Hi Team,
We have a cloud service hosted in Azure through VSO & we are getting following Security Log very aggressively.
Please let us know what this Event Id describes & how can we resolve this such that we won't get these events logged aggressively again.
Here is Event Id Details for your information:-
------------------------------------------------------------------------------------------------------------------------------------------
{54849625-5478-4994-A5BA-3E3B0328C30D} |
Microsoft-Windows-Security-Auditing |
5058 |
Security |
0 |
12292 |
Key file operation. Subject: Security ID: S-1-5-18 Account Name: RD0003FF61F511$ Account Domain: WORKGROUP Logon ID: 0x3E7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {1C3A7A2B-6D7A-4BAB-BADA-A444D085431F} Key Type: Machine key. Key File Operation Information: File Path: D:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\06aa7d6bbf51b94901c19f7afe3d9ea0_f04684e6-d147-49ca-b159-984fa865488b Operation: Read persisted key from file. Return Code: 0x0 |
<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-A5BA-3E3B0328C30D}'/><EventID>5058</EventID><Version>0</Version><Level>0</Level><Task>12292</Task><Opcode>0</Opcode><Keywords>0x8020000000000000</Keywords><TimeCreated SystemTime='2015-03-27T02:21:29.055257000Z'/><EventRecordID>3737</EventRecordID><Correlation/><Execution ProcessID='604' ThreadID='1732'/><Channel>Security</Channel><Computer>RD0003FF61F511</Computer><Security/></System><EventData><Data Name='SubjectUserSid'>S-1-5-18</Data><Data Name='SubjectUserName'>RD0003FF61F511$</Data><Data Name='SubjectDomainName'>WORKGROUP</Data><Data Name='SubjectLogonId'>0x3e7</Data><Data Name='ProviderName'>Microsoft Software Key Storage Provider</Data><Data Name='AlgorithmName'>UNKNOWN</Data><Data Name='KeyName'>{1C3A7A2B-6D7A-4BAB-BADA-A444D085431F}</Data><Data Name='KeyType'>%%2499</Data><Data Name='KeyFilePath'>D:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\06aa7d6bbf51b94901c19f7afe3d9ea0_f04684e6-d147-49ca-b159-984fa865488b</Data><Data Name='Operation'>%%2458</Data><Data Name='ReturnCode'>0x0</Data></EventData></Event> |
|
------------------------------------------------------------------------------------------------------------------------------------------
I have followed this article @ http://eventopedia.cloudapp.net/EventDetails.aspx?id=300ea4a0-321b-4e93-80a2-9f6277fe1498 ; but didn't get any useful information.
Thanks.