Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 36872 Source: Schannel

Source
Level
Description
No suitable default server credential exists on this system. This will prevent server applications that expect to make use of the system default credentials from accepting SSL connections. An example of such an application is the directory server. Applications that manage their own credentials, such as the internet information server, are not affected by this.
Comments
 
For servers that are supposed to have an SSL certificate, if this message is recorded, the first recommended troubleshooting step is to verify if the certificate is valid.
EV100259 (Schannel 36872 or Schannel 36870 on a Domain Controller) provides a good description of this problem along with some suggestions on how to troubleshoot it.
As per ME261196: "This event is logged when a server application (for example, Active Directory) attempts to perform a Secure Sockets Layer (SSL) connection, but no server certificate is found. Server certificates are either enrolled for by hand or are automatically generated by the domain's enterprise Certificate Authority (CA). In domains where no enterprise CA exists, this is an expected event and you can safely ignore the message. "

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...