Personally, I have a windows server 2008 R2 Enterprise and I am with many events in my server error, the problem à © that these events who are filling my server are generic, I have done research Go vacation and I can not find the solution § à £ o, need help. Following is the error message: The following fatal alert was raised: 20. The state of the internal error is 960. Log Name: System Source: Schannel Date: 31/05/2011 15:31:02 Identifying § à £ o Event: 36888 Task Category: None Do-able: Error Keywords: Username: SYSTEM Computer: dell610.cartorio.local Descriptions § à £ o: The following fatal alert was raised: 20. The state of the internal error à © 960. XML Event: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Schannel" Guid="{1F678132-5938-4686-9FDC-C8FF68F15C85}" /> <EventID> 36888 </ EventID> VERSION 0 </ Version> <level> 2 </ Level> <Task> 0 </ Task> <Opcode> 0 </ Opcode> <keywords> 0x8000000000000000 </ Keywords> <TimeCreated SystemTime="2011-05-31T18:31:02.356528300Z" /> <EventRecordID> 374968 </ EventRecordID> <Correlation /> <Execution ProcessID="580" ThreadID="5172" /> <channel> System </ Channel> <computer> dell610.cartorio.local </ Computer> <Security UserID="S-1-5-18" /> </ System> <EventData> <Date Name="AlertDesc"> 20 </ Date> <Date Name="ErrorState"> 960 </ Data> </ EventData> </ Event>MCP

Try enabling schannel loggin maybe it will contain more useful information. BTW. Do you have exchange 2007/2010 installed on that machine if yes the problem can be caused if you are using untrussted SSL certificate (for example from your own CA) and you are accessing for example OWA using Mozilla web browser (I had such issue, however it was with different AlertDesc) Enablinch schannel logging http://support.microsoft.com/kb/260729With kind regards Krystian Zieja http://www.projectnenvision.com Follow me on twitter My Blog

Hello, which roles/features are installed on the machine? Seems that it is CA? For starting see: http://social.technet.microsoft.com/Forums/en-US/windowsserver2008r2webtechnologies/thread/091a3222-641b-43a3-ae19-6cc238828950/Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

I got the answer below, but I can not find this configuration can someone help me? follows the response of the link that you gave me: "Thanks for the reply. I have resolved this issue - it turns in October there was something wrong That (cert corrupted or wrong type) with the cert I was using. In the process I discovered a great new feature of IIS 7 - if you do not want to muck around with getting a cert signed by an external provider, the IIS console has a handy little button - Generate self-signed cert. Give it a click, and presto! An SSL-enabled site! It's interesting That is the detail I was getting eventID 36888 (20 fatal alert, error state 960) turned up Basically the hits on Google. Hopefully this thread Will help people who encounter That error in the future. " Where is exactly the option "Generate self-signed cert. in IIS 7.0?MCP

open IIS Manager, click the server name on the left pane, on the middle pane click SSL Certificated, on right pane click "Create Self Signed Certificate"With kind regards Krystian Zieja http://www.projectnenvision.com Follow me on twitter My Blog

I have on my server certificate for use COMUNICATOR office, and did exactly the procedure that you wrote to me in the above post, but I'm still not solved the sameMCP

How did You find this related to the "hits from the Google"?rgds Sven

Check the local computer certificate store on the server for certificates that are about to expire or already have expired. Open mmc.exe Click File > Add/Remove Snap-In... Select Certificates and click Add Select Computer account and click Next Select Local Computer and click Finish Click OK Navigate to Certifcates (Local Computer)\Personal\Certificates Also verify if the certificate chain of all the certificates listed is still intact and not broken (no red X in the Certificate Path tab). This would make the certificate an untrusted one. If you identify a broken path, then continue with the same checks on the issuing CA certificate and check for an expired validity date. Check the eventlog for any warning or errors related to Certificate auto-enrollment. Error 13 and 15 from source AutoEnrollment are such errors.// Johann

I did what you said, and found several expired certificates. I have the OCS2007 that server that uses a local certificate authority. What must I do to extend these certificates?MCP

At this point you should double-check if these certificates are being used by OCS 2007. I'm not a expert to guide you where exactly to look up which certificates are being used by your OCS 2007 installation. But the properties on the Certificate Details tab should give you some indication on how the certificate is being used. See if the values in the following fields sound familiar to you: Subject Subject Alternative Name (often also referred as SAN) For OCS 2007/Lync Certificate related issues you might consider the following forum instead: http://social.technet.microsoft.com/Forums/en-us/ocscertificates/threads On the other hand, I would expect that in this situation, the OCS 2007 Server is logging additional errors in the Event Logs.// Johann