Masuk
 
AwalPerpustakaanWikiPelajariUnduhDukunganKomunitasForum
Resources for IT Professionals >
Windows Eventlog Error Schannel 36884

Proposed Answer Windows Eventlog Error Schannel 36884

  • 17 Nopember 2011 14:08
     
     
    Masuk untuk Memilih
    0

    Hi,

    i have three Enterprise Edition Frontend servers and they are logging an Windows System Eventlog Error 36884 (Schannel). The servers got certs from an internal CA and have all required SANs.

    Eventlog FrontendServer1:

    EventID: 0x00009014 (36884) - The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is FrontendServer2.asv.local. The SSL connection request has failed. The attached data contains the server certificate

    Eventlog FrontendServer2:

    EventID: 0x00009014 (36884) - The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is FrontendServer1.asv.local. The SSL connection request has failed. The attached data contains the server certificate.

    Eventlog FrontendServer3:

    EventID: 0x00009014 (36884) - The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is FrontendServer2.asv.local. The SSL connection request has failed. The attached data contains the server certificate.

    Are these errors Lync related? Any ideas?

    Kind regards

     

Semua Balasan

  • 18 Nopember 2011 11:52
     
     
    Masuk untuk Memilih
    0

    Hi,

    Please check the FE servers FQDN against the certificate Subject name of all 3 server. the FQDN and the certficate SN should be the same.

    Thamara.

     
  • 18 Nopember 2011 13:34
     
     
    Masuk untuk Memilih
    0

    Hi Thamara,

    Subject name is the FE-Pool FQDN in alle FE certificates, all other names like Server-FQDN are alternative names.

    regards

     
  • 21 Nopember 2011 5:54
    Moderator
     
     Saran Jawaban
    Masuk untuk Memilih
    0

    Hi,Woldgang,

    You also should have the pool FQDN in the SAN entries,you can check the certificate requirements for internal servers for Frontend pool certificates.

    If this not the cause,would you please elaborate more on your scenario?The Lync Active Dirctory topology?Any other error message about Lync services?Are there any Lync features or functions not available?

    Here is a KB article about Schannel error 36884 just for your reference.

    http://support.microsoft.com/kb/2275950

    Regards,

    Sharon

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
     
  • 23 Nopember 2011 3:17
    Moderator
     
     
    Masuk untuk Memilih
    0

    Hi,Wolfgang,

    Any updates here?

    Regards,

    Sharon

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
     
  • 23 Nopember 2011 9:09
     
     
    Masuk untuk Memilih
    0

    Hi Sharon,

    the pool FQDN is also a SAN entry. There are no other errors and all features working.

    What other information do you need?

    Regards

     

     
  • 23 Nopember 2011 9:17
    Moderator
     
     
    Masuk untuk Memilih
    0

    Hi,there,

    If you can provide more details with your Lync topology and other information such as  other error or warning messages in your event viewer,as well as any unavailable functions or features in Lync related to this schannel error it will be very appreciated.

    Regards,

    Sharon

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
     
  • 07 September 2012 11:41
     
     
    Masuk untuk Memilih
    1

    Hi Wolfgang,

    I realise this is an old case but as it has not been marked as answered it may still be relevant for other people.

    I've noticed if you have multiple certificates with similar but not identical details in the servers personal computer store it can generate an exception/event if the first certificate queried does not have a required detail like a missing Subject Alternate Name but the second one does.  Removing the offending cert solved this for me.

    Regards

    Dave

    Dave Reilly