Solved

Event ID:  36885 - Schannel

Posted on 2013-12-12
4
2,524 Views
Last Modified: 2013-12-18
My event system log is filling up with the following errors:

Log Name:      System
Source:        Schannel
Date:          12/12/2013 7:40:12 AM
Event ID:      36885
Task Category: None
Level:         Warning
Keywords:      
User:          SYSTEM
Computer:      SDCHM400.corp.birkeys.com
Description:
When asking for client authentication, this server sends a list of trusted certificate authorities to the client. The client uses this list to choose a client certificate that is trusted by the server. Currently, this server trusts so many certificate authorities that the list has grown too long. This list has thus been truncated. The administrator of this machine should review the certificate authorities trusted for client authentication and remove those that do not really need to be trusted.


One of the fixes is to go through the Trusted Root Certification Authorities and remove any hosts that are not needed.  How do I determine what hosts can be removed?  

Is there an alternative fix to this?  I have to be careful as the Exchange server certificates are installed on this machine.
0
Comment
Question by:rudnicke
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 39715659
Any chance you're using Iphones and SBS (or a self signed cert?)
0
 

Author Comment

by:rudnicke
ID: 39716645
We are using iPhones but not SBS.  We did have a self signed cert in the beginning, but we now have a cert from Godaddy to handle Exchange access.
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 39716672
I see this all the time on my customers SBS servers where they are using Self Signed Certs.  Unfortunately the iPhone doesn't' require the phone to use SSL to make the connection to Exchange.  

If you're not getting complaints from users, I'd simply ignore it.
0
 
LVL 16

Accepted Solution

by:
cantoris earned 100 total points
ID: 39716768
This can be caused by installing the Trusted Roots Certificates updates on a server whereas it's only designed for clients.

If you look at the list of trusted roots you'll see all kinds of foreign ones you've never heard of.  If you're not visiting sites that are in those countries then those would seem a good place to start reducing the total number!
0

Featured Post

The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes how to set permissions to allow a limited-permissions user to start and stop a particular System Service.   It is always best to give users only the permissions that they need to perform their job, so tweaking particular permi…
INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question