Solved

Event ID:  36885 - Schannel

Posted on 2013-12-12
4
2,430 Views
Last Modified: 2013-12-18
My event system log is filling up with the following errors:

Log Name:      System
Source:        Schannel
Date:          12/12/2013 7:40:12 AM
Event ID:      36885
Task Category: None
Level:         Warning
Keywords:      
User:          SYSTEM
Computer:      SDCHM400.corp.birkeys.com
Description:
When asking for client authentication, this server sends a list of trusted certificate authorities to the client. The client uses this list to choose a client certificate that is trusted by the server. Currently, this server trusts so many certificate authorities that the list has grown too long. This list has thus been truncated. The administrator of this machine should review the certificate authorities trusted for client authentication and remove those that do not really need to be trusted.


One of the fixes is to go through the Trusted Root Certification Authorities and remove any hosts that are not needed.  How do I determine what hosts can be removed?  

Is there an alternative fix to this?  I have to be careful as the Exchange server certificates are installed on this machine.
0
Comment
Question by:rudnicke
  • 2
4 Comments
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 39715659
Any chance you're using Iphones and SBS (or a self signed cert?)
0
 

Author Comment

by:rudnicke
ID: 39716645
We are using iPhones but not SBS.  We did have a self signed cert in the beginning, but we now have a cert from Godaddy to handle Exchange access.
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 39716672
I see this all the time on my customers SBS servers where they are using Self Signed Certs.  Unfortunately the iPhone doesn't' require the phone to use SSL to make the connection to Exchange.  

If you're not getting complaints from users, I'd simply ignore it.
0
 
LVL 16

Accepted Solution

by:
cantoris earned 100 total points
ID: 39716768
This can be caused by installing the Trusted Roots Certificates updates on a server whereas it's only designed for clients.

If you look at the list of trusted roots you'll see all kinds of foreign ones you've never heard of.  If you're not visiting sites that are in those countries then those would seem a good place to start reducing the total number!
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many times while working on a computer regardless of any Operating System, lag and crashes seem to creep in, hindering your working speed. Sometimes, it can also cause your work to be lost unexpectedly and as a result, you are unable to meet your de…
It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.How it Works The attack works by targeti…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question