Then in what case would I see events 5829. Is that only for non-windows based systems ?
Event ID 5829 is generated when a vulnerable connection is allowed during the initial deployment phase.
You can test from the client end from PowerShell
Test-ComputerSecureChannel
--please don't forget to Accept as answer if the reply is helpful--