Troubleshooting | Breached Password Protection Event Logging

Specops Breached Password Protection components log their operations to the Applications and Services Logs. 

Sentinel Service events

Event TypeIDDescription
Information1001Starting Service.
Information1002  Service Started.
Error1003Service failed to start.
Information1004Service is stopping.
Information1005Service was stopped.
Information1007Arbiter URLs have loaded.
Warning1008Service configuration could not be found. This means that password Breached Password Protection validation, if configured in a group policy, will not be performed.
Warning1009    Failed to load arbiter URLs.
Information1010Password set for user was breached, but user does not need to change it now.
Information1011Password set for user was breached, the user must change their password at next logon.
Warning1012The password set for the user was breached. Attempt to enforce password change at next logon failed.
Information1013Password set for the user was not breached.
Information1015  An error occurred on the Arbiter.
Warning1018Failed to delete queue file.
Warning1021Failed to read file from queue.
Warning1022Failed to deserialize file from queue.
Warning1023Failed to unprotect file from queue.
Warning1024  Failed to get decision from Arbiter.

Specops Arbiter events

Event TypeIDDescription
Information2001Service starting.
Information2002Service started.
Error2003Service failed to start
Information2004Service stopping.
Information2005Service stopped.
Information2006Custom control message sent to service.
Warning2008An email notification request was not sent for the user. The SPP Breached Password Protection policy settings for the GPO lacks a subject for the email notification.
Warning2009 An email notification request was not sent for the user. The SPP Breached Password Protection policy settings for the GPO lacks body text for the email notification.
Warning2010A text message notification request was not sent for the user. The SPP Breached Password Protection policy settings for the GPO lacks text message notification text.
Error2022An email notification failed to send for this email address. The server returned an error code and message.
Error2014Request to the Breached Password Protection API has failed.
Error2047Failed to start WebApiHost.
Information2048WebApiHost starting.
Error2049Unhandled error in WebApiHost application.