Sign in
 
HomeOnline20132010Interop ProgramsLibraryForumsGalleryLync Blogs
Note: Forums will be making significant UX changes to address key usability improvements surrounding search, discoverability and navigation. To learn more about these changes please visit the announcement which can be found HERE.
TechCenter >
Windows Eventlog Error Schannel 36884

Proposed Windows Eventlog Error Schannel 36884

  • Thursday, November 17, 2011 2:08 PM
     
     
    Sign In to Vote
    0

    Hi,

    i have three Enterprise Edition Frontend servers and they are logging an Windows System Eventlog Error 36884 (Schannel). The servers got certs from an internal CA and have all required SANs.

    Eventlog FrontendServer1:

    EventID: 0x00009014 (36884) - The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is FrontendServer2.asv.local. The SSL connection request has failed. The attached data contains the server certificate

    Eventlog FrontendServer2:

    EventID: 0x00009014 (36884) - The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is FrontendServer1.asv.local. The SSL connection request has failed. The attached data contains the server certificate.

    Eventlog FrontendServer3:

    EventID: 0x00009014 (36884) - The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is FrontendServer2.asv.local. The SSL connection request has failed. The attached data contains the server certificate.

    Are these errors Lync related? Any ideas?

    Kind regards

     

All Replies

  • Friday, November 18, 2011 11:52 AM
     
     
    Sign In to Vote
    0

    Hi,

    Please check the FE servers FQDN against the certificate Subject name of all 3 server. the FQDN and the certficate SN should be the same.

    Thamara.

     
  • Friday, November 18, 2011 1:34 PM
     
     
    Sign In to Vote
    0

    Hi Thamara,

    Subject name is the FE-Pool FQDN in alle FE certificates, all other names like Server-FQDN are alternative names.

    regards

     
  • Monday, November 21, 2011 5:54 AM
    Moderator
     
     Proposed
    Sign In to Vote
    0

    Hi,Woldgang,

    You also should have the pool FQDN in the SAN entries,you can check the certificate requirements for internal servers for Frontend pool certificates.

    If this not the cause,would you please elaborate more on your scenario?The Lync Active Dirctory topology?Any other error message about Lync services?Are there any Lync features or functions not available?

    Here is a KB article about Schannel error 36884 just for your reference.

    http://support.microsoft.com/kb/2275950

    Regards,

    Sharon

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
     
  • Wednesday, November 23, 2011 3:17 AM
    Moderator
     
     
    Sign In to Vote
    0

    Hi,Wolfgang,

    Any updates here?

    Regards,

    Sharon

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
     
  • Wednesday, November 23, 2011 9:09 AM
     
     
    Sign In to Vote
    0

    Hi Sharon,

    the pool FQDN is also a SAN entry. There are no other errors and all features working.

    What other information do you need?

    Regards

     

     
  • Wednesday, November 23, 2011 9:17 AM
    Moderator
     
     
    Sign In to Vote
    0

    Hi,there,

    If you can provide more details with your Lync topology and other information such as  other error or warning messages in your event viewer,as well as any unavailable functions or features in Lync related to this schannel error it will be very appreciated.

    Regards,

    Sharon

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
     
  • Friday, September 07, 2012 11:41 AM
     
     
    Sign In to Vote
    1

    Hi Wolfgang,

    I realise this is an old case but as it has not been marked as answered it may still be relevant for other people.

    I've noticed if you have multiple certificates with similar but not identical details in the servers personal computer store it can generate an exception/event if the first certificate queried does not have a required detail like a missing Subject Alternate Name but the second one does.  Removing the offending cert solved this for me.

    Regards

    Dave

    Dave Reilly