# Event ID reference ## Access Manager Server | Event ID | Severity | Description | | -------- | ------------- | ---------------------------------------------------------------------------------------- | | 2000 | Informational | A user has requested access to a computer | | 2001 | Informational | A user has been added to a local SAM group | | 2002 | Informational | A user has been removed from a local SAM group | | 2003 | Informational | The JIT worker service has created a new group | | 2004 | Informational | The JIT worker service has deleted a group | | 2005 | Informational | The JIT worker service has created a new dynamic group | | 2006 | Informational | The JIT worker service has deleted a dynamic group | | 2007 | Informational | JIT access has been granted to a user via PAM | | 2008 | Informational | JIT access has been revoked from a user via PAM | | 2009 | Informational | A user has requested access to a role | | 2010 | Informational | JIT access has been granted to a user via the scheduler | | 2011 | Informational | JIT access has been revoked from a user via the scheduler | | 2012 | Informational | The JIT scheduler determined that the user no longer exists | | 2013 | Informational | The JIT scheduler determined that the group no longer exists | | 2101 | Informational | A computer authorization rule has been added | | 2102 | Informational | A computer authorization rule has been deleted | | 2103 | Informational | A computer authorization rule has been modified | | 2104 | Informational | A role authorization rule has been added | | 2105 | Informational | A role authorization rule has been deleted | | 2106 | Informational | A role authorization rule has been modified | | 2200 | Informational | The database does not exist | | 2201 | Informational | The database has been created | | 2202 | Informational | Database upgrade is required | | 2203 | Informational | The database is being deleted | | 2204 | Informational | The database has been deleted | | 2205 | Informational | Database upgrade check is in progress | | 2206 | Informational | Database upgrade has been completed | | 2207 | Informational | Database upgrade is not required | | 2300 | Informational | The master key has been exported | | 3000 | Audit Success | A user has been authenticated | | 3001 | Audit Success | Access to the computer's current local admin password has been granted | | 3002 | Audit Success | Access to the computer's password history has been granted | | 3003 | Audit Success | JIT access to a computer has been granted | | 3004 | Audit Success | BitLocker access to a computer has been granted | | 3005 | Audit Success | JIT access to a role has been granted | | 4000 | Errors | SSO identity not found | | 4001 | Errors | Computer not found in directory | | 4002 | Errors | LAPS password not present | | 4003 | Errors | Computer name is ambiguous | | 4004 | Errors | A user request reason was required but it was not provided | | 4006 | Errors | User certificate identity not found | | 4008 | Errors | User certificate validation error | | 4009 | Errors | Identity discovery error | | 4010 | Errors | Computer discovery error | | 4011 | Errors | No LAPS password history is available | | 4012 | Errors | Authorization failed because there were no rules that matched for the specific user | | 4013 | Errors | Authorization failed because there were no rules that matched for the requested computer | | 4014 | Errors | Authorization failed | | 4015 | Errors | Authorization was explicitly denied | | 4016 | Errors | Authorization failed because a mandatory audit event failed to be delivered | | 4017 | Errors | The IP-based rate limit was exceeded | | 4018 | Errors | The user-based rate limit was exceeded | | 4019 | Errors | BitLocker keys were not present for the specified computer | | 4020 | Errors | Authorization failed because the rate limit was exceeded | | 4021 | Errors | The search request returned too many results | | 5001 | Errors | Failed to add a user to a local SAM group | | 5002 | Errors | Failed to remove a user from a local SAM group | | 5003 | Errors | Invalid certificate - invalid or unsupported URI scheme | | 5004 | Errors | Unexpected error | | 5005 | Errors | Error loading template resource | | 5006 | Errors | Notification channel delivery error | | 5007 | Errors | Unhandled error in background task | | 5008 | Errors | Error processing an authorization rule | | 5009 | Errors | JIT rollback is in progress | | 5010 | Errors | JIT rollback failed | | 5011 | Errors | JIT error | | 5012 | Errors | An error occured in the pre-authorization process | | 5013 | Errors | LAPS password history error | | 5014 | Errors | LAPS password error | | 5015 | Errors | Authorization error | | 5016 | Errors | Application is not configured | | 5017 | Errors | Certificate trust chain parsing issue | | 5018 | Errors | Error looking up target directory | | 5019 | Errors | Error creating authorization context | | 5020 | Errors | Authorization context fallback | | 5021 | Errors | Authorization context server cannot connect | | 5022 | Errors | Invalid response from PowerShell security descriptor generator | | 5023 | Errors | DN parse error | | 5024 | Errors | Unexpected error in JIT worker | | 5025 | Errors | Failed to create JIT worker group | | 5026 | Errors | Failed to delete JIT worker group | | 5027 | Errors | JIT worker USN fallback | | 5028 | Errors | JIT dynamic group has invalid domain | | 5029 | Errors | External authentication provider error | | 5030 | Errors | Error processing authentication provider response | | 5031 | Errors | Error looking up authentication directory | | 5032 | Errors | Access denied by external authentication provider | | 5033 | Errors | Certificate authentication access denied | | 5034 | Errors | Certificate authentication error | | 5035 | Errors | BitLocker key access error | | 5036 | Errors | Error reading resource | | 5037 | Errors | Error importing certificate | | 5038 | Errors | Error exporting certificate | | 5039 | Errors | The certificate could not be synchronized because the private key was not exportable | | 5040 | Errors | Database upgrade error | | 5041 | Errors | Database upgrade warning | | 5042 | Errors | Database upgrade info | | 5048 | Errors | Failed to check for new version | | 5049 | Errors | Failed to check certificate expiry | | 5050 | Errors | API is not enabled | | 5051 | Errors | Database backup job failed | | 5052 | Errors | Database initialization failed | | 5053 | Errors | The scheduler failed to remove JIT membership | | 5054 | Errors | The scheduler abandoned the membership removal job | | 5055 | Errors | Password retrieval restricted by license | | 5056 | Errors | Database maintenance job failed | | 5057 | Errors | JIT worker job failed | | 5058 | Errors | Certificate authentication failed because no certificate was presented | ## Agent | Event ID | Description | | -------- | ------------------------------------------------------------------------------------------------------------------------ | | 1000 | The agent has started | | 1001 | The agent has been disabled | | 1002 | The LAPS agent is currently disabled | | 1020 | The LAPS agent has been enabled | | 1004 | The LAPS agent cannot run because it is running on a domain controller | | 1006 | An unexpected exception occurred in the LAPS process | | 1007 | An unexpected exception occurred in the agent | | 1008 | The LAPS agent is not configured | | 1009 | There was a conflict between the Access Manager Agent and the Windows LAPS agent. Only one may be active at any one time | | 1010 | The password has expired | | 1011 | Password has been set on the LAPS attribute | | 1012 | Password has been set on the Access Manager attribute | | 1013 | Password has been changed | | 1014 | Failure in password expiry check | | 1015 | Failure in password change | | 1017 | LAPS conflict has been resolved | | 1018 | No password change required | | 1019 | UWF (Unified Write Filter) has been enabled | | 2001 | Error in server connection | | 2002 | Server credentials are not recognized | | 2003 | No server is configured | | 2004 | AADR (Azure Active Directory Registration) registration is not allowed | | 2005 | AMS registration has been rejected | | 2006 | AMS registration information is missing | | 2007 | AD certificate private key is not available | | 2008 | Impersonation failure | | 2009 | AMS registration failed due to an invalid registration key | | 2010 | Failed to enable the account | | 2011 | Failed to reset the agent | | 2012 | Server certificate has expired | | 2013 | Server certificate hostname mismatch | | 2014 | Server certificate validation failed | | 3001 | Registration is not ready | | 3002 | No suitable AAD (Azure Active Directory) tenant found | | 4001 | AMS registration is pending | | 4002 | AMS registration has been approved | | 4003 | AMS registration is starting | | 4004 | Secondary credentials have been registered | | 4005 | Agent reset has been completed |