Link to home
Create AccountLog in
Avatar of FCOA
FCOAFlag for United States of America

asked on

CertificateServicesClient-CertEnroll events filling event logs of Terminal Servers

We're encountering THOUSANDS of CertificateServicesClient-CertEnroll 64 & 65 events per day on our terminal servers (XenApp).

SURE, we can filter the view, but the massive number of routine events is filling the logs and kicking out more worthwhile events.  SURE, we could increase the size of the logs, but that would be a waste of space and lead to sluggish performance when viewing or filter logs.

Same issue described at http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/c1684a47-b1e7-46ae-a365-c776203892a2/

Anyone have any thoughts on disabling these two events?
Avatar of FCOA
FCOA
Flag of United States of America image

ASKER

PS- Incase anyone wants it, here's the XML to filter these events from the log:

<QueryList>
  <Query Id="0" Path="Application">
    <Select Path="Application">*</Select>
    <Suppress Path="Application">*[System[Provider[@Name='Microsoft-Windows-CertificateServicesClient-CertEnroll'] and ( (EventID &gt;= 64 and EventID &lt;= 65) )]]</Suppress>
  </Query>
</QueryList>
ASKER CERTIFIED SOLUTION
Avatar of FCOA
FCOA
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of FCOA

ASKER

No answer found.