ADMX ingestion and large xml definition payload not captured completely

[okieselbach]

During trace sessions with large ADMX ingestion's, I couldn't see the complete ADMX xml definition in the SyncML stream. Maybe a buffer issue, but first try-and-error remediation with TraceEventSession buffer sizes didn't lead to any success. Maybe this is not an buffer issue... ...needs further investigation!

[okieselbach]

needs re-test, maybe new package dependencies solved this issue in the meantime...

[okieselbach]

Regardless of buffer size, ETW cannot collect events larger than 64KB.

https://docs.microsoft.com/en-us/windows/win32/api/evntrace/ns-evntrace-event_trace_properties

So right now, there is no chance to extend the buffer to capture the complete event data... MDM policies wich often exceed the 64KB range are truncated and not rendered correctly anymore as the xml syntax is not valid due to the truncation somewhere in the middle of the data... :-(