvent IDs 1025 and 3025 represent the same event. |
| 0xB0000402 | The remote attestation request failed because the TPM measurements were not valid. This can happen when the host utilizes unsupported TPM configurations, the Host Guardian Service client version is not supported by the server, or an attempt to tamper with the TPM Measurements was made. Some PXE boot environments can also cause this issue; for help, refer to http://go.microsoft.com/fwlink/?LinkId=734770%nEvent IDs 1026 and 3026 represent the same event. |
The remote attestation request failed because the TPM measurements were not valid. This can happen when the host utilizes unsupported TPM configurations, the Host Guardian Service client version is not supported by the server, or an attempt to tamper with the TPM Measurements was made. Some PXE boot environments can also cause this issue; for help, refer to http://go.microsoft.com/fwlink/?LinkId=734770%nEvent IDs 1026 and 3026 represent the same event. |
| 0xB0000403 | The remote attestation request failed because the Host Guardian Service did not return a health certificate, but no reason was given.%nEvent IDs 1027 and 3027 represent the same event. |
The remote attestation request failed because the Host Guardian Service did not return a health certificate, but no reason was given.%nEvent IDs 1027 and 3027 represent the same event. |
| 0xB0000404 | The remote attestation request failed because the host did not start with pagefile encryption enabled.%nEvent IDs 1028 and 3028 represent the same event. |
The remote attestation request failed because the host did not start with pagefile encryption enabled.%nEvent IDs 1028 and 3028 represent the same event. |
| 0xB0000405 | The remote attestation request failed because IOMMU was not required by the hypervisor. Verify that IOMMU is enabled and that it is explicity required for Virtual Secure Mode to launch. For help, refer to http://go.microsoft.com/fwlink/?LinkId=734842%nEvent IDs 1029 and 3029 represent the same event. |
The remote attestation request failed because IOMMU was not required by the hypervisor. Verify that IOMMU is enabled and that it is explicity required for Virtual Secure Mode to launch. For help, refer to http://go.microsoft.com/fwlink/?LinkId=734842%nEvent IDs 1029 and 3029 represent the same event. |
| 0xB0000406 | The remote attestation request failed because the host did not start with BitLocker enabled.%nEvent IDs 1030 and 3030 represent the same event. |
The remote attestation request failed because the host did not start with BitLocker enabled.%nEvent IDs 1030 and 3030 represent the same event. |
| 0xB0000407 | The remote attestation request failed because code integrity was not required by the hypervisor. Verify that code integrity is enabled and that it is being enforced by the hypervisor. For help, please refer to http://go.microsoft.com/fwlink/?LinkId=734841%nEvent IDs 1031 and 3031 represent the same event. |
The remote attestation request failed because code integrity was not required by the hypervisor. Verify that code integrity is enabled and that it is being enforced by the hypervisor. For help, please refer to http://go.microsoft.com/fwlink/?LinkId=734841%nEvent IDs 1031 and 3031 represent the same event. |
| 0xB0000408 | The remote attestation request failed but no reason was given. This typically indicates that the Host Guardian Service has not been fully configured with valid attestation policies. If policies have been registered with the Host Guardian Service already, verify the functionality of the server and try again.%nEvent IDs 1032 and 3032 represent the same event. |
The remote attestation request failed but no reason was given. This typically indicates that the Host Guardian Service has not been fully configured with valid attestation policies. If policies have been registered with the Host Guardian Service already, verify the functionality of the server and try again.%nEvent IDs 1032 and 3032 represent the same event. |
| 0xB0000409 | Switching to TPM attestation mode. |
Switching to TPM attestation mode. |
| 0xB000040A | The remote attestation request failed because the Host Guardian Service is using TPM-based attestation, but this host lacks the required TPM 2.0 module.%nEvent IDs 1034 and 3034 represent the same event. |
The remote attestation request failed because the Host Guardian Service is using TPM-based attestation, but this host lacks the required TPM 2.0 module.%nEvent IDs 1034 and 3034 represent the same event. |
| 0xB000040B | The remote attestation request failed because the Host Guardian Service could not be contacted. This happens when the request can reach the server but the service either does not respond or responds with an unknown HTTP error. Verify that the Host Guardian Service is registered, started, and fully operational.%nError: %1%nEvent IDs 1035 and 3035 represent the same event. |
The remote attestation request failed because the Host Guardian Service could not be contacted. This happens when the request can reach the server but the service either does not respond or responds with an unknown HTTP error. Verify that the Host Guardian Service is registered, started, and fully operational.%nError: %1%nEvent IDs 1035 and 3035 represent the same event. |
| 0xB000040C | The remote attestation request failed because it could not authenticate to the Host Guardian Service. This can occur when using HTTPS with an invalid or untrusted certificate, or when using Active Directory-based attestation without configuring trust between this host's domain and the Host Guardian Service domain, preventing NTLM and Kerberos authentication from succeeding.%nError: %1%nEvent IDs 1036 and 3036 represent the same event. |
The remote attestation request failed because it could not authenticate to the Host Guardian Service. This can occur when using HTTPS with an invalid or untrusted certificate, or when using Active Directory-based attestation without configuring trust between this host's domain and the Host Guardian Service domain, preventing NTLM and Kerberos authentication from succeeding.%nError: %1%nEvent IDs 1036 and 3036 represent the same event. |
| 0xB000040D | The remote attestation request failed because the host started with hibernation enabled. For help, refer to http://go.microsoft.com/fwlink/?LinkId=824147%nEvent IDs 1037 and 3037 represent the same event. |
The remote attestation request failed because the host started with hibernation enabled. For help, refer to http://go.microsoft.com/fwlink/?LinkId=824147%nEvent IDs 1037 and 3037 represent the same event. |
| 0xB000040E | The remote attestation request failed because the host started with dumps enabled. For help, refer to http://go.microsoft.com/fwlink/?LinkId=824148%nEvent IDs 1038 and 3038 represent the same event. |
The remote attestation request failed because the host started with dumps enabled. For help, refer to http://go.microsoft.com/fwlink/?LinkId=824148%nEvent IDs 1038 and 3038 represent the same event. |
| 0xB000040F | The remote attestation request failed because the host did not start with dump encryption enabled. For help, refer to http://go.microsoft.com/fwlink/?LinkId=824149%nEvent IDs 1039 and 3039 represent the same event. |
The remote attestation request failed because the host did not start with dump encryption enabled. For help, refer to http://go.microsoft.com/fwlink/?LinkId=824149%nEvent IDs 1039 and 3039 represent the same event. |
| 0xB0000410 | The remote attestation request failed because the host's dump encryption key protector does not match any registered with the attestation server. Error:%1. If this is a valid host, you must first perform the following steps:%n 1. On the host, configure dump encryption with a certificate.%n 2. On the Attestation server, run the Add-HgsAttestationDumpPolicy cmdlet, specifying the SHA256 hash of the public key blob configured on the host.%nEvent IDs 1040 and 3040 represent the same event. |
The remote attestation request failed because the host's dump encryption key protector does not match any registered with the attestation server. Error:%1. If this is a valid host, you must first perform the following steps:%n 1. On the host, configure dump encryption with a certificate.%n 2. On the Attestation server, run the Add-HgsAttestationDumpPolicy cmdlet, specifying the SHA256 hash of the public key blob configured on the host.%nEvent IDs 1040 and 3040 represent the same event. |
| 0xB0000411 | Local attestation initiated. |
Local attestation initiated. |
| 0xB0000412 | No local health signing certificate was found. Attempting to generate a new certificate. |
No local health signing certificate was found. Attempting to generate a new certificate. |
| 0xB00007D0 | The requested WMI operation failed because access is denied. You must be a member of the local 'Administrators' or 'NT VIRTUAL MACHINE\\Virtual Machines' groups. |
The requested WMI operation failed because access is denied. You must be a member of the local 'Administrators' or 'NT VIRTUAL MACHINE\\Virtual Machines' groups. |
| 0xB00007D1 | The required value '%1' in registry key '%2' was not found. |
The required value '%1' in registry key '%2' was not found. |
| 0xB00007D2 | Successfully opened Shielded VM Local Certificates store. |
Successfully opened Shielded VM Local Certificates store. |
| 0xB00007D3 | No health signing certificate was found. Attempting to generate a new certificate. |
No health signing certificate was found. Attempting to generate a new certificate. |
| 0xB00007D4 | Unable to retrieve the VSM IDK while generating a local health certificate: %1 |
Unable to retrieve the VSM IDK while generating a local health certificate: %1 |
| 0xB00007D5 | Unable to retrieve the local health certificate: %1 |
Unable to retrieve the local health certificate: %1 |
| 0xB00007D6 | Failed to roll the transport key: %1 |
Failed to roll the transport key: %1 |
| 0xB00007D7 | No signing certificates were found in the Shielded VM Local Certificates store. |
No signing certificates were found in the Shielded VM Local Certificates store. |
| 0xB00007D8 | No encryption certificates were found in the Shielded VM Local Certificates store. |
No encryption certificates were found in the Shielded VM Local Certificates store. |
| 0xB00007D9 | Initiating unwrap of key protector. |
Initiating unwrap of key protector. |
| 0xB00007DA | Initiating creation of a new of key protector. |
Initiating creation of a new of key protector. |
| 0xB00007DB | Adding a guardian with signing certificate %1 and encryption certificate %2 to a key protector. |
Adding a guardian with signing certificate %1 and encryption certificate %2 to a key protector. |
| 0xB00007DC | Initiating privileged unwrap of key protector. |
Initiating privileged unwrap of key protector. |
| 0xB00007DD | Instantiating Host Guardian Service client in %1 mode. |
Instantiating Host Guardian Service client in %1 mode. |
| 0xB00007DE | The Host Guardian Service Client failed to unwrap a Key Protector on behalf of a calling process. This event will normally correspond to a failure to start up a guarded virtual machine. Consult the description for further details. This could be related to an attestation issue, a Key Protection Server issue, or a network connectivity issue:%n%n%1 |
The Host Guardian Service Client failed to unwrap a Key Protector on behalf of a calling process. This event will normally correspond to a failure to start up a guarded virtual machine. Consult the description for further details. This could be related to an attestation issue, a Key Protection Server issue, or a network connectivity issue:%n%n%1 |
| 0xB00007DF | The Host Guardian Service Client successfully unwrapped a Key Protector on behalf of a calling process. |
The Host Guardian Service Client successfully unwrapped a Key Protector on behalf of a calling process. |
| 0xB00007E0 | The signing certificate need set 'DigitalSignature' key usage. |
The signing certificate need set 'DigitalSignature' key usage. |
| 0xB00007E1 | The encryption certificate need set 'DataEncipherment' key usage. |
The encryption certificate need set 'DataEncipherment' key usage. |
| 0xB00007E2 | Failures rolling the transport key as the health certificate is invalid. ErrorCode: %1, Validation Status: %2, Message: %3 |
Failures rolling the transport key as the health certificate is invalid. ErrorCode: %1, Validation Status: %2, Message: %3 |
| 0xB00007E3 | Raw certificate dump. Length(bytes)=%1 -- %2 |
Raw certificate dump. Length(bytes)=%1 -- %2 |
| 0xB00007E4 | The Host Guardian Service Client reused a cached health certificate issued in %1 mode that is valid until %2. |
The Host Guardian Service Client reused a cached health certificate issued in %1 mode that is valid until %2. |
| 0xB00007E5 | The Host Guardian Service Client could not contact the Host Guardian Service. The client will reattempt the operation using the following settings:%n%nAttestationServerUrl: %1%nKeyProtectionServerUrl: %2 |
The Host Guardian Service Client could not contact the Host Guardian Service. The client will reattempt the operation using the following settings:%n%nAttestationServerUrl: %1%nKeyProtectionServerUrl: %2 |
| 0xD0000001 | NotConfigured |
NotConfigured |
| 0xD0000002 | TPM |
TPM |
| 0xD0000003 | ActiveDirectory |
ActiveDirectory |
| 0xD0000005 | Unknown |
Unknown |
| 0xD0000006 | Passed |
Passed |
| 0xD0000007 | Expired |
Expired |
| 0xD0000008 | TransientError |
TransientError |
| 0xD0000009 | UnauthorizedHost |
UnauthorizedHost |
| 0xD000000A | TpmError |
TpmError |
| 0xD000000B | InsecureHostConfiguration |
InsecureHostConfiguration |
| 0xD000000D | Local |
Local |
| 0xD000000E | SecureHostingService |
SecureHostingService |
| 0xD000000F | UnitTest |
UnitTest |
| 0xD0000010 | Success |
Success |
| 0xD0000011 | CertificateMalformed |
CertificateMalformed |
| 0xD0000012 | NoAttestationCertificates |
NoAttestationCertificates |
| 0xD0000013 | CertificateChainError |
CertificateChainError |
| 0xD0000014 | CertificateNotTrusted |
CertificateNotTrusted |
| 0xD0000015 | ExtraValidationFailure |
ExtraValidationFailure |
| 0xF0000001 | NoInformation |
NoInformation |
| 0xF0000002 | SecureBoot |
SecureBoot |
| 0xF0000003 | DebugMode |
DebugMode |
| 0xF0000004 | CodeIntegrityPolicy |
CodeIntegrityPolicy |
| 0xF0000005 | FullBoot |
FullBoot |
| 0xF0000006 | HostUnreachable |
HostUnreachable |
| 0xF0000007 | ServiceUnavailable |
ServiceUnavailable |
| 0xF0000008 | AuthenticationFailure |
AuthenticationFailure |
| 0xF0000009 | TcgLogVerification |
TcgLogVerification |
| 0xF000000A | VirtualSecureMode |
VirtualSecureMode |
| 0xF000000B | SecureBootSettings |
SecureBootSettings |
| 0xF000000C | BitLocker |
BitLocker |
| 0xF000000D | Iommu |
Iommu |
| 0xF000000E | PagefileEncryption |
PagefileEncryption |
| 0xF000000F | HypervisorEnforcedCodeIntegrityPolicy |
HypervisorEnforcedCodeIntegrityPolicy |
| 0xF0000010 | UnsupportedHardware |
UnsupportedHardware |