Whilst I understand why Microsoft might keep tightening up their servers to stop malware attacks, it would be very helpful if they could put some indication of when they are stopping these attacks into a sensible message in the event log.
I have spent 2 days trying to sort out an error on a development machine with the only pointer being NULL SID - brilliant and thank you Microsoft.