1. Home
  2. Docs
  3. LDS Edition Administrator’s Guide
  4. DigitalPersona Events

DigitalPersona Events

Overview

DigitalPersona LDS components write events to the Windows Event Log when significant activities occur, along with a date and time stamp indicating when they occurred.

All of the following DigitalPersona events are logged by default (depending on the logging level being viewed) – except for those that report the status of applications, components or devices. Status events are identified in the following pages by the designation (Status event) after the event name.

Activity events are classified into the following categories, with a range of event IDs that begin with the ID number shown below.

DescriptionID
Credential Management256
User Management512
Secret Management768
Service Management1024
Password Manager1536
Credential Authentication2048
DNS Registration2304
Deployment4096
Windows Logon4864
Authentication Domain Management5632

Events are listed in tables under each category in the following sections. For each event, information is shown indicating where the event is logged (on the DigitalPersona Server or on a client workstation) and what level of logging an event is reported at. For example, if an event is shown as logged on the workstation (Wks) at the D (Details) level, it will not be written to the log unless the Detail level is specified in the Level of detail in event logs GPO setting governing that computer.

Note that error levels are inclusive, i.e. the Audit level includes all Error level messages, and the Details level includes all Audit and Error level messages.

Credential Management

Task Category: 256

These events may be generated during credentials management.

Event ID

Level

SrvrClnt
Failed to enroll credential 259 – A
Credential enrolled 260 – A
Failed to unenroll credential261A
Credential unenrolled262A
Failed to recover user record263E
Failure of user credential consistency check272E
Fingerprint credentials cache is cleared. User: <UserName>*277E
Duplicate fingerprint found**278E
Credential enrolled (Attended Enrollment)***281A
Failed to enroll credential (Attended Enrollment)***288E
Credential deleted (Attended Enrollment)***289A
Failed to delete credential (Attended Enrollment)***259E
Level: E = Error, A – Audit, Dt = Details

*This event is logged after fingerprints have been matched locally but not found on the server three times in a DigitalPersona then clears the client’s fingerprint credentials cache.

** Duplicate fingerprint found – After a fingerprint is enrolled, it may take up 5 minutes for the fingerprint to be added to the identification set. Therefore, a duplicate fingerprint enrolled within that 5 minute window may not trigger the Duplicate fingerprint found event. See additional details in the table on the next page and in the Fingerprint Adjudication and Deduplication chapter.

*** Events marked above as (Attended Enrollment) include a hidden TransactionId parameter in event parameters allowing tracking of a single attended enrollment activity.

Duplicate fingerprint found

This topic further defines the Duplicate Fingerprint found event listed in the above table. The Duplicate fingerprint found event includes the following details:

User, Fingerprint, Duplicate User, Duplicate fingerprint

Example:

Duplicate fingerprint found.

User: Engineering\JSmith Fingerprint: 3

Duplicate user: Sales\GBush Duplicate fingerprint: 9

The user’s fingerprints are enumerated as follows.


Finger                          #


Left pinky finger          0

Left ring finger             1

Left middle finger         2

Left index finger           3


 


Finger                          #


Left thumb                    4

Right thumb                  5

Right index finger         6

Right middle finger       7

Right ring finger           8

Right pinky finger         9


User Management

Task Category: 512

These events may be generated during user management, and during import and export of user enrollment data to a file.

Event ID

Level

SrvrClnt
Cannot update User Account Control Flags527E
User Account Control Flags were updated528A
User account was unlocked529A
User password was randomized530A
User added to the database531A
Cannot add User to the database532E
User deleted from the database533A
Cannot delete User from the database534E
User account was unlocked using Password Reset535AE
User record is created and opened for attended enrollment.537A
Cannot create user record for attended enrollment.*544E
User record is opened for attended enrollment.*545A
Cannot open user record for attended enrollment.*546E
User record is closed after attended enrollment.*547A
Cannot close user record after attended enrollment.*548E
User attribute is queried.549A
Failed to query a user attribute.550E
User attribute is updated.551A
Failed to update a user attribute.552E
User enrollment data is exported to a file.553A
Failed to export user enrollment data to a file.560 –E
 User enrollment data file is imported.561 – A
 Failed to import user enrollment data file.562 –E
 Failed to import user enrollment data record.563 E
E Level: E = Error, A – Audit, Dt = Details

*Events include a hidden TransactionId parameter in event parameters allowing tracking of a single attended enrollment

Secret Management

Task Category: 768

These events may be generated during Secret management.

Event ID

Level

SrvrClnt
Failure of %1 secure application data consistency check769EE
Failed to delete secure application data770EE
Secure application data deleted771AA
Failure to release secure application data772EE
Secure application data released773AA
Failure of secure application data signature check774EE
Failed to store secure application data775EE
Secure application data stored776AA
Failed to synchronize secure application data779E
Secure application data is synchronized780A
E Level: E = Error, A – Audit, Dt = Details

Service Management

Task Category: 1024

These events may be generated during the management of system operations.

Event ID

Level

SrvrClnt
Failed to start DigitalPersona Authentication Service 1029 E E
DigitalPersona Authentication Service started 1030 A A
DigitalPersona Authentication Service stopped1031AA
Failed to reset DigitalPersona Authentication Service configuration parameter1032 A A
DigitalPersona Authentication Service configuration parameter reset1033AA
Failed to update DigitalPersona Authentication Service configuration parameter1034AA
DigitalPersona Authentication Service configuration parameter updated1035AA
DNS registration of the server failed – Client workstations will not be able to locate the server.1041E
Removal of DNS record failed.1042E
Remote DNS server cannot be reached.1043E
No remote DNS servers available.1044E
Level: E = Error, A – Audit, Dt = Details

Password Manager

Task Category: 1536

These events are generated when personal or managed logons are used, or logon account data is modified.

 Event ID

Level

PersonalManaged
CRC check failure in %1.1548DtA
Logon created1549DtA
Logon modified1550DtA
Logon deleted1551DtA
Password change has been canceled by user1552DtDt
Fillin was performed1553DtA
Account data could not be modified1554EE
Account data was successfully modified.1555DtA
Account data was successfully entered.1556DtA
Account data was successfully deleted.1557DtA
Level: E = Error, A – Audit, Dt = Details

Credential Authentication

Task Category: 2048

These events may be generated during the authentication of credentials.

 Event ID

Level

SrvrClnt
Account is locked for fingerprint verification.2051E –
User account is locked.2053E –
Authentication failure.2054A –
Authenticated successfully.2055Dt –
User password was reset.2056Dt –
Failed to identify user.2057A –
User identified.2058Dt –
Level: E = Error, A – Audit, Dt = Details

DNS Registration

Task Category: 2304

These events may be generated during DNS registration.

 Event ID

Level

SrvrClnt
Registration of the server failed. (Clients will not be able to locate the server.)2306E –
Removal of DNS record failed.2307E –
Remote server cannot be reached.2308 E
No remote servers available.2309 E
Level: E = Error, A – Audit, Dt = Details

Deployment

Task Category: 4096

These events may be generated during license management operations.

 Event ID

Level

SrvrClnt
The service is licensed for %1 users. (No more users can be registered at this time because the license quota has been exceeded.)4097E –
The service is licensed for %1 users. (%2 users are already registered.%n The license quota is nearly exceeded.)4098A –
License activation status4104 –
Computer set to Standard mode.4105 A
User license uninstalled.4112 A
User license installed.4113 A
Failed to install user license(s).4114 E
Software installed.4130A –
Software uninstalled.4131A –
List of product(s):4145 –
Applications enabled.4146 –
Level: E = Error, A – Audit, Dt = Details

OTP Management

Task Category: 4358

These events may be generated during OTP management.

 Event ID

Level

SrvrClnt
PKSC file is imported.4359A
Hardware OTP token record is created.4361A
Level: E = Error, A – Audit, Dt = Details

Windows Logon                                              

Task Category: 4864

These events may be generated during Logon operations.

Credentials verified for logon4865-A

 Event ID

Level

SrvrClnt
Credentials verified for unlock4866A
Credentials verified for kiosk logon4867A
Credentials verified for kiosk unlock4868A
Computer locked4869A
User (%1) logged off4870A
Kiosk computer locked4871A
Kiosk user logged off4872A
There is a problem with the Kiosk Shared Account4873E
 Level: E = Error, A – Audit, Dt = Details

Authentication Domain Management

Task Category: 2048

These Status events may be generated at specified intervals by selecting Log Status events within the Level of detail in event logs setting. Status events provide information about the state of various policies on client computers.

 Event ID

Level

SrvrClnt
Logon Policy for Users (Status event)5649*
Logon Policy for Administrators (Status event) 5650* –
Session Policy for Users (Status event)5651*
Session Policy for Administrators (Status event)5652*
Logon Policy (Status event)5653*
Session Policy (Status event)5654*
Level: E = Error, A – Audit, Dt = Details
  • The logging of Status events is not enabled by default, and must be explicitly enabled by selecting the Log Status Events