Solved

Event ID:  36885 - Schannel

Posted on 2013-12-12
4
2,468 Views
Last Modified: 2013-12-18
My event system log is filling up with the following errors:

Log Name:      System
Source:        Schannel
Date:          12/12/2013 7:40:12 AM
Event ID:      36885
Task Category: None
Level:         Warning
Keywords:      
User:          SYSTEM
Computer:      SDCHM400.corp.birkeys.com
Description:
When asking for client authentication, this server sends a list of trusted certificate authorities to the client. The client uses this list to choose a client certificate that is trusted by the server. Currently, this server trusts so many certificate authorities that the list has grown too long. This list has thus been truncated. The administrator of this machine should review the certificate authorities trusted for client authentication and remove those that do not really need to be trusted.


One of the fixes is to go through the Trusted Root Certification Authorities and remove any hosts that are not needed.  How do I determine what hosts can be removed?  

Is there an alternative fix to this?  I have to be careful as the Exchange server certificates are installed on this machine.
0
Comment
Question by:rudnicke
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 39715659
Any chance you're using Iphones and SBS (or a self signed cert?)
0
 

Author Comment

by:rudnicke
ID: 39716645
We are using iPhones but not SBS.  We did have a self signed cert in the beginning, but we now have a cert from Godaddy to handle Exchange access.
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 39716672
I see this all the time on my customers SBS servers where they are using Self Signed Certs.  Unfortunately the iPhone doesn't' require the phone to use SSL to make the connection to Exchange.  

If you're not getting complaints from users, I'd simply ignore it.
0
 
LVL 16

Accepted Solution

by:
cantoris earned 100 total points
ID: 39716768
This can be caused by installing the Trusted Roots Certificates updates on a server whereas it's only designed for clients.

If you look at the list of trusted roots you'll see all kinds of foreign ones you've never heard of.  If you're not visiting sites that are in those countries then those would seem a good place to start reducing the total number!
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Exchange 2010, outlook 2010 and outlook 2007 7 47
SSAS,SSIS scaleout 3 52
Will DB Backup's  cleanup job will cause Paging ? 6 50
Hibernate on windows 10 18 173
Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
Many admins will agree: WSUS is is a nice invention but using it on the client side when updating a newly installed computer is still time consuming as you have to do several reboots and furthermore, the procedure of installing updates, rebooting an…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question