Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 36885 Source: Schannel

When asking for client authentication, this server sends a list of trusted certificate authorities to the client. The client uses this list to choose a client certificate that is trusted by the server. Currently, this server trusts so many certificate authorities that the list has grown too long. This list has thus been truncated. The administrator of this machine should review the  certificate authorities trusted for client authentication and remove those that do not really need to be trusted.
See ME933430 for information about this event.
On Windows 2003 server with IIS, delete some of the trusted root certificates in the trusted root store for the machine that you are not using in your environment.

1. Add the Certificates snap-in to the Microsoft Management Console.

a. Click the Start button, click Run, type mmc, and click OK.
b. Click the File menu, and select Add\Remove Snap-in.
c. Click the Add button, then select the Certificates snap-in and click Add
d. Select Computer Account and click Next
e. Click Finish.
f. Click Close.
g. Click OK.

2. Expand Certificates (Local Computer).
3. Expand Trusted Root Certification Authorities.
4. Click on Certificates.
5. Backup and then delete trusted root certificates that you are not using in your environment.

NOTE: There are some root certificates that are required by Windows. See ME293781 to see the trusted root certificates that are required by Windows Server 2003, by Windows XP, and by Windows 2000.
Note In Windows Server 2003, the issuer list cannot be greater than 0x3000. When you update root certificates, the list of trusted CAs increases significantly in size and may cause the list to grow too long. The list then gets truncated and may cause problems with authorization. See ME931125 for details.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.