locked
Exchange 2013 server showing SChannel error RRS feed

  • Question

  • Hi all.  Here is the story.  I've added a new DNS name to our existing Exchange UCC certificate, and as a result, I need to re-key the current certificate and then re-associate the Exchange services to this new certificate.  I've got two Exchange 2013 server in the network.  Not sure if this is a coincidence or not, since after I switched over to use the new certificate, I am seeing this error logged on the System log on both of the Exchange 2013 server, it logs few times within a minute, and thus my System log is all fill up by it.

    Lon Name: System
    Source: Schannel
    Event ID: 36887

    A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 46.

    Alert code 46 is related to certificate, but I've verified IIS and Exchange, they were using the new certificates (except the Exchange backend website, which is still bind to the default Microsoft Exchange certificate, which should be the default). 

    I am not having any Exchange service interruption in the meantime, just want to figure out how I can stop this.  Any suggestions is welcomed.  Thank you. 

    Thursday, June 2, 2016 2:40 PM

Answers

  • In my experience, those are just noise and not an indication of an actual issue,. I typically squelch:

    Set-itemproperty HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel -Name EventLogging -Value 0


    Blog:    Twitter:   

    • Proposed as answer by Niko.Cheng Friday, June 3, 2016 8:47 AM
    • Marked as answer by Niko.Cheng Saturday, June 25, 2016 8:16 AM
    Thursday, June 2, 2016 6:40 PM

All replies

  • In my experience, those are just noise and not an indication of an actual issue,. I typically squelch:

    Set-itemproperty HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel -Name EventLogging -Value 0


    Blog:    Twitter:   

    • Proposed as answer by Niko.Cheng Friday, June 3, 2016 8:47 AM
    • Marked as answer by Niko.Cheng Saturday, June 25, 2016 8:16 AM
    Thursday, June 2, 2016 6:40 PM
  • I guess just ignore them for now.  Thanks. 
    Tuesday, June 7, 2016 1:19 PM