I have a client that keeps getting Event ID 36885 events in the System log. This is related to having too many Trusted Root CAs configured for the local computer. This is causing issues with Exchange. The server do have about 300 root CAs specified. When I remove a number of them, Exchange is happy. I don't know where these setting are coming from though. I looked through their GPOs and they only have two root ca's configured in a GPO. Local GPOs are empty. Where else could all of the trusted root CA settings be coming from? Thanks To clarify: This happens on Server 2003 R2 SP2 and 2008 R2 SP1. Is there a hotfix of some sort available?

yes, look at this http://support.microsoft.com/kb/931125

So Microsoft controls the update process, yet the update process creates too many Root CA entries. And Microsoft set the limit on the CA size.... That hurts my brain.

Are the 300 all public/external CAs? Maybe someone accidently published lots of internal CAs in AD? ;) Cheers JJJason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk