Tag: No suitable default server credential exists

System Log – 36886 – No suitable default server credential exists on this system

I have a DC that has been getting theses errors every 25 minutes for some time now. They show up in DCDiag, which is why i was so concerned in the first place. These errors would indicate installing a CA is the way to go. That is th stupidest idea I have ever heard. You don’t install a component like a CA just to fix an error you don’t understand.

The long and short? The Loglogic application caused these and I don’t really know why. But packet sniffs bear it out.

Starting test: SystemLog
A warning event occurred. EventID: 0x00009016
Time Generated: 03/22/2020 06:51:59
Event String:
No suitable default server credential exists on this system. This will prevent server applications that expect to make use of the system default credentials from accepting SSL connections. An example of such an application is the directory server. Applications that manage their own credentials, such as the internet information server, are not affected by this.

With password being changed, I was afraid this was something that would impede logins. But, testing showed logins ok. After digging more, I found that this specific error also shows in event viewer.

More research showed that the error can indicate the lack of a Certification Authority in the AD. This is not the case here. PPS has never had a CA and never have gotten these errors in the recent past. In EV, it shows as a 36886 SChannel error.

This google shows what you get when you look for this error

https://www.google.com/search?sxsrf=ALeKk01nduu3JQaXE94nb65mI86_t6BT_A%3A1584904413146&ei=3bh3Xpi8CIi6tQaDoLyABA&q=36886+schannel+error+no+suitable+default+server+credential&oq=36886+schannel+error+no+suitable+default+server+credential&gs_l=psy-ab.12…0.0..15680…0.0..0.0.0…….0……gws-wiz.LxpeToLm2K0&ved=0ahUKEwjYnrGE5a7oAhUIXc0KHQMQD0AQ4dUDCAs

Extensive research did not show any other possibilities so wireshark was employed to determine what the issue is. Analysis showed that the server causing the issue is the Logic Monitor server, PPSMON01, a server which curiously will not back up. I did captures on PPSAD01, and PPSAD03. They show this RST event at the exact time the error occurs in EV on that server.

Since this is a physical Dell server, and older as well, I have updated the BIOS, Firmware, Chipset and other hardware components from Dell’s support downloads. Four updates total.

This did not fix the issue.

So now I know that the machine is MON01 but I don’t know what about it is doing that. All of the updates (especially BIOS and NIC firmware) did not have an expected result. To be sure, I went to MON01 (192.168.0.187) and stopped the service right before the event was expected to happen, about 25 minutes apart. It did not happen when the Loglogic services were stopped, so, something about Loglogic is causing this.