Vista x32 - Strange SSL System Events

  • Thread starter Thread starter Bathrone
  • Start date Start date
B

Bathrone

Guest
Hi folks. Im getting recurring strange Vista events reported in the system
log. Its occuring on each boot. I am unsure how to diagnose this further and
I would appreciate any help with it. The events are:

SSL Certificate Settings deleted for Port : 192.168.1.2:6331 .
SSL Certificate Settings created by an admin process for Port :
192.168.1.2:6331 .
SSL Certificate Settings deleted for Port : 255.255.255.255:6331 .
SSL Certificate Settings created by an admin process for Port :
255.255.255.255:6331 .
SSL Certificate Settings deleted for Port : 255.255.255.255:6331 .
SSL Certificate Settings created by an admin process for Port :
255.255.255.255:6331 .

I dont know what settings are changing and what admin process is doing it.
Could this be some sort of man in the middle ssl hack attempt?
 
Re: Vista x32 - Strange SSL System Events

What's the event id/source?

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *

"Bathrone" <nospam@world.net> wrote in message
news:O3CBtSv3HHA.2208@TK2MSFTNGP06.phx.gbl...
> Hi folks. Im getting recurring strange Vista events reported in the system
> log. Its occuring on each boot. I am unsure how to diagnose this further
> and I would appreciate any help with it. The events are:
>
> SSL Certificate Settings deleted for Port : 192.168.1.2:6331 .
> SSL Certificate Settings created by an admin process for Port :
> 192.168.1.2:6331 .
> SSL Certificate Settings deleted for Port : 255.255.255.255:6331 .
> SSL Certificate Settings created by an admin process for Port :
> 255.255.255.255:6331 .
> SSL Certificate Settings deleted for Port : 255.255.255.255:6331 .
> SSL Certificate Settings created by an admin process for Port :
> 255.255.255.255:6331 .
>
> I dont know what settings are changing and what admin process is doing it.
> Could this be some sort of man in the middle ssl hack attempt?
 
Re: Vista x32 - Strange SSL System Events

Thanks Svyatoslav for helping me. All six of the events that occur together
each time on boot have source: HttpEvent

The events that are "SSL Certificate Settings deleted for Port : nnnnnn" all
have the ID: 15300 and the events that are "SSL Certificate Settings created
by an admin process for Port : nnnnnnnnn" all have the ID: 15301
 
Re: Vista x32 - Strange SSL System Events

Having rebooted again I got the six usual events, but also two new error
level events:

"An error occured while using SSL configuration for socket address
192.168.1.2:6331. The error status code is contained within the returned
data." Source: HttpEvent ID: 15021

and

"An error occured while using SSL configuration for socket address
255.255.255.255:6331. The error status code is contained within the
returned data." Source: HttpEvent ID: 15021
 
Back
Top