none
Windows Eventlog Error Schannel 36884

    Pertanyaan

  • Hi,

    i have three Enterprise Edition Frontend servers and they are logging an Windows System Eventlog Error 36884 (Schannel). The servers got certs from an internal CA and have all required SANs.

    Eventlog FrontendServer1:

    EventID: 0x00009014 (36884) - The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is FrontendServer2.asv.local. The SSL connection request has failed. The attached data contains the server certificate

    Eventlog FrontendServer2:

    EventID: 0x00009014 (36884) - The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is FrontendServer1.asv.local. The SSL connection request has failed. The attached data contains the server certificate.

    Eventlog FrontendServer3:

    EventID: 0x00009014 (36884) - The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is FrontendServer2.asv.local. The SSL connection request has failed. The attached data contains the server certificate.

    Are these errors Lync related? Any ideas?

    Kind regards

    17 Nopember 2011 14:08

Semua Balasan

  • Hi,

    Please check the FE servers FQDN against the certificate Subject name of all 3 server. the FQDN and the certficate SN should be the same.

    Thamara.

    18 Nopember 2011 11:52
  • Hi Thamara,

    Subject name is the FE-Pool FQDN in alle FE certificates, all other names like Server-FQDN are alternative names.

    regards

    18 Nopember 2011 13:34
  • Hi,Woldgang,

    You also should have the pool FQDN in the SAN entries,you can check the certificate requirements for internal servers for Frontend pool certificates.

    If this not the cause,would you please elaborate more on your scenario?The Lync Active Dirctory topology?Any other error message about Lync services?Are there any Lync features or functions not available?

    Here is a KB article about Schannel error 36884 just for your reference.

    http://support.microsoft.com/kb/2275950

    Regards,

    Sharon


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    21 Nopember 2011 5:54
    Moderator
  • Hi,Wolfgang,

    Any updates here?

    Regards,

    Sharon


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    23 Nopember 2011 3:17
    Moderator
  • Hi Sharon,

    the pool FQDN is also a SAN entry. There are no other errors and all features working.

    What other information do you need?

    Regards

     

    23 Nopember 2011 9:09
  • Hi,there,

    If you can provide more details with your Lync topology and other information such as  other error or warning messages in your event viewer,as well as any unavailable functions or features in Lync related to this schannel error it will be very appreciated.

    Regards,

    Sharon


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    23 Nopember 2011 9:17
    Moderator
  • Hi Wolfgang,

    I realise this is an old case but as it has not been marked as answered it may still be relevant for other people.

    I've noticed if you have multiple certificates with similar but not identical details in the servers personal computer store it can generate an exception/event if the first certificate queried does not have a required detail like a missing Subject Alternate Name but the second one does.  Removing the offending cert solved this for me.

    Regards

    Dave


    Dave Reilly

    07 September 2012 11:41