Microsoft-Windows-RemoteAccess-MgmtClient
231 events across 3 channels
Event ID 100
#Description
Started reverting the configuration.
Event ID 100: Started reverting the configuration.
#Description
Started reverting the configuration.
Message #
Event ID 101: Finished reverting the configuration.
#Event ID 102
#Description
Started exporting the VPN profile.
Event ID 102: Started exporting the VPN profile.
#Description
Started exporting the VPN profile.
Message #
Event ID 103: Finished exporting the VPN profile.
#Event ID 104
#Description
Started enabling VPN.
Event ID 105: Finished enabling VPN.
#Event ID 106
#Description
Started disabling VPN.
Event ID 107: Finished disabling VPN.
#Event ID 108
#Description
Started the Enable DirectAccess Wizard.
Event ID 108: Started the Enable DirectAccess Wizard.
#Description
Started the Enable DirectAccess Wizard.
Message #
Event ID 109
#Description
Finished the Enable DirectAccess Wizard.
Fields #
| Name | Description |
|---|---|
result Boolean |
Event ID 109: Finished the Enable DirectAccess Wizard.
#Event ID 110
#Description
Started generating report.
Event ID 111
#Description
Finished generating report.
Event ID 112
#Description
Started the Add Application Server Wizard.
Event ID 112: Started the Add Application Server Wizard.
#Description
Started the Add Application Server Wizard.
Message #
Event ID 113
#Description
Finished the Add Application Server Wizard.
Fields #
| Name | Description |
|---|---|
result Boolean |
Event ID 113: Finished the Add Application Server Wizard.
#Event ID 114
#Description
Started configuring the refresh interval.
Event ID 114: Started configuring the refresh interval.
#Description
Started configuring the refresh interval.
Message #
Event ID 115
#Description
Finished configuring the refresh interval.
Event ID 115: Finished configuring the refresh interval.
#Description
Finished configuring the refresh interval.
Message #
Event ID 116
#Description
Started disconnecting VPN clients.
Event ID 116: Started disconnecting VPN clients.
#Description
Started disconnecting VPN clients.
Message #
Event ID 117
#Description
Finished disconnecting VPN clients.
Event ID 117: Finished disconnecting VPN clients.
#Description
Finished disconnecting VPN clients.
Message #
Event ID 118
#Description
Started loading the accounting configuration.
Event ID 118: Started loading the accounting configuration.
#Description
Started loading the accounting configuration.
Message #
Event ID 119
#Description
Finished loading the accounting configuration.
Event ID 119: Finished loading the accounting configuration.
#Description
Finished loading the accounting configuration.
Message #
Event ID 120
#Description
Started enabling VPN site-to-site.
Event ID 120: Started enabling VPN site-to-site.
#Description
Started enabling VPN site-to-site.
Message #
Event ID 121: Finished enabling VPN site-to-site.
#Event ID 122
#Description
Started disabling site-to-site VPN.
Event ID 122: Started disabling site-to-site VPN.
#Description
Started disabling site-to-site VPN.
Message #
Event ID 123: Finished disabling site-to-site VPN.
#Event ID 124
#Description
Started updating internal resources accessed by clients (Reporting page events).
Event ID 124: Started updating internal resources accessed by clients (Reporting page events).
#Description
Started updating internal resources accessed by clients (Reporting page events).
Message #
Event ID 125
#Description
Finished updating internal resources accessed by clients (Reporting page events).
Event ID 125: Finished updating internal resources accessed by clients (Reporting page events).
#Description
Finished updating internal resources accessed by clients (Reporting page events).
Message #
Event ID 200
#Description
Started the Remote Access Server Setup Wizard.
Event ID 200: Started the Remote Access Server Setup Wizard.
#Description
Started the Remote Access Server Setup Wizard.
Message #
Event ID 201
#Description
Finished the Remote Access Server Setup Wizard.
Event ID 201: Finished the Remote Access Server Setup Wizard.
#Description
Finished the Remote Access Server Setup Wizard.
Message #
Event ID 202
#Description
Started the DirectAccess Client Setup Wizard.
Event ID 202: Started the DirectAccess Client Setup Wizard.
#Description
Started the DirectAccess Client Setup Wizard.
Message #
Event ID 203
#Description
Finished the DirectAccess Client Setup Wizard.
Event ID 203: Finished the DirectAccess Client Setup Wizard.
#Description
Finished the DirectAccess Client Setup Wizard.
Message #
Event ID 204
#Description
Started the Infrastructure Server Setup Wizard.
Event ID 204: Started the Infrastructure Server Setup Wizard.
#Description
Started the Infrastructure Server Setup Wizard.
Message #
Event ID 205
#Description
Finished the Infrastructure Server Setup Wizard.
Event ID 205: Finished the Infrastructure Server Setup Wizard.
#Description
Finished the Infrastructure Server Setup Wizard.
Message #
Event ID 206
#Description
Started automatic discovery of management servers.
Event ID 206: Started automatic discovery of management servers.
#Description
Started automatic discovery of management servers.
Message #
Event ID 207
#Description
Finished automatic discovery of management servers.
Fields #
| Name | Description |
|---|---|
Result Boolean |
Event ID 207: Finished automatic discovery of management servers.
#Event ID 208: One or more CA servers defined for OTP no longer exist: InvalidCAServers.
#Event ID 300
#Description
Started loading remote client details.
Event ID 300: Started loading remote client details.
#Description
Started loading remote client details.
Message #
Event ID 301
#Description
Finished loading remote client details.
Event ID 301: Finished loading remote client details
#Description
Finished loading remote client details.
Message #
Event ID 302
#Description
Started refreshing monitoring data.
Event ID 302: Started refreshing monitoring data.
#Description
Started refreshing monitoring data.
Message #
Event ID 303
#Description
Finished refreshing monitoring data.
Event ID 303: Finished refreshing monitoring data.
#Description
Finished refreshing monitoring data.
Message #
Event ID 304
#Description
Started updating internal resources accessed by clients (Monitoring page events).
Event ID 304: Started updating internal resources accessed by clients (Monitoring page events).
#Description
Started updating internal resources accessed by clients (Monitoring page events).
Message #
Event ID 305
#Description
Finished updating internal resources accessed by clients (Monitoring page events).
Event ID 305: Finished updating internal resources accessed by clients (Monitoring page events).
#Description
Finished updating internal resources accessed by clients (Monitoring page events).
Message #
Event ID 306
#Description
Started loading the Operations Status page.
Event ID 306: Started loading the Operations Status page.
#Description
Started loading the Operations Status page.
Message #
Event ID 307
#Description
Finished loading the Operations Status page.
Event ID 307: Finished loading the Operations Status page.
#Description
Finished loading the Operations Status page.
Message #
Event ID 308
#Description
Started loading performance counters.
Event ID 308: Started loading performance counters.
#Description
Started loading performance counters.
Message #
Event ID 309
#Description
Finished loading performance counters.
Event ID 309: Finished loading performance counters.
#Description
Finished loading performance counters.
Message #
Event ID 310
#Description
Started loading reporting.
Event ID 311
#Description
Finished loading reporting.
Event ID 401
#Description
Started applying accounting configuration settings.
Event ID 401: Started applying accounting configuration settings
#Description
Started applying accounting configuration settings.
Message #
Event ID 402
#Description
Finished applying accounting configuration settings.
Event ID 402: Finished applying accounting configuration settings.
#Description
Finished applying accounting configuration settings.
Message #
Event ID 403
#Description
Started clearing the inbox accounting store.
Event ID 403: Started clearing the inbox accounting store.
#Description
Started clearing the inbox accounting store.
Message #
Event ID 404
#Description
Finished clearing the inbox accounting store.
Event ID 404: Finished clearing the inbox accounting store.
#Description
Finished clearing the inbox accounting store.
Message #
Event ID 900: Started applying the configuration.
#Description
Started applying the configuration.
Message #
Event ID 901: Finished applying the configuration successfully.
#Description
Finished applying the configuration successfully.
Message #
Event ID 902: Applying the configuration failed.
#Description
Applying the configuration failed.
Message #
Event ID 903
#Description
Started a change in the workspace.
Fields #
| Name | Description |
|---|---|
OldWorkspace UnicodeString | |
NewWorkspace UnicodeString |
Event ID 903: Started a change in the workspace.
#Event ID 904
#Description
Finished a change in the workspace.
Fields #
| Name | Description |
|---|---|
OldWorkspace UnicodeString | |
NewWorkspace UnicodeString |
Event ID 904: Finished a change in the workspace.
#Event ID 905
#Description
Started the DirectAccess prerequisites check.
Event ID 905: Started the DirectAccess prerequisites check.
#Description
Started the DirectAccess prerequisites check.
Message #
Event ID 906
#Description
Finished the DirectAccess prerequisites check successfully.
Event ID 906: Finished the DirectAccess prerequisites check successfully.
#Description
Finished the DirectAccess prerequisites check successfully.
Message #
Event ID 907
#Description
Finished the DirectAccess prerequisites check. Some or all prerequisites failed.
Event ID 907: Finished the DirectAccess prerequisites check.
#Description
Finished the DirectAccess prerequisites check. Some or all prerequisites failed.
Message #
Event ID 10001: Prerequisite checks failed.
#Event ID 10002: Prerequisite checks succeeded with warnings.
#Event ID 10003: Prequisite checks succeeded.
#Event ID 10004: DirectAccess has been configured for DAInstallType using a Kerberos proxy.
#Event ID 10005: The IP address or name to which remote clients connect is ConnectToAddress.
#Event ID 10006: The network location server is located on NLSLocation.
#Event ID 10007: A NodeType GPO (GPOName) was created.
#Event ID 10008: The NodeType GPO GPOName was removed from the Remote Access deployment.
#Event ID 10009: SGType security group (SGList) was added to the Remote Access deployment.
#Event ID 10010: SGType security group (SGList) was removed from the Remote Access deployment.
#Event ID 10011: DAConfiguration has been enabled for Remote Access.
#Event ID 10012: DAConfiguration has been disabled for Remote Access.
#Event ID 10013: Client authentication method: AuthType.
#Event ID 10014: PrefixType prefix: Prefix.
#Event ID 10015: Management servers added to the Remote Access deployment.
#Event ID 10016: Management servers removed from the Remote Access deployment.
#Event ID 10017: An NRPT entry has been added.
#Event ID 10018: An NRPT entry has been removed.
#Event ID 10019: VPN has been installed.
#Event ID 10020: VPN authentication method: VPNAuthType.
#Event ID 10021: VPN IP address assignment type: Addressassignmenttype.
#Event ID 10022: A VPN static IP address pool was added.
#Event ID 10023: A VPN static IP address pool was removed.
#Event ID 10024: A RADIUS server for Purpose was added.
#Event ID 10025: A RADIUS server for Purpose was removed.
#Event ID 10026: RemoteAccessType has been uninstalled.
#Event ID 10027: A load balanced cluster deployment has been enabled.
#Event ID 10028: A load balanced cluster deployment has been disabled.
#Event ID 10029: Load balancing method: RALBType.
#Event ID 10030: RemoteAccessServerName has been added to the load balanced cluster.
#Description
RemoteAccessServerName has been added to the load balanced cluster.
Message #
Fields #
| Name | Description |
|---|---|
RemoteAccessServerName UnicodeString | |
InternalVIPs UnicodeString | |
InternalDIPs UnicodeString | |
InternetVIPs UnicodeString | |
InternetDIPs UnicodeString | |
VPNStartAddress UnicodeString | |
VPNEndAddress UnicodeString | |
ServerName UnicodeString |
Event ID 10031: RemoteAccessServerName has been removed from the load balanced cluster.
#Event ID 10032: Application servers were added to security group SGName.
#Event ID 10033: Application servers were removed from security group SGName.
#Event ID 10034: Connection method for application servers: AppServerConnectionType.
#Event ID 10035: Accounting: RAActionType.
#Event ID 10036: Data from FromDate to EndDate was deleted from the accounting store.
#Event ID 10037: Data since FromDate was deleted from the accounting store.
#Event ID 10038: The accounting store was cleared.
#Event ID 10039: Accounting store size: StoreLimit.
#Event ID 10040: User UserNameIP was disconnected.
#Event ID 10041: GPO GroupPolicyobjectName cannot be GroupPolicyobjectAction.
#Event ID 10042: Registry settings cannot be configured for GPO GroupPolicyobjectName.
#Event ID 10043: IPsec rule IPsecRuleName cannot be created.
#Event ID 10044: Firewall rule FirewallRuleName cannot be created.
#Event ID 10045: Firewall rule FirewallRuleName cannot be updated.
#Event ID 10046: GPO GroupPolicyobjectNameorId cannot be loaded.
#Event ID 10047: Security filtering for GPO GroupPolicyobjectName cannot be modified.
#Event ID 10048: OTP authentication has been enabled.
#Description
OTP authentication has been enabled.
Message #
Event ID 10049: OTP authentication has been disabled.
#Description
OTP authentication has been disabled.
Message #
Event ID 10050: Server ComputerName has been enabled as the first entry point in the multisite deployment.
#Event ID 10051: Server ComputerName cannot be enabled as the first entry point in the multisite deployment.
#Event ID 10052: Server ComputerName has been removed as an entry point from the multisite deployment.
#Event ID 10053: Server ComputerName cannot be removed as an entry point from the multisite deployment.
#Event ID 10054: Manual entry point selection has been enabled in the multisite deployment.
#Description
Manual entry point selection has been enabled in the multisite deployment.
Message #
Event ID 10055: Manual entry point selection cannot be enabled in the multisite deployment.
#Description
Manual entry point selection cannot be enabled in the multisite deployment.
Message #
Event ID 10056: Manual entry point selection has been disabled in the multisite deployment.
#Description
Manual entry point selection has been disabled in the multisite deployment.
Message #
Event ID 10057: Manual entry point selection cannot be disabled in the multisite deployment.
#Description
Manual entry point selection cannot be disabled in the multisite deployment.
Message #
Event ID 10058: The global load balancing FQDN is set to GlobalLoadBalancingFQDN.
#Event ID 10059: The global load balancing FQDN cannot be set to GlobalLoadBalancingFQDN.
#Event ID 10062: The multisite deployment name is EnterpriseName.
#Event ID 10063: The multisite deployment name cannot be set to EnterpriseName.
#Event ID 10064: Domain controller DomainControllerName has been associated with entry point EntryPointName.
#Event ID 10065: Domain controller DomainControllerName cannot be associated with entry point EntryPointName.
#Event ID 10066: Entry point EntrypointName has been added to the multisite deployment.
#Event ID 10067: Entry point EntrypointName cannot be added to the multisite deployment.
#Event ID 10068: The global load balancing IP address of entry point EntrypointName is set to GloballoadbalancingIPaddress.
#Event ID 10069: The global load balancing IP address of entry point EntrypointName cannot be set to GloballoadbalancingIPaddress.
#Event ID 10070: Entry point EntrypointName has been removed from the multisite deployment.
#Event ID 10071: Entry point EntrypointName cannot be removed from the multisite deployment.
#Event ID 10072: The deployment mode has been changed to DAInstallType.
#Event ID 10073: The root certificate for IPsec has been changed to RootCert.
#Event ID 10074: The name of entry point CurrentEntryPointName has been changed to NewEntryPointname.
#Event ID 10075: The name of entry point CurrentEntryPointName cannot be changed to NewEntryPointname.
#Event ID 20001
#Description
BGP router added.
Event ID 20002: BGP router added for routing domain Arg1.
#Event ID 20002
#Description
BGP router added for routing domain .
Fields #
| Name | Description |
|---|---|
Arg1 UnicodeString |
Event ID 20003
#Description
BGP router removed.
Event ID 20004: BGP router removed for routing domain Arg1.
#Event ID 20004
#Description
BGP router removed for routing domain .
Fields #
| Name | Description |
|---|---|
Arg1 UnicodeString |
Event ID 20005: Configuration changed for BGP router.
#Description
Configuration changed for BGP router.
Message #
Event ID 20005
#Description
Configuration changed for BGP router.
Event ID 20006: Configuration changed for BGP router of routing domain Arg1.
#Event ID 20006
#Description
Configuration changed for BGP router of routing domain .
Fields #
| Name | Description |
|---|---|
Arg1 UnicodeString |
Event ID 20007: BGP peer Arg1 added.
#Event ID 20008: BGP peer Arg1 added for routing domain Arg2.
#Event ID 20008
#Description
BGP peer added for routing domain .
Fields #
| Name | Description |
|---|---|
Arg1 UnicodeString | |
Arg2 UnicodeString |
Event ID 20009: BGP peer Arg1 removed.
#Event ID 20010: BGP peer Arg1 removed for routing domain Arg2.
#Event ID 20010
#Description
BGP peer removed for routing domain .
Fields #
| Name | Description |
|---|---|
Arg1 UnicodeString | |
Arg2 UnicodeString |
Event ID 20011: Configuration changed for BGP peer Arg1.
#Event ID 20011
#Description
Configuration changed for BGP peer .
Fields #
| Name | Description |
|---|---|
Arg1 UnicodeString |
Event ID 20012: Configuration changed for BGP peer Arg1 of routing domain Arg2.
#Event ID 20012
#Description
Configuration changed for BGP peer of routing domain .
Fields #
| Name | Description |
|---|---|
Arg1 UnicodeString | |
Arg2 UnicodeString |
Event ID 20013: Operation mode changed from Arg1 to Arg2 for peer Arg3.
#Event ID 20013
#Description
Operation mode changed from to for peer .
Fields #
| Name | Description |
|---|---|
Arg1 UnicodeString | |
Arg2 UnicodeString | |
Arg3 UnicodeString |
Event ID 20014: Operation mode changed from Arg1 to Arg2 for peer Arg3 of routing domain Arg4.
#Event ID 20014
#Description
Operation mode changed from to for peer of routing domain .
Fields #
| Name | Description |
|---|---|
Arg1 UnicodeString | |
Arg2 UnicodeString | |
Arg3 UnicodeString | |
Arg4 UnicodeString |
Event ID 20015: Peering type changed from Arg1 to Arg2 for peer Arg3.
#Event ID 20015
#Description
Peering type changed from to for peer .
Fields #
| Name | Description |
|---|---|
Arg1 UnicodeString | |
Arg2 UnicodeString | |
Arg3 UnicodeString |
Event ID 20016: Peering type changed from Arg1 to Arg2 for peer Arg3 of routing domain Arg4.
#Event ID 20016
#Description
Peering type changed from to for peer of routing domain .
Fields #
| Name | Description |
|---|---|
Arg1 UnicodeString | |
Arg2 UnicodeString | |
Arg3 UnicodeString | |
Arg4 UnicodeString |
Event ID 20017: BGP route flap dampening enabled.
#Description
BGP route flap dampening enabled.
Message #
Event ID 20017
#Description
BGP route flap dampening enabled.
Event ID 20018: BGP route flap dampening enabled for routing domain Arg1.
#Event ID 20018
#Description
BGP route flap dampening enabled for routing domain .
Fields #
| Name | Description |
|---|---|
Arg1 UnicodeString |
Event ID 20019: BGP route flap dampening configuration changed.
#Description
BGP route flap dampening configuration changed.
Message #
Event ID 20019
#Description
BGP route flap dampening configuration changed.
Event ID 20020: BGP route flap dampening configuration changed for routing domain Arg1.
#Event ID 20020
#Description
BGP route flap dampening configuration changed for routing domain .
Fields #
| Name | Description |
|---|---|
Arg1 UnicodeString |
Event ID 20021: BGP route flap dampening disabled.
#Description
BGP route flap dampening disabled.
Message #
Event ID 20021
#Description
BGP route flap dampening disabled.
Event ID 20022: BGP route flap dampening disabled for routing domain Arg1.
#Event ID 20022
#Description
BGP route flap dampening disabled for routing domain .
Fields #
| Name | Description |
|---|---|
Arg1 UnicodeString |
Provenance
Where this provider's schema came from, and which Windows build it was observed on. Windows can change a provider's event schema between builds, so use this to judge whether it matches the build you collect from.
ETW provider GUID b0261971-f607-458e-8d89-02fe7e846129
Defined in RAMgmtPSProvider.dll, which carries the event manifest.
Observed on:
- WS2022-20348.4893, schema read from the registered manifest, binary version 10.0.20348.1, captured 2026-06-02