Link to home
Start Free TrialLog in
Avatar of akyuen
akyuen

asked on

Schannel error 70 on Exchange CAS and Mailbox servers

I noticed that my Exchange CAS and mailbox servers (running Exchange 2010 on Windows server 2008 R2) are filled with Schannel Event ID: 36887 errors (The following fatal alert was received: 70).  I've read that these might be the cause of SSL errors; however, I've installed and run WireShark but don't see any SSL related errors.  In the event log, the errors occur consistently at equal intervals every minute.  Any ideas on what could be the cause of these errors? Here's a sample of one of the errors:

- System

  - Provider

   [ Name]  Schannel
   [ Guid]  {xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx}
 
   EventID 36887
 
   Version 0
 
   Level 2
 
   Task 0
 
   Opcode 0
 
   Keywords 0x8000000000000000
 
  - TimeCreated

   [ SystemTime]  2017-03-15T04:08:34.094792700Z
 
   EventRecordID 307600
 
   Correlation
 
  - Execution

   [ ProcessID]  736
   [ ThreadID]  788
 
   Channel System
 
   Computer EX2010-Mbox.domain.com
 
  - Security

   [ UserID]  S-1-5-18
 

- EventData

  AlertDesc 70
Avatar of Systech Admin
Systech Admin
Flag of India image

it seem the issue with Client Device and Server communcation. you need to further check events on the server for any Device connection issues.
ASKER CERTIFIED SOLUTION
Avatar of Tom Cieslik
Tom Cieslik
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of akyuen
akyuen

ASKER

The user ID of S-1-5-18 corresponds to a local system account, and the process ID of 736 points to SamSs (security Accounts Manager).
Avatar of akyuen

ASKER

The user ID listed is a local system account, which narrows down the devices.  Using wireshark, I was able to find the culprit searching for all traffic instead of just SSL.