We have recently installed our certificate servers and issued certificates to all domain computers and users. We have noticed that the Application event logs on all the user systems and terminal servers are getting flooded with events 64 and 65 that are informational only. I am trying to find a way to eliminate these useless events. I have tried looking for a GPO or something, but so far have been unable to come up with a solution Any help would be greatly appreciated. ================ Log Name: Application Source: Microsoft-Windows-CertificateServicesClient-CertEnroll Date: 9/19/2011 1:07:36 AM Event ID: 65 Task Category: None Level: Information Keywords: Classic User: SYSTEM Computer: MY_COMPUTER.MY_DOMAIN.com Description: Certificate enrollment for Local system is successfully authenticated by policy server {AC59B4C0-922A-4EBB-A387-D29C34207A9C} Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-CertificateServicesClient-CertEnroll" Guid="{54164045-7C50-4905-963F-E5BC1EEF0CCA}" EventSourceName="CertEnroll" /> <EventID Qualifiers="33370">65</EventID> <Version>0</Version> <Level>0</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2011-09-19T08:07:36.000000000Z" /> <EventRecordID>48478</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>Application</Channel> <Computer>MY_COMPUTER.MY_DOMAIN.com</Computer> <Security UserID="S-1-5-18" /> </System> <EventData> <Data Name="Context">Local system</Data> <Data Name="ServerURL">{AC59B4C0-922A-4EBB-A387-D29C34207A9C}</Data> </EventData> </Event> ======================= Log Name: Application Source: Microsoft-Windows-CertificateServicesClient-CertEnroll Date: 9/19/2011 1:07:31 AM Event ID: 64 Task Category: None Level: Information Keywords: Classic User: MY_DOMAIN\MY_USERNAME Computer: MY_COMPUTER.MY_DOMAIN.com Description: Certificate enrollment for MY_DOMAIN\MY_USERNAME successfully load policy from policy server {AC59B4C0-922A-4EBB-A387-D29C34207A9C} Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-CertificateServicesClient-CertEnroll" Guid="{54164045-7C50-4905-963F-E5BC1EEF0CCA}" EventSourceName="CertEnroll" /> <EventID Qualifiers="33370">64</EventID> <Version>0</Version> <Level>0</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2011-09-19T08:07:31.000000000Z" /> <EventRecordID>48477</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>Application</Channel> <Computer>MY_COMPUTER.MY_DOMAIN.com</Computer> <Security UserID="S-1-5-21-1085031214-1604221776-682003330-1193" /> </System> <EventData> <Data Name="Context">MY_DOMAIN\MY_USERNAME</Data> <Data Name="ServerID">{AC59B4C0-922A-4EBB-A387-D29C34207A9C}</Data> </EventData> </Event>

Hi, These event logs are just information logs and expected if you have certificate servers in your environment. This type of event only describes the successful operation of a task. It does not mean any warning or error. So we do not need to clean them. If there are too many events to check, you can use Event filter. Please refer to: Filter Displayed Events http://technet.microsoft.com/en-us/library/cc722058.aspx Thanks for your understanding. Regards, Bruce

Bruce, Thanks, but filtering is not an option. Flooding the Application Event Log is a serious problem. When I see thousands and thousands of these events on a large number of machines to a point where the entire log is consumed by this junk, it is a serious matter in an enterprise. These events serve no real purpose. They are just informational and it is information that I just do not want. I am looking for a way to eliminate their existence -- not a way to ignore them.

Bruce, Thanks, but filtering is not an option. Flooding the Application Event Log is a serious problem. When I see thousands and thousands of these events on a large number of machines to a point where the entire log is consumed by this junk, it is a serious matter in an enterprise. These events serve no real purpose. They are just informational and it is information that I just do not want. I am looking for a way to eliminate their existence -- not a way to ignore them.

You may not agree, but the existence of successful operation log entries are also an important part of troubleshooting. It helps to develop a baseline if warnings or errors occur.

You may not agree, but the existence of successful operation log entries are also an important part of troubleshooting. It helps to develop a baseline if warnings or errors occur.

I do agree that success and failure audit logs are important. But I want the ability to determine for my enterprise which ones I want and which ones I do not. If I make the decision that these two particular events are of no use, then I should have the ability to configure them to cease reporting into the event logs.

I do agree that success and failure audit logs are important. But I want the ability to determine for my enterprise which ones I want and which ones I do not. If I make the decision that these two particular events are of no use, then I should have the ability to configure them to cease reporting into the event logs.

Hello Steve, Did you got it resolved.? I am also having these events on one server. Sainyam Aggarwal MCTS

Hello Steve, Did you got it resolved.? I am also having these events on one server. Sainyam Aggarwal MCTS

Not yet -- we have a ticket open with Microsoft Tech Support. I will post the answer here when I get it.

Not yet -- we have a ticket open with Microsoft Tech Support. I will post the answer here when I get it.

Hello Steve, Is there any reaction from Microsoft Tech Support yet? I'd be interested in any outcome, since I have the exact same problem... Regards, Gerhard

Hello Steve, Is there any reaction from Microsoft Tech Support yet? I'd be interested in any outcome, since I have the exact same problem... Regards, Gerhard