Link to home
Start Free TrialLog in
Avatar of Jon Brelie
Jon BrelieFlag for United States of America

asked on

Server 2008 R2 Terminal server rejecting ALL certificates as invalid

I have a 2008r2 Terminal server that is categorically rejecting ANY certificate it encounters.  Certs that I know for certain are valid.  Everything I can find is related to specific applications, but this is happening across all browsers, and every application that uses SSL.  Malware scans come up clean.  I reset the security providers using IISCrypto (https://www.nartac.com/Products/IISCrypto/), mostly out of desperation.

I'm nearly ready to roll this system back, but I'm not certain of when the behavior started.

The eventviewer is full of Event 36882 SChannel errors that state:
"The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The SSL connection request has failed. The attached data contains the server certificate."

Again, this is happening with every cert encountered by the system regardless of source or issuing CA.
Avatar of VB ITS
VB ITS
Flag of Australia image
First thing I'd check is to make sure the date and time is set correctly on the server.

Next step would be to re-synchronize the Trusted Root Certificates on your server as it sounds like something has happened to your Trusted Root CAs. Click on the Microsoft Fix it link on this page underneath For Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012 or Windows Server 2008 R2: http://support.microsoft.com/kb/931125
SOLUTION
Avatar of Jon Brelie
Jon Brelie
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Avatar of VB ITS
VB ITS
Flag of Australia image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Jon Brelie
Jon Brelie
Flag of United States of America image

ASKER

Well, it's been a few weeks and the steps taken above are still working.  I don't know if I'll have an issue with this system at a later date or not, but for now at least, it's easier to import certs from another system than it is to dig through thousands of updates to determine if one of them needs to be re-applied.

If it continues to be a problem, I will probably scrap the system and deploy a new one.  Thanks for your help.