Windows 2008 R2 - Source: Schannel, EventID: 36888, Task: lsass.exe
Hi,
i have installed on the Windows Server 2008 R2 a Exchange 2010 and after i switch this Server to the front (OWA and Outlook Anywhere) i got every secound this error in the eventlog. i think this Problem must have a contact with IIS and RPC over HTTP or the
OWA, but everything works fine, so i don't find a direct Problem, only the Eventlog will be flooded.
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Schannel" Guid="{1F678132-5938-4686-9FDC-C8FF68F15C85}" />
<EventID>36888</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2010-06-21T11:51:40.956846100Z" />
<EventRecordID>4086</EventRecordID>
<Correlation />
<Execution ProcessID="496" ThreadID="6304" />
<Channel>System</Channel>
<Computer>EXCHANGE2010.domain.local</Computer>
<Security UserID="S-1-5-18" />
</System>
- <EventData>
<Data Name="AlertDesc">10</Data>
<Data Name="ErrorState">1203</Data>
</EventData>
</Event>
kind regards
Alex
June 21st, 2010 5:22pm
Hello OPERATOR76,
Typically, this error may result from an SSL/TLS problem.
Please have a look at this thread:
Schannel Fatal Alert Error 48
http://social.technet.microsoft.com/Forums/en/windowsserver2008r2general/thread/74cfe52a-724e-4338-bd91-f2de99604523
Best regards,
Harry
This posting is provided "AS IS" with no warranties, and confers no rights.
Free Windows Admin Tool Kit Click here and download it now
June 22nd, 2010 12:41am
Hello,
i think the Problem can be the woldcard certificate for smtp, iss, pop and imap. the console told me, a wildcard certificate can not be used, so i use now the servercertificat itself and i'am waiting now for the next error in the eventlog, if there is no
tomorrow i think i fixed it with this setting.
My Wildcard certificat looks like this:
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessR
ule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAcc
essRule}
CertificateDomains : {*.xxxxx.com}
HasPrivateKey : True
IsSelfSigned : False
Issuer : OU=Equifax Secure Certificate Authority, O=Equifax, C=US
NotAfter : 28.03.2011 15:52:20
NotBefore : 27.12.2007 15:52:20
PublicKeySize : 1024
RootCAType : ThirdParty
SerialNumber : 011001
Services : IIS, SMTP
Status : Valid
Subject : CN=*.xxxxx.com, OU=IT, O=My Comany, L=xxxx, S=xxxx,
C=AT
Thumbprint : xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
June 24th, 2010 7:06pm
i have the same error allready and the change of the certificates doesn't help.
Free Windows Admin Tool Kit Click here and download it now
June 28th, 2010 11:35am