Hi folks. Im getting recurring strange Vista events reported in the system
log. Its occuring on each boot. I am unsure how to diagnose this further and
I would appreciate any help with it. The events are:

SSL Certificate Settings deleted for Port : 192.168.1.2:6331 .
SSL Certificate Settings created by an admin process for Port :
192.168.1.2:6331 .
SSL Certificate Settings deleted for Port : 255.255.255.255:6331 .
SSL Certificate Settings created by an admin process for Port :
255.255.255.255:6331 .
SSL Certificate Settings deleted for Port : 255.255.255.255:6331 .
SSL Certificate Settings created by an admin process for Port :
255.255.255.255:6331 .

I dont know what settings are changing and what admin process is doing it.
Could this be some sort of man in the middle ssl hack attempt?

What's the event id/source?

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *

"Bathrone" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi folks. Im getting recurring strange Vista events reported in the system
> log. Its occuring on each boot. I am unsure how to diagnose this further
> and I would appreciate any help with it. The events are:
>
> SSL Certificate Settings deleted for Port : 192.168.1.2:6331 .
> SSL Certificate Settings created by an admin process for Port :
> 192.168.1.2:6331 .
> SSL Certificate Settings deleted for Port : 255.255.255.255:6331 .
> SSL Certificate Settings created by an admin process for Port :
> 255.255.255.255:6331 .
> SSL Certificate Settings deleted for Port : 255.255.255.255:6331 .
> SSL Certificate Settings created by an admin process for Port :
> 255.255.255.255:6331 .
>
> I dont know what settings are changing and what admin process is doing it.
> Could this be some sort of man in the middle ssl hack attempt?

Thanks Svyatoslav for helping me. All six of the events that occur together
each time on boot have source: HttpEvent

The events that are "SSL Certificate Settings deleted for Port : nnnnnn" all
have the ID: 15300 and the events that are "SSL Certificate Settings created
by an admin process for Port : nnnnnnnnn" all have the ID: 15301

Having rebooted again I got the six usual events, but also two new error
level events:

"An error occured while using SSL configuration for socket address
192.168.1.2:6331. The error status code is contained within the returned
data." Source: HttpEvent ID: 15021

and

"An error occured while using SSL configuration for socket address
255.255.255.255:6331. The error status code is contained within the
returned data." Source: HttpEvent ID: 15021