Today i got EventID 28 error with different PID which should be LsaIso.exe = Credential Guard & Key Guard. The one I posted yesterday didnt appear today, there were more of same event ids with different PIDs, but they didnt showed up today, so Im posting only the last one.
EventID 28
Error setting traits on Provider {77811378-e885-4ac2-a580-bc86e4f1bc93}. Error 0x C0000005
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<Provider Name="Microsoft-Windows-Kernel-EventTracing" Guid="{b675ec37-bdb6-4648-bc92-f3fdc74d3ca2}" />
<Keywords>0x8000000000000a20</Keywords>
<TimeCreated SystemTime="2022-07-22T15:47:01.1083184Z" />
<EventRecordID>36</EventRecordID>
<Execution ProcessID="1032" ThreadID="1036" />
<Channel>Microsoft-Windows-Kernel-EventTracing/Admin</Channel>
<Computer>DESKTOP-0687UEC</Computer>
<Security UserID="S-1-5-18" />
<Data Name="ProviderGuid">{77811378-e885-4ac2-a580-bc86e4f1bc93}</Data>
<Data Name="ErrorCode">3221225477</Data>
</Event>
I get this too Event ID: 86
SCEP Certificate enrollment initialization for WORKGROUP\DESKTOP-0687UEC$ via https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep failed:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Fri, 22 Jul 2022 15:47:10 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 82adac11-066d-4d56-a1c5-12738a2ac3e1
Method: GET(250ms)
Stage: GetCACaps Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<Provider Name="Microsoft-Windows-CertificateServicesClient-CertEnroll" Guid="{54164045-7C50-4905-963F-E5BC1EEF0CCA}" EventSourceName="CertEnroll" />
<EventID Qualifiers="49754">86</EventID>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-07-22T15:47:10.2203895Z" />
<EventRecordID>6556</EventRecordID>
<Execution ProcessID="4960" ThreadID="0" />
<Channel>Application</Channel>
<Computer>DESKTOP-0687UEC</Computer>
<Security UserID="S-1-5-18" />
<Data Name="Context">WORKGROUP\DESKTOP-0687UEC$</Data>
<Data Name="Url">https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep</Data>
<Data Name="MessageText">GetCACaps GetCACaps: Not Found {"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."} HTTP/1.1 404 Not Found Date: Fri, 22 Jul 2022 15:47:10 GMT Content-Length: 121 Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: 82adac11-066d-4d56-a1c5-12738a2ac3e1</Data>
<Data Name="Method">GET(250ms)</Data>
<Data Name="Stage">GetCACaps</Data>
<Data Name="ErrorCode">Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)</Data>
Event ID: 86
SCEP Certificate enrollment initialization for Local system via https://AMD-KeyId 578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep failed:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Fri, 22 Jul 2022 15:47:10 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: b8534749-4611-4bb5-86b5-040daaa5d760
Method: GET(391ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<Provider Name="Microsoft-Windows-CertificateServicesClient-CertEnroll" Guid="{54164045-7C50-4905-963F-E5BC1EEF0CCA}" EventSourceName="CertEnroll" />
<EventID Qualifiers="49754">86</EventID>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-07-22T15:47:09.8134029Z" />
<EventRecordID>6555</EventRecordID>
<Execution ProcessID="4960" ThreadID="0" />
<Channel>Application</Channel>
<Computer>DESKTOP-0687UEC</Computer>
<Security UserID="S-1-5-18" />
<Data Name="Context">Local system</Data>
<Data Name="Url">https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep</Data>
<Data Name="MessageText">GetCACaps GetCACaps: Not Found {"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."} HTTP/1.1 404 Not Found Date: Fri, 22 Jul 2022 15:47:10 GMT Content-Length: 121 Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: b8534749-4611-4bb5-86b5-040daaa5d760</Data>
<Data Name="Method">GET(391ms)</Data>
<Data Name="Stage">GetCACaps</Data>
<Data Name="ErrorCode">Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)</Data>
Event ID: 64
Local system certificate with fingerprint 73 05 c5 29 71 57 48 b7 f3 63 80 58 7e 9e 75 f0 bb 4e 86 b1 will expire or has already expired.
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<Provider Name="Microsoft-Windows-CertificateServicesClient-AutoEnrollment" Guid="{F0DB7EF8-B6F3-4005-9937-FEB77B9E1B43}" EventSourceName="AutoEnrollment" />
<EventID Qualifiers="32768">64</EventID>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-07-22T15:47:12.1829299Z" />
<EventRecordID>6557</EventRecordID>
<Execution ProcessID="6176" ThreadID="0" />
<Channel>Application</Channel>
<Computer>DESKTOP-0687UEC</Computer>
<Data Name="Context">local system</Data>
<Data Name="ObjId">73 05 c5 29 71 57 48 b7 f3 63 80 58 7e 9e 75 f0 bb 4e 86 b1</Data>
Yesterday I got stutter while watching video and then when I played Facebook game computer crashed. I think the cause is Event 17. Other Event ids dont cause any problems, as far as I know. As far as I remember computer worked fine even with those errors and warnings.
I think this is connected to Mass Storage, because when I uninstalled Mass storage device I got Event 225 and as you can see DeviceInstance in it is the same as PrimaryDeviceName in Event ID: 17.
Event ID 225
DeviceInstance">PCI\VEN_1022&DEV_1453&SUBSYS_14531022&REV_00\3&11583659&0&0B</Data>
Event ID: 17
PrimaryDeviceName">PCI\VEN_1022&DEV_1453&SUBSYS_14531022&REV_00
I disabled Mass Storage in BIOS and will see what happens.
Event ID 225
The application System with process id 4 stopped the removal or ejection for the device PCI\VEN_1022&DEV_1453&SUBSYS_14531022&REV_00\3&11583659&0&0B.
Process command line:
List of affected devices:
STORAGE\Volume\{44b56f4e-71b6-11eb-a7ea-806e6f6e6963}#0000000028600000
STORAGE\Volume\{44b56f4e-71b6-11eb-a7ea-806e6f6e6963}#0000000021200000
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<Provider Name="Microsoft-Windows-Kernel-PnP" Guid="{9c205a39-1250-487d-abd7-e831c6290539}" />
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-07-22T21:52:51.3878248Z" />
<EventRecordID>19214</EventRecordID>
<Execution ProcessID="4" ThreadID="3688" />
<Channel>System</Channel>
<Computer>DESKTOP-0687UEC</Computer>
<Security UserID="S-1-5-18" />
<Data Name="ProcessId">4</Data>
<Data Name="ProcessNameLength">6</Data>
<Data Name="ProcessName">System</Data>
<Data Name="DeviceInstanceLength">60</Data>
<Data Name="DeviceInstance">PCI\VEN_1022&DEV_1453&SUBSYS_14531022&REV_00\3&11583659&0&0B</Data>
<Data Name="CommandLineLength">0</Data>
<Data Name="CommandLine" />
<Data Name="VetoingDevicesLength">144</Data>
<Data Name="VetoingDevices">STORAGE\Volume\{44b56f4e-71b6-11eb-a7ea-806e6f6e6963}#0000000028600000 STORAGE\Volume\{44b56f4e-71b6-11eb-a7ea-806e6f6e6963}#0000000021200000</Data>
Event ID: 17
A corrected hardware error has occurred.
Component: PCI Express Root Port
Error Source: Advanced Error Reporting (PCI Express)
Primary Bus:Device:Function: 0x0:0x3:0x1
Secondary Bus:Device:Function: 0x0:0x0:0x0
Primary Device Name:PCI\VEN_1022&DEV_1453&SUBSYS_14531022&REV_00
Secondary Device Name:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<Provider Name="Microsoft-Windows-WHEA-Logger" Guid="{c26c4f3c-3f66-4e99-8f8a-39405cfed220}" />
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-07-21T21:55:41.7113830Z" />
<EventRecordID>17525</EventRecordID>
<Correlation ActivityID="{7d18bf50-418d-4963-96f9-da56216f0d12}" />
<Execution ProcessID="7412" ThreadID="7524" />
<Channel>System</Channel>
<Computer>DESKTOP-0687UEC</Computer>
<Security UserID="S-1-5-19" />
<Data Name="ErrorSource">4</Data>
<Data Name="FRUId">{00000000-0000-0000-0000-000000000000}</Data>
<Data Name="ValidBits">0xdf</Data>
<Data Name="PortType">4</Data>
<Data Name="Version">0x101</Data>
<Data Name="Command">0x407</Data>
<Data Name="Status">0x10</Data>
<Data Name="Bus">0x0</Data>
<Data Name="Device">0x3</Data>
<Data Name="Function">0x1</Data>
<Data Name="Segment">0x0</Data>
<Data Name="SecondaryBus">0x0</Data>
<Data Name="SecondaryDevice">0x0</Data>
<Data Name="SecondaryFunction">0x0</Data>
<Data Name="VendorID">0x1022</Data>
<Data Name="DeviceID">0x1453</Data>
<Data Name="ClassCode">0x30400</Data>
<Data Name="DeviceSerialNumber">0x0</Data>
<Data Name="BridgeControl">0x0</Data>
<Data Name="BridgeStatus">0x0</Data>
<Data Name="UncorrectableErrorStatus">0x0</Data>
<Data Name="CorrectableErrorStatus">0x40</Data>
<Data Name="HeaderLog">00000000000000000000000000000000</Data>
<Data Name="PrimaryDeviceName">PCI\VEN_1022&DEV_1453&SUBSYS_14531022&REV_00</Data>
<Data Name="SecondaryDeviceName" />
All these events happen at Startup, except Event id 17.
I run sfc /scannow and it found some corrupted files and repair them, Dism /Online /Cleanup-Image /ScanHealth didnt found anything.