DigitalPersona Events

DigitalPersona AD components write events to the Windows Event Log when significant activities occur, along with a date and time stamp indicating when they occurred.

All of the following DigitalPersona events are logged by default depending on the logging level being viewed. Events are classified into the following categories, with a range of event IDs that begin with the ID number shown below.

Event Channels and Categories	ID
DigitalPersona-Altus-Core/Operational
Credential Management	256
User Management	512
Secret Management	768
Service Management	1024
Credential Authentication	2048
Deployment	4096
OTP Management	4352
DigitalPersona-Altus-Logon/Operational
Windows Logon	4864
DigitalPersona-Altus-Policies/Operational
Policy Management	5376
DigitalPersona-Altus-RADIUS/Operational
RADIUS Authentication	6400
DigitalPersona-Altus-PasswordManager/Operational
Password Manager	1536
DigitalPersona-Altus-IdentityProvider/Operational
Identity Provider	6656
DigitalPersona-Altus-AdfAuthProvider/Operational
ADFS Authentication Provider	6400

Events are listed in tables under each category in the following sections. For each event, information is shown indicating where the event is logged (on the DigitalPersona AD Server or on a client workstation) and what level of logging an event is reported at. For example, if an event is shown as logged on the workstation (Wks) at the D (Details) level, it will not be written to the log unless the Detail level is specified in the Level of detail in event logs GPO setting governing that computer).

Note: The error levels are inclusive, i.e. the Audit level includes all Error level messages, and the Details level includes all Audit and Error level messages.

Credential Management

Task Category: 256

The following events may be generated during credentials management.

Event	ID	Level Srvr --- Wks
Failed to enroll credential	259	-	A
Credential enrolled	260	-	A
Failed to unenroll credential	261	-	A
Credential unenrolled	262	-	A
Failed to recover user record	263	-	E
Failure of user credential consistency check	272	-	E
Failure of user credential signature check	273	E	E
Fingerprint credentials cache is cleared. User: <UserName> 1	277	-	E
Duplicate fingerprint found 2	278	E	-
Credential enrolled (Attended Enrollment) 3	281	-	A
Failed to enroll credential (Attended Enrollment) 3	288	-	E
Credential deleted (Attended Enrollment) 3	289	-	A
Failed to delete credential (Attended Enrollment) 3	290	-	E

Level:

E = Error

A = Audit

Dt = Details

Duplicate fingerprint found

The Duplicate fingerprint found event includes the following details:

User, Fingerprint, Duplicate User, Duplicate fingerprint

Example:

Duplicate fingerprint found.

User: Engineering\JSmith

Fingerprint: 3

Duplicate user: Sales\GBush

Duplicate fingerprint: 9

The user’s fingerprints are enumerated as follows:

Finger	#
Left pinky finger	0
Left ring finger	1
Left middle finger	2
Left index finger	3
Left thumb	4
Right thumb	5
Right index finger	6
Right middle finger	7
Right ring finger	8
Right pinky finger	9

User Management

Task Category: 512

The following events may be generated during user management, and during import and export of user enrollment data to a file.

Event	ID	Level Srvr --- Wks
Cannot update User Account Control Flags	527	-	E
User Account Control Flags were updated	528	A	-
User account was unlocked	529	A	-
User password was randomized	530	A	-
User added to the database	531	A	-
Cannot add User to the database	532	E	-
User deleted from the database	533	A	-
Cannot delete User from the database	534	E	-
User account was unlocked using Password Reset	535	A	E
User record is created and opened for attended enrollment.	537	-	A
Cannot create user record for attended enrollment.*	544	-	E
User record is opened for attended enrollment.*	545	-	A
Cannot open user record for attended enrollment.*	546	-	E
User record is closed after attended enrollment.*	547	-	A
Cannot close user record after attended enrollment.*	548	-	E
User attribute is queried.	549	-	A
Failed to query a user attribute.	550	-	E
User attribute is updated.	551	-	A
Failed to update a user attribute.	552	-	E

* Events include a hidden TransactionId parameter in event parameters allowing tracking of a single attended enrollment activity.

Level:

E = Error

A = Audit

Dt = Details

Secret Management

Task Category: 768

The following events may be generated during Secret management.

Event	ID	Level Srvr --- Wks
Failure of %1 secure application data consistency check	769	E	E
Failed to delete secure application data	770	E	E
Secure application data deleted	771	A	A
Failure to release secure application data	772	E	E
Secure application data released	773	A	A
Failure of secure application data signature check	774	E	E
Failed to store secure application data	775	E	E
Secure application data stored	776	A	A
Failed to synchronize secure application data	779	E	-
Secure application data is synchronized*	780	A	-

* Event 780 is logged on the Server when Password Manager data, which was modified offline, is synced to the DigitalPersona Server. We allow modification of Password Manager data offline, that is, when a workstation is not connected to the server, and then when the workstation is reconnected to the server, the data is synced and this event is logged.

Level:

E = Error

A = Audit

Dt = Details

Service Management

Task Category: 1024

The following events may be generated during the management of system operations.

Event	ID	Level Srvr --- Wks
Failed to start DigitalPersona Authentication Service	1029	E	E
Failed to reset DigitalPersona Authentication Service configuration parameter	1032	A	A
DigitalPersona Authentication Service configuration parameter reset	1033	A	A
Failed to update DigitalPersona Authentication Service configuration parameter	1034	A	A
DigitalPersona Authentication Service configuration parameter updated	1035	A	A
DNS registration of the server failed - Client workstations will not be able to locate the server.	1041	E	-
Removal of DNS record failed.	1042	E	-
Remote DNS server cannot be reached.	1043	E	-
No remote DNS servers available.	1044	E	-

Level:

E = Error

A = Audit

Dt = Details

Password Manager

Task Category: 1536

These events are generated when personal or managed logons are used, or logon account data is modified.

Event	ID	Level (Workstation) Personal Managed
CRC check failure in %1.	1548	Dt	A
Logon created	1549	Dt	A
Logon modified	1550	Dt	A
Logon deleted	1551	Dt	A
Password change has been canceled by user	1552	Dt	Dt
Fillin was performed	1553	Dt	A
Account data could not be modified	1554	E	E
Account data was successfully modified.	1555	Dt	A
Account data was successfully entered.	1556	Dt	A
Account data was successfully deleted.	1557	Dt	A

Level:

E = Error

A = Audit

Dt = Details

Credential Authentication

Task Category: 2048

The following events may be generated during the authentication of credentials.

Event	ID	Level Srvr --- Wks
Account is locked for fingerprint verification.	2051	E	-
User account is locked.	2053	E	-
Authentication failure.	2054	A	-
Authenticated successfully.	2055	Dt	-
User password was reset.	2056	Dt	-
Failed to identify user.	2057	A	-
User identified.	2058	Dt	-
Enhanced Authentication policy is triggered.	2059	-	A

Level:

E = Error

A = Audit

Dt = Details

Deployment

Task Category: 4096

These events may be generated during license management operations.

Event	ID	Level Srvr --- Clnt
The service is licensed for %1 users. (No more users can be registered at this time because the license quota has been exceeded.)	4097	E	-
The service is licensed for %1 users. (%2 users are already registered.%n The license quota is nearly exceeded.)	4098	A	-
Computer set to Standard mode.	4105	-	A
User license uninstalled.	4112	A	-
User license installed.	4113	A	-
Failed to install user license(s).	4114	E	-
Software installed.	4130	A	A
Software uninstalled.	4131	A	A

Level:

E = Error

A = Audit

Dt = Details

OTP Management

Task Category: 4352

The following events may be generated during OTP management.

Event	ID	Level Srvr --- Wks
PKSC file is imported.	4359	A	-
Failed to import PKSC file.	4360	E	-
Hardware OTP token record is created.	4361	A	-
Failed to create hardware OTP token record	4362	E	-
Hardware OTP token record is deleted	4363	A	-
Failed to delete hardware OTP token record.	4364	E	-

Level:

E = Error

A = Audit

Dt = Details

Windows Logon

Task Category: 4864

The following events may be generated during Logon operations.

Event	ID	Level Srvr --- Wks
Credentials verified for logon	4865	-	A
Credentials verified for unlock	4866	-	A
Credentials verified for kiosk logon	4867	-	A
Credentials verified for kiosk unlock	4868	-	A
Computer locked	4869	-	A
User (%1) logged off	4870	-	A
Kiosk computer locked	4871	-	A
Kiosk user logged off	4872	-	A
There is a problem with the Kiosk Shared Account	4873	-	E

Level:

E = Error

A = Audit

Dt = Details

Policy Management

Task Category: 5376

The following events are generated when an administrator modifies various DigitalPersona credential policies using the Policy Editor in the Group Policy Management Console or in the Active Directory Users and Computers Management Console.

Event	ID	Level Srvr --- Wks
Windows Logon policy is changed	5377	A	-
Windows Session policy is changed	5378	A	-
Enrollment policy is changed	5379	A	-
Kiosk policy is changed	5380	A	-
Enhanced policy is changed	5381	A	-
User Logon policy is changed	5382	A	-
Group Logon policy is changed	5383	A	-

Level:

E = Error

A = Audit

Dt = Details

RADIUS Authentication

Task Category: 6400

The following events may be generated during RADIUS Authentication operations.

Event	ID	Level*
RADIUS authentication succeeded	6401	A
RADIUS authentication failed	6402	E

* These events are written on the machine where the DigitalPersona plugin is installed.

Level:

E = Error

A = Audit

Dt = Details

Identity Provider

Task Category: 6656

The following events may be generated during Identity Provider operations.

Event	ID	Level*
Pre-login success	6657	A
Local credential verification success	6658	A
External login success	6659	A
Resource owner password flow login success	6660	A
Refresh token refresh success	6661	A
Endpoint success	6662	A
Authorization code redeem success	6663	A
Pre-login failure	6689	A
Local credential verification failure	6690	A
External login failure	6691	A
Resource owner password flow login failure	6692	A
Refresh token refresh failure	6693	A
Endpoint failure	6694	A
Authorization code redeem failure	6695	A
External login error	6721	E
Unhandled exception	6722	E
Signing certificate has no private key, or key is not accessible Make sure the account running your application has access to the private key	6723	E
Signing certificate key length is less than 2048 bits	6724	E
Partial login complete	6753	Dt
A user was logged out	6754	A
Content Security Policy (CSP) report	6755	Dt
Client permissions revoked	6756	Dt
Access token issued	6757	Dt
Identity token issued	6758	Dt
Authorization code issued	6759	Dt
Refresh token issued	6760	Dt
No signing certificate configured	6761	E
The signing certificate will expire in the next 30 days	6762	A
Signing certificate validation success	6763	Dt
WS-Federation sign-in response issued	6764	A
Authentication policy has been satisfied	6765	A

* All events are written on the machine where WMC is installed, which may be on the same machine as the DigitalPersona Server or on a separate machine.

Level:

E = Error

A = Audit

Dt = Details

ADFS Authentication Provider

Task Category: 6400

The following events may be generated by the ADFS authentication plugin on a server running ADFS.

Event	ID	Level
Authentication provider loaded into the ADFS pipeline	6401	A
Authenticated successfully	6402	A
Custom action succeeded	6403	A
Authentication failure	6404	A
Custom action failure	6405	A

* These events are written on the machine where the DigitalPersona NPS plugin is installed.

Level:

E = Error

A = Audit

Dt = Details