Skip to content

Commit 17b7b26

Browse files
status
1 parent fa4a983 commit 17b7b26

9 files changed

Lines changed: 23 additions & 23 deletions

support/windows-client/group-policy/scenario-guide-gpo-to-map-network-drive-doesn-t-apply-as-expected.md

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -132,16 +132,16 @@ In *\<Clientmachinename\>_\<Date_Time\>_GPPREF_User.txt*, we observe that the GP
132132
133133
```output
134134
yyyy-mm-dd hh:mm::ss:sss [pid=0x3134,tid=0x4fc] Entering ProcessGroupPolicyExDrives()
135-
yyyy-mm-dd hh:mm::ss:sss [pid=0x3134,tid=0x4fc] SOFTWARE\Policies\Microsoft\Windows\Group Policy\{5794DAFD-BE60-433f-88A2-1A31939AC01F}
135+
yyyy-mm-dd hh:mm::ss:sss [pid=0x3134,tid=0x4fc] SOFTWARE\Policies\Microsoft\Windows\Group Policy\{aaaabbbb-0000-cccc-1111-dddd2222eeee}
136136
```
137137

138138
The Group Policy Mapped Drives extension identified a GPO that's configured with this extension, and the name is **Mapped-Drive**:
139139

140140
```output
141-
yyyy-mm-dd hh:mm::ss:sss [pid=0x3134,tid=0x4fc] GPC : LDAP://CN=User,cn={6D6CECFD-C75A-43FA-8C32-0B5963E42C5B},cn=policies,cn=system,DC=contoso,DC=com
142-
yyyy-mm-dd hh:mm::ss:sss [pid=0x3134,tid=0x4fc] GPT : \\contoso.com\SysVol\contoso.com\Policies\{6D6CECFD-C75A-43FA-8C32-0B5963E42C5B}\User
141+
yyyy-mm-dd hh:mm::ss:sss [pid=0x3134,tid=0x4fc] GPC : LDAP://CN=User,cn={bbbbcccc-1111-dddd-2222-eeee3333ffff},cn=policies,cn=system,DC=contoso,DC=com
142+
yyyy-mm-dd hh:mm::ss:sss [pid=0x3134,tid=0x4fc] GPT : \\contoso.com\SysVol\contoso.com\Policies\{bbbbcccc-1111-dddd-2222-eeee3333ffff}\User
143143
yyyy-mm-dd hh:mm::ss:sss [pid=0x3134,tid=0x4fc] GPO Display Name : Mapped-Drive
144-
yyyy-mm-dd hh:mm::ss:sss [pid=0x3134,tid=0x4fc] GPO Name : {6D6CECFD-C75A-43FA-8C32-0B5963E42C5B}
144+
yyyy-mm-dd hh:mm::ss:sss [pid=0x3134,tid=0x4fc] GPO Name : {bbbbcccc-1111-dddd-2222-eeee3333ffff}
145145
```
146146

147147
We observe that drive Z is successfully mapped:
@@ -151,7 +151,7 @@ yyyy-mm-dd hh:mm::ss:sss [pid=0x3134,tid=0x4fc] Starting class <Drive> - Z:.
151151
yyyy-mm-dd hh:mm::ss:sss [pid=0x3134,tid=0x4fc] Policy is not flagged for removal.
152152
yyyy-mm-dd hh:mm::ss:sss [pid=0x3134,tid=0x4fc] Completed class <Drive> - Z:.
153153
yyyy-mm-dd hh:mm::ss:sss [pid=0x3134,tid=0x4fc] Completed class <Drives>.
154-
yyyy-mm-dd hh:mm::ss:sss [pid=0x3134,tid=0x4fc] EVENT : The user 'Z:' preference item in the 'Mapped-Drive {6D6CECFD-C75A-43FA-8C32-0B5963E42C5B}' Group Policy Object applied successfully.
154+
yyyy-mm-dd hh:mm::ss:sss [pid=0x3134,tid=0x4fc] EVENT : The user 'Z:' preference item in the 'Mapped-Drive {bbbbcccc-1111-dddd-2222-eeee3333ffff}' Group Policy Object applied successfully.
155155
yyyy-mm-dd hh:mm::ss:sss [pid=0x3134,tid=0x4fc] Completed class <Drive> - Z:.
156156
yyyy-mm-dd hh:mm::ss:sss [pid=0x3134,tid=0x4fc] Completed class <Drives>
157157
```

support/windows-client/installing-updates-features-roles/windows-update-issues-troubleshooting.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -74,10 +74,10 @@ Checking the WindowsUpdate.log reveals the following error:
7474
```output
7575
YYYY/MM/DD HH:mm:ss:SSS PID TID Agent * START * Finding updates CallerId = Update;taskhostw Id = 25
7676
YYYY/MM/DD HH:mm:ss:SSS PID TID Agent Online = Yes; Interactive = No; AllowCachedResults = No; Ignore download priority = No
77-
YYYY/MM/DD HH:mm:ss:SSS PID TID Agent ServiceID = {855E8A7C-ECB4-4CA3-B045-1DFA50104289} Third party service
77+
YYYY/MM/DD HH:mm:ss:SSS PID TID Agent ServiceID = {aaaabbbb-0000-cccc-1111-dddd2222eeee} Third party service
7878
YYYY/MM/DD HH:mm:ss:SSS PID TID Agent Search Scope = {Current User}
7979
YYYY/MM/DD HH:mm:ss:SSS PID TID Agent Caller SID for Applicability: S-1-12-1-2933642503-1247987907-1399130510-4207851353
80-
YYYY/MM/DD HH:mm:ss:SSS PID TID Misc Got 855E8A7C-ECB4-4CA3-B045-1DFA50104289 redir Client/Server URL: https://fe3.delivery.mp.microsoft.com/ClientWebService/client.asmx""
80+
YYYY/MM/DD HH:mm:ss:SSS PID TID Misc Got aaaabbbb-0000-cccc-1111-dddd2222eeee redir Client/Server URL: https://fe3.delivery.mp.microsoft.com/ClientWebService/client.asmx""
8181
YYYY/MM/DD HH:mm:ss:SSS PID TID Misc Token Requested with 0 category IDs.
8282
YYYY/MM/DD HH:mm:ss:SSS PID TID Misc GetUserTickets: No user tickets found. Returning WU_E_NO_USERTOKEN.
8383
YYYY/MM/DD HH:mm:ss:SSS PID TID Misc *FAILED* [80070426] Method failed [AuthTicketHelper::GetDeviceTickets:570]
@@ -88,7 +88,7 @@ YYYY/MM/DD HH:mm:ss:SSS PID TID Misc *FAILED* [80070426] Method fai
8888
YYYY/MM/DD HH:mm:ss:SSS PID TID Misc *FAILED* [80070426] GetAgentTokenFromServer
8989
YYYY/MM/DD HH:mm:ss:SSS PID TID Misc *FAILED* [80070426] GetAgentToken
9090
YYYY/MM/DD HH:mm:ss:SSS PID TID Misc *FAILED* [80070426] EP:Call to GetEndpointToken
91-
YYYY/MM/DD HH:mm:ss:SSS PID TID Misc *FAILED* [80070426] Failed to obtain service 855E8A7C-ECB4-4CA3-B045-1DFA50104289 plugin Client/Server auth token of type 0x00000001
91+
YYYY/MM/DD HH:mm:ss:SSS PID TID Misc *FAILED* [80070426] Failed to obtain service aaaabbbb-0000-cccc-1111-dddd2222eeee plugin Client/Server auth token of type 0x00000001
9292
YYYY/MM/DD HH:mm:ss:SSS PID TID ProtocolTalker *FAILED* [80070426] Method failed [CAgentProtocolTalkerContext::DetermineServiceEndpoint:377]
9393
YYYY/MM/DD HH:mm:ss:SSS PID TID ProtocolTalker *FAILED* [80070426] Initialization failed for Protocol Talker Context
9494
YYYY/MM/DD HH:mm:ss:SSS PID TID Agent Exit code = 0x80070426
@@ -101,7 +101,7 @@ The 0x80070426 error code translates to:
101101
ERROR_SERVICE_NOT_ACTIVE - # The service has not been started.
102102
```
103103

104-
Microsoft Account Sign In Assistant (MSA or wlidsvc) is the service in question. The DCAT Flighting service (ServiceId: 855E8A7C-ECB4-4CA3-B045-1DFA50104289) relies on MSA to get the global device ID for the device. Without the MSA service running, the global device ID won't be generated and sent by the client and the search for feature updates never completes successfully.
104+
Microsoft Account Sign In Assistant (MSA or wlidsvc) is the service in question. The DCAT Flighting service (ServiceId: aaaabbbb-0000-cccc-1111-dddd2222eeee) relies on MSA to get the global device ID for the device. Without the MSA service running, the global device ID won't be generated and sent by the client and the search for feature updates never completes successfully.
105105

106106
To resolve this issue, reset the MSA service to the default StartType of "manual."
107107

support/windows-client/licensing-and-activation/activation-failures-not-genuine-notifications-volume-licensed-kms-client.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -60,7 +60,7 @@ For Windows editions that experience activation and "not genuine" errors that ar
6060

6161
|Event log|Event source|Event ID|Description|
6262
|---|---|---|---|
63-
|Application|Microsoft-Windows-Security-SPP|8209|Genuine state set to non-genuine (0x00000000) for application Id 55c92734-d682-4d71-983e-d6ec3f16059f|
63+
|Application|Microsoft-Windows-Security-SPP|8209|Genuine state set to non-genuine (0x00000000) for application Id 00001111-aaaa-2222-bbbb-3333cccc4444|
6464
|Application|Microsoft-Windows-Security-SPP|8208|Acquisition of genuine ticket failed (hr=0xC004C4A2) for template Id 66c92734-d682-4d71-983e-d6ec3f16059f|
6565
|Application|Windows Activation Technologies|13|Genuine validation result: hrOffline = 0x00000000, hrOnline =0xC004C4A2|
6666
|Application|Microsoft-Windows-Security-SPP|8196|License Activation Scheduler (sppuinotify.dll) was not able to automatically activate. Error code: 0xC004F200:|

support/windows-client/windows-security/enforcing-bitlocker-policies-by-using-intune-known-issues.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -243,7 +243,7 @@ The policy deployment fails and the failure generates the following events in Ev
243243
> Event:
244244
> Failed to backup BitLocker Drive Encryption recovery information for volume C: to your Microsoft Entra ID.
245245
>
246-
> TraceId: {cbac2b6f-1434-4faa-a9c3-597b17c1dfa3}
246+
> TraceId: {0000aaaa-11bb-cccc-dd22-eeeeee333333}
247247
> Error: Unknown HResult Error code: 0x80072f9a
248248
249249
> Event ID:778

support/windows-server/active-directory/troubleshoot-ad-fs-sso-issue.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -418,7 +418,7 @@ Then, check the certificate configuration on WAP servers and the fallback bindin
418418
419419
To support non-SNI cases, administrators may specify fallback bindings. Other than the standard federationservicename:443 binding, look for fallback bindings under the following application IDs:
420420
421-
- \{5d89a20c-beab-4389-9447-324788eb944a\}: This is the application ID for AD FS.
421+
- \{00001111-aaaa-2222-bbbb-3333cccc4444\}: This is the application ID for AD FS.
422422
- \{f955c070-e044-456c-ac00-e9e4275b3f04\}: This is the application ID for Web Application Proxy.
423423
424424
For example, if the SSL certificate is specified for a fallback binding like 0.0.0.0:443, make sure that the binding is updated accordingly when the SSL certificate gets updated.
@@ -884,12 +884,12 @@ Get the SSL certificate bindings for AD FS
884884
On the AD FS server, run the following command in Windows PowerShell:
885885
`netsh http show sslcert`
886886

887-
In the list of bindings returned, look for those with the Application ID of 5d89a20c-beab-4389-9447-324788eb944a. Here is an example of a healthy binding. Note the "Ctl Store Name" line.
887+
In the list of bindings returned, look for those with the Application ID of 00001111-aaaa-2222-bbbb-3333cccc4444. Here is an example of a healthy binding. Note the "Ctl Store Name" line.
888888

889889
```output
890890
Hostname:port : adfs.contoso.com:443
891891
Certificate Hash : 3638de9b03a488341dfe32fc3ae5c480ee687793
892-
Application ID : {5d89a20c-beab-4389-9447-324788eb944a}
892+
Application ID : {00001111-aaaa-2222-bbbb-3333cccc4444}
893893
Certificate Store Name : MY
894894
Verify Client Certificate Revocation : Enabled
895895
Verify Revocation Using Cached Client Certificate Only : Disabled

support/windows-server/software-defined-networking/troubleshoot-windows-server-software-defined-networking-stack.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -236,11 +236,11 @@ HostId : **162cd2c8-08d4-4298-8cb4-10c2977e3cfe**
236236
Get-NetworkControllerServer -ConnectionUri $uri |where { $_.InstanceId -eq "162cd2c8-08d4-4298-8cb4-10c2977e3cfe"}
237237
238238
Tags :
239-
ResourceRef : /servers/4c4c4544-0056-4a10-8059-b8c04f395931
239+
ResourceRef : /servers/a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1
240240
InstanceId : **162cd2c8-08d4-4298-8cb4-10c2977e3cfe**
241241
Etag : W/"50f89b08-215c-495d-8505-0776baab9cb3"
242242
ResourceMetadata : Microsoft.Windows.NetworkController.ResourceMetadata
243-
ResourceId : 4c4c4544-0056-4a10-8059-b8c04f395931
243+
ResourceId : a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1
244244
Properties : Microsoft.Windows.NetworkController.ServerProperties
245245
```
246246

support/windows-server/system-management-components/event-tracing-for-windows-simplified.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -48,7 +48,7 @@ Classpnp Driver Tracing Provider {FA8DE7C4-ACDE-4443-9994-C4E2359A9EDB}
4848
Critical Section Trace Provider {3AC66736-CC59-4CFF-8115-8DF50E39816B}
4949
Device Task Enumerator {0E9E7909-00AA-42CF-9502-2C490471E598}
5050
Disk Class Driver Tracing Provider {945186BF-3DD6-4F3F-9C8E-9EDD3FC9D558}
51-
Downlevel IPsec API {94335EB3-79EA-44D5-8EA9-306F49B3A041}
51+
Downlevel IPsec API {aaaabbbb-0000-cccc-1111-dddd2222eeee}
5252

5353
Various utilities are available at the Microsoft Download Center in order to parse .etl files, for instance Network Monitor v3.4. However, the sample script below would not need an installation of any of those.
5454

support/windows-server/system-management-components/identify-cause-of-wmi-shutdown.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -150,7 +150,7 @@ After the reboot, follow these steps to conclude the investigation:
150150
User: SYSTEM
151151
Computer: <FQDN>
152152
Description:
153-
CorrelationId = {6BE1F66D-CD17-0003-6718-E26B17CDDA01}; GroupOperationId = 11687; OperationId = 11698; Operation = Start IWbemServices::ExecMethod - root\cimv2 : Win32_OperatingSystem=@::Win32Shutdown; ClientMachine = <computer name>; User = <user>; ClientProcessId = 2712; NamespaceName = 133644697772514501
153+
CorrelationId = {aaaa0000-bb11-2222-33cc-444444dddddd}; GroupOperationId = 11687; OperationId = 11698; Operation = Start IWbemServices::ExecMethod - root\cimv2 : Win32_OperatingSystem=@::Win32Shutdown; ClientMachine = <computer name>; User = <user>; ClientProcessId = 2712; NamespaceName = 133644697772514501
154154
```
155155

156156
Note the **ClientProcessId**.

support/windows-server/system-management-components/troubleshoot-wmi-high-cpu-issues.md

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -222,7 +222,7 @@ Here's one of the log entries from the WMI-Tracing CSV file saved:
222222

223223
|Level|Date and time|Source|Event ID|Task category|Description|
224224
|-|-|-|-|-|-|
225-
|Information|05-05-23 14:48|Microsoft-Windows-WMI-Activity|11|None|CorrelationId = {345E5566-0000-0000-0000-68343241D901}; GroupOperationId = 30693; OperationId = 30694; Operation = Start IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Product; ClientMachine = 21H2W10M; User = CONTOSO\\\<UserName>; ClientProcessId = 5484; NamespaceName = 133277000000783520|
225+
|Information|05-05-23 14:48|Microsoft-Windows-WMI-Activity|11|None|CorrelationId = {aaaa0000-bb11-2222-33cc-444444dddddd}; GroupOperationId = 30693; OperationId = 30694; Operation = Start IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Product; ClientMachine = 21H2W10M; User = CONTOSO\\\<UserName>; ClientProcessId = 5484; NamespaceName = 133277000000783520|
226226

227227
A similar event in XML format looks like:
228228

@@ -246,7 +246,7 @@ A similar event in XML format looks like:
246246
</System>
247247
<UserData>
248248
<Operation_New xmlns="http://manifests.microsoft.com/win/2006/windows/WMI">
249-
<CorrelationId>{345E5566-0000-0000-0000-67343241D901}</CorrelationId>
249+
<CorrelationId>{bbbb1111-cc22-3333-44dd-555555eeeeee}</CorrelationId>
250250
<GroupOperationId>28089</GroupOperationId>
251251
<OperationId>28090</OperationId>
252252
<Operation>Start IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Product</Operation>
@@ -260,7 +260,7 @@ A similar event in XML format looks like:
260260
</Operation_New>
261261
</UserData>
262262
<RenderingInfo Culture="en-US">
263-
<Message>CorrelationId = {345E5566-0000-0000-0000-67343241D901}; GroupOperationId = 28089; OperationId = 28090; Operation = Start IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Product; ClientMachine = 21H2W10M; User = CONTOSO\<UserName>; ClientProcessId = 5484; NamespaceName = 133277000000783520</Message>
263+
<Message>CorrelationId = {bbbb1111-cc22-3333-44dd-555555eeeeee}; GroupOperationId = 28089; OperationId = 28090; Operation = Start IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Product; ClientMachine = 21H2W10M; User = CONTOSO\<UserName>; ClientProcessId = 5484; NamespaceName = 133277000000783520</Message>
264264
<Level>Information</Level>
265265
<Task/>
266266
<Opcode>Info</Opcode>
@@ -356,9 +356,9 @@ With the filter showing only the lines or operations that include "Win32_NTLogEv
356356

357357
|Level|Source|Event ID|Description|
358358
|-|-|-|-|
359-
|Information|Microsoft-Windows-WMI-Activity|11|CorrelationId = {345E5566-0000-0000-0000-68343241D901}; GroupOperationId = 30641; OperationId = 30642; Operation = Start IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NTLogEvent; ClientMachine = 21H2W10M; User = CONTOSO\\\<UserName>; ClientProcessId = 5484; NamespaceName = 133277000000783520|
359+
|Information|Microsoft-Windows-WMI-Activity|11|CorrelationId = {aaaa0000-bb11-2222-33cc-444444dddddd}; GroupOperationId = 30641; OperationId = 30642; Operation = Start IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NTLogEvent; ClientMachine = 21H2W10M; User = CONTOSO\\\<UserName>; ClientProcessId = 5484; NamespaceName = 133277000000783520|
360360
|Information|Microsoft-Windows-WMI-Activity|12|ProviderInfo for GroupOperationId = 30641; Operation = Provider::CreateInstanceEnum - MS_NT_EVENTLOG_PROVIDER : Win32_NTLogEvent; HostID = 556; ProviderName = MS_NT_EVENTLOG_PROVIDER; ProviderGuid = {FD4F53E0-65DC-11d1-AB64-00C04FD9159E}; Path = %systemroot%\system32\wbem\ntevt.dll|
361-
|Information|Microsoft-Windows-WMI-Activity|11|CorrelationId = {345E5566-0000-0000-0000-68343241D901}; GroupOperationId = 30697; OperationId = 30698; Operation = Start IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NTLogEvent; ClientMachine = 21H2W10M; User = CONTOSO\\\<UserName>; ClientProcessId = 5484; NamespaceName = 133277000000783520|
361+
|Information|Microsoft-Windows-WMI-Activity|11|CorrelationId = {aaaa0000-bb11-2222-33cc-444444dddddd}; GroupOperationId = 30697; OperationId = 30698; Operation = Start IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NTLogEvent; ClientMachine = 21H2W10M; User = CONTOSO\\\<UserName>; ClientProcessId = 5484; NamespaceName = 133277000000783520|
362362
|Information|Microsoft-Windows-WMI-Activity|12|ProviderInfo for GroupOperationId = 30697; Operation = Provider::CreateInstanceEnum - MS_NT_EVENTLOG_PROVIDER : Win32_NTLogEvent; HostID = 556; ProviderName = MS_NT_EVENTLOG_PROVIDER; ProviderGuid = {FD4F53E0-65DC-11d1-AB64-00C04FD9159E}; Path = %systemroot%\system32\wbem\ntevt.dll|
363363

364364
From the above operations, you can get the following additional information:

0 commit comments

Comments
 (0)