locked
Schannel Fatal Alert Error 48

    Question

  • Hi,

    On my (Virtual) Windows 2008 R2 server (with exchange 2010) I have a lot of errors concerning

    Schannel (EventID 36887): The following fatal alert was received: 48

    I cant figure out was it is causing it or how to solve the problem

    Any help?

    Daniel

    Wednesday, March 24, 2010 11:25 PM

Answers

All replies

  • Hi,

    "Schannel" indicates this error was SSL/TLS problem. Did you configure SSL on this server? If so, please check your SSL settings. For your reference:

    Managing SSL for a Client Access Server
    http://technet.microsoft.com/en-us/library/bb310795.aspx

    How to Setup SSL on IIS 7
    http://learn.iis.net/page.aspx/144/how-to-setup-ssl-on-iis-7/

    Thanks.


    This posting is provided "AS IS" with no warranties, and confers no rights.
    Thursday, March 25, 2010 7:31 AM
  • Hi,

    "Schannel" indicates this error was SSL/TLS problem. Did you configure SSL on this server? If so, please check your SSL settings. For your reference:

    Managing SSL for a Client Access Server
    http://technet.microsoft.com/en-us/library/bb310795.aspx

    How to Setup SSL on IIS 7
    http://learn.iis.net/page.aspx/144/how-to-setup-ssl-on-iis-7/

    Thanks.


    This posting is provided "AS IS" with no warranties, and confers no rights.
    • Marked as answer by Dcoppee Wednesday, March 31, 2010 6:47 AM
    Thursday, March 25, 2010 7:32 AM
  • Hi Mervyn

    The error keeps on coming although I have the impression all certificates are in place

    Is there a way to view installed/enabled certificates?

     Or a better question woul dbe...can I find out for what service (or FQDN) I am missing a certificate

    I do have certificates in place for POP, IMAP, SMTP, IIS

    [PS] C:\Windows\system32>Get-ExchangeCertificate | fl

    AccessRules        :
    CertificateDomains : {webmail.etro.vub.ac.be, etroex10.etro.vub.ac.be, autodiscover.etro.vub.ac.be, mail.etro.vub.ac.be
                         }
    HasPrivateKey      : True
    IsSelfSigned       : False
    Issuer             : CN=ETROVUBCA, DC=etro, DC=vub, DC=ac, DC=be
    NotAfter           : 28/02/2011 20:01:10
    NotBefore          : 3/12/2009 17:52:41
    PublicKeySize      : 2048
    RootCAType         : Enterprise
    SerialNumber       : 3F577FF80000000004F3
    Services           : IMAP, POP, IIS, SMTP
    Status             : Valid
    Subject            : CN=webmail.etro.vub.ac.be, OU=ETRO, O=Vrije universiteit Brussel, L=Brussels, S=BE, C=BE
    Thumbprint         : 7C2E756365C6DA5007BFF30695322212C9DF73D2

     

    Thanks

     

    Daniel

     

     

    Wednesday, March 31, 2010 6:48 AM
  • Hi,

    Thank you for update. We can use MMC Certificate snap-in to view installed certificates. Run "MMC", click Add/Remove Snap-ins, choose Certificates, we have three choices, My user account, Service account, Computer account, to view IIS certificate, we need choose Service account, click Finish.

    You can choose the this event in Event Viewer, choose Copy and paste the detailed log here for research.

    Thanks. 


    This posting is provided "AS IS" with no warranties, and confers no rights.
    Thursday, April 01, 2010 2:12 AM
  • This is what is in de Event log for the error

    Log Name:      System
    Source:        Schannel
    Date:          1/04/2010 8:07:41
    Event ID:      36887
    Task Category: None
    Level:         Error
    Keywords:     
    User:          SYSTEM
    Computer:      etroex10.etro.vub.ac.be
    Description:
    The following fatal alert was received: 48.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Schannel" Guid="{1F678132-5938-4686-9FDC-C8FF68F15C85}" />
        <EventID>36887</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000000000</Keywords>
        <TimeCreated SystemTime="2010-04-01T06:07:41.058983600Z" />
        <EventRecordID>51014</EventRecordID>
        <Correlation />
        <Execution ProcessID="552" ThreadID="12260" />
        <Channel>System</Channel>
        <Computer>etroex10.etro.vub.ac.be</Computer>
        <Security UserID="S-1-5-18" />
      </System>
      <EventData>
        <Data Name="AlertDesc">48</Data>
      </EventData>
    </Event>

     

    After I select 'services' I have to choose from a long list of services (I looked at WWW, IMAP, ...) but besides the root certificate I don't seem to find any certificate that was installed from the exchange console

     

     

    Thursday, April 01, 2010 6:16 AM
  • Hi,

    It seems Event 36887 only relates to IIS. To find more detailed information, please refer to the article below to change the logging level to 0x0004.

    http://support.microsoft.com/kb/260729

    After collecting more information, you can save these events to evtx file and upload the file to Windows Live SkyDrive (http://www.skydrive.live.com/). If you would like other community member to analyze the report, you can paste the link here, if not, you can send the link to tfwst@microsoft.com.

    Please also try to disable SSL in IIS to test. What’s the result?

    Thanks. 


    This posting is provided "AS IS" with no warranties, and confers no rights.
    Friday, April 02, 2010 2:09 AM
  • Hi,

    I've set the loglevel to 7 (to include everything), restarted the server and collected some events (system log only) -> posted on Skydrive

    http://cid-adef50a0387068e5.skydrive.live.com/self.aspx/.Public/System%5E_logfiles%5E_schannel48Problem%5E_logLevel7.evtx

     

    Diabling the SSL checkbox didn't do much (outlook, OWA still worked): Strange

     

    Daniel

     

     

    Friday, April 02, 2010 12:32 PM
  •  

    From the Event log, we can find this error indeed occurs during the SSL negotiate process. But it’s still no clear which system component encounter this error. Please help to collect the information below:

    1. Could you please let us know how did you reproduce this error?
    2. What happened on client when this error occur?
    3. Could the client visit the server after this error?
    4. Also, when did the problem start to occur?
    5. Is there any change made on the server?

    Thanks.


    This posting is provided "AS IS" with no warranties, and confers no rights.
    Monday, April 05, 2010 2:41 AM
  • 1. The error occurs when an application called helpdesk (helpdesk pilot) accesses the mailbox associated with it. (Using POP)

    2. The client (application works) seems to be fine

    3.

    4. from day one we had exchange 2010 up and running

    5. Just installation (with the help of a Microsoft exchange consultant)

     

     

    Tuesday, April 06, 2010 5:14 PM
  • Hi Daniel,

    It looks like an Exchange configuration problem to me. I suggest you initial a new post in the Exchange support forum, they are the best resource for this kind of problem. Thank you for understanding.

    Exchange Server
    http://social.technet.microsoft.com/Forums/en/category/exchangeserver/

    For your information, you could check your settings based on the article below:

     Configuring TLS and SSL for POP3 and IMAP4 Access
    http://technet.microsoft.com/en-us/library/aa997149.aspx

     http://technet.microsoft.com/en-us/library/bb310795.aspx

    Regards


    This posting is provided "AS IS" with no warranties, and confers no rights.
    Wednesday, April 07, 2010 1:52 AM
  • Hey Mervyn,

     

    It's strange because POP does work but I'll check the exchange forums

    Thanks for all the assistence

    Daniel

     

    Wednesday, April 07, 2010 6:29 AM

  • Yes, it’s an odd problem. Hope Exchange experts could help to solve this error soon. If you have more questions in the future, you’re welcomed to this forum.

    Thanks.


    This posting is provided "AS IS" with no warranties, and confers no rights.
    Thursday, April 08, 2010 2:11 AM
  • I'm having the same problem with my Exchange 2010 servers.

    My log is filled with that Schannel error that does not say much.

    I'm running Exchange 2010 on 2008 R2. My certificates are issued by a Windows CA. The CRL is reachable and correct. The certificates also look correct to me.

    Everything works fine, but the error keeps coming.

     

    Friday, April 23, 2010 12:35 AM