On a primary Windows 2000 domain controller, we get an eventID 36872. What
is more serious is that as soon as we get that event, the SYSTEM eventviewer
ceases to write any more log messages! I have seen it go as long as 10
days with no new messages.

I obviously need to identify what in group policy or what service is causing
this behavior and stop the offensive program or setting. I can't have this
machine running without a system log.

The Microsoft Knowledge Base for this eventid says very little other than to
not worry about the error, but in this case I'm suspecting the error is a
symptom of something more serious.

http://support.microsoft.com/kb/261196

On a Windows 2000 domain controller, the following event may be logged in
the system log:
Event Type: Warning
Event Source: Schannel
Event Category: None
Event ID: 36872
Date: Date
Time: Time
User: N/A
Computer: computername
Description:
No suitable default server credential exists on this system. This will
prevent server applications that expect to make use of the system default
credentials from accepting SSL connections. An example of such an
application is the directory server. Applications that manage their own
credentials, such as the internet information server, are not affected by
this.
CAUSE
This event is logged when a server application (for example, Active
Directory) attempts to perform a Secure Sockets Layer (SSL) connection, but
no server certificate is found. Server certificates are either enrolled for
by hand or are automatically generated by the domain's enterprise
Certificate Authority (CA). In domains where no enterprise CA exists, this
is an expected event and you can safely ignore the message.



Does anyone have any ideas on what could be causing this? The behavior
started within the last month and could be related to some group policy
change.

--
Will