I have two computers inside an Active Directory domain (one of which is the secondary Domain Controller) which stopped logging Security events last March and April respectively.
Other Event Logs (Application, System) are up to date. I can generate Application events through command line and they show, I don't know how to generate Security events other than logging on and off, opening applications as Administrator. If I restart, stop or start the "Windows Event Log" service I can see the corresponding event in the Security Event Log but nothing else.
I already cleared the log, deleted the log file, restarted the services connected to lsass.exe with the exception of "Security Accounts Manager" which doesn't give me the option to. I assumed lsass.exe isn't working because as far as I understand it's the process in charge of writing to the Security Event Log.
From the task manager I right-clicked lsass.exe and "Analyze wait chain". It told me that lsass.exe was waiting on another process, ismserv.exe
I restarted its service "Intersite Messaging" but that solved nothing either.
I can't restart these machines yet, not until I get authorization (that is if I get it), I don't know how else to debug this problem.