none
Windows 2008 R2 - Source: Schannel, EventID: 36888, Task: lsass.exe

    Question

  • Hi,

     

    i have installed on the Windows Server 2008 R2 a Exchange 2010 and after i switch this Server to the front (OWA and Outlook Anywhere) i got every secound this error in the eventlog. i think this Problem must have a contact with IIS and RPC over HTTP or the OWA, but everything works fine, so i don't find a direct Problem, only the Eventlog will be flooded. 

    - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    - <System>
     <Provider Name="Schannel" Guid="{1F678132-5938-4686-9FDC-C8FF68F15C85}" /> 
     <EventID>36888</EventID> 
     <Version>0</Version> 
     <Level>2</Level> 
     <Task>0</Task> 
     <Opcode>0</Opcode> 
     <Keywords>0x8000000000000000</Keywords> 
     <TimeCreated SystemTime="2010-06-21T11:51:40.956846100Z" /> 
     <EventRecordID>4086</EventRecordID> 
     <Correlation /> 
     <Execution ProcessID="496" ThreadID="6304" /> 
     <Channel>System</Channel> 
     <Computer>EXCHANGE2010.domain.local</Computer> 
     <Security UserID="S-1-5-18" /> 
     </System>
    - <EventData>
     <Data Name="AlertDesc">10</Data> 
     <Data Name="ErrorState">1203</Data> 
     </EventData>
     </Event>

    kind regards

     

    Alex

    • Moved by Miles LiModerator Wednesday, June 30, 2010 9:22 AM (From:Windows Server 2008 R2 Networking)
    Monday, June 21, 2010 2:22 PM

All replies

  • Hello OPERATOR76,

    Typically, this error may result from an SSL/TLS problem.
     
    Please have a look at this thread:

    Schannel Fatal Alert Error 48
    http://social.technet.microsoft.com/Forums/en/windowsserver2008r2general/thread/74cfe52a-724e-4338-bd91-f2de99604523

    Best regards,
    Harry

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Monday, June 21, 2010 9:41 PM
  • Hello,

     

    i think the Problem can be the woldcard certificate for smtp, iss, pop and imap. the console told me, a wildcard certificate can not be used, so i use now the servercertificat itself and i'am waiting now for the next error in the eventlog, if there is no tomorrow i think i fixed it with this setting. 

    My Wildcard certificat looks like this:

    AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessR

                         ule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAcc

                         essRule}

    CertificateDomains : {*.xxxxx.com}

    HasPrivateKey      : True

    IsSelfSigned       : False

    Issuer             : OU=Equifax Secure Certificate Authority, O=Equifax, C=US

    NotAfter           : 28.03.2011 15:52:20

    NotBefore          : 27.12.2007 15:52:20

    PublicKeySize      : 1024

    RootCAType         : ThirdParty

    SerialNumber       : 011001

    Services           : IIS, SMTP

    Status             : Valid

    Subject            : CN=*.xxxxx.com, OU=IT, O=My Comany, L=xxxx, S=xxxx,

                         C=AT

    Thumbprint         : xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

    Thursday, June 24, 2010 4:06 PM
  • i have the same error allready and the change of the certificates doesn't help.
    Monday, June 28, 2010 8:35 AM
  • Signing into Lync connected to Office 365 causes the issue.  I reproduced the problem several times by exiting and then starting and by signing out and signing into Lync Online. The Process ID indicates LSASS.EXE but the problem is caused by Lync.

    Log Name:      System
    Source:        Schannel
    Date:          11/3/2012 2:48:34 PM
    Event ID:      36888
    Task Category: None
    Level:         Error
    Keywords:     
    User:          SYSTEM
    Computer:      Mitch-PC
    Description:
    A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Schannel" Guid="{1F678132-5938-4686-9FDC-C8FF68F15C85}" />
        <EventID>36888</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000000000</Keywords>
        <TimeCreated SystemTime="2012-11-03T20:48:34.424489500Z" />
        <EventRecordID>52839</EventRecordID>
        <Correlation />
        <Execution ProcessID="716" ThreadID="7500" />
        <Channel>System</Channel>
        <Computer>Mitch-PC</Computer>
        <Security UserID="S-1-5-18" />
      </System>
      <EventData>
        <Data Name="AlertDesc">10</Data>
        <Data Name="ErrorState">10</Data>
      </EventData>
    </Event>

    Saturday, November 03, 2012 8:50 PM