Windows Server 2008
--
Questions
--
Followers
Top Experts
Schannel error 70 on Exchange CAS and Mailbox servers
I noticed that my Exchange CAS and mailbox servers (running Exchange 2010 on Windows server 2008 R2) are filled with Schannel Event ID: 36887 errors (The following fatal alert was received: 70). I've read that these might be the cause of SSL errors; however, I've installed and run WireShark but don't see any SSL related errors. In the event log, the errors occur consistently at equal intervals every minute. Any ideas on what could be the cause of these errors? Here's a sample of one of the errors:
- System
- Provider
[ Name] Schannel
[ Guid] {xxxxxxx-xxxx-xxxx-xxxx-xx
EventID 36887
Version 0
Level 2
Task 0
Opcode 0
Keywords 0x8000000000000000
- TimeCreated
[ SystemTime] 2017-03-15T04:08:34.094792
EventRecordID 307600
Correlation
- Execution
[ ProcessID] 736
[ ThreadID] 788
Channel System
Computer EX2010-Mbox.domain.com
- Security
[ UserID] S-1-5-18
- EventData
AlertDesc 70
- System
- Provider
[ Name] Schannel
[ Guid] {xxxxxxx-xxxx-xxxx-xxxx-xx
EventID 36887
Version 0
Level 2
Task 0
Opcode 0
Keywords 0x8000000000000000
- TimeCreated
[ SystemTime] 2017-03-15T04:08:34.094792
EventRecordID 307600
Correlation
- Execution
[ ProcessID] 736
[ ThreadID] 788
Channel System
Computer EX2010-Mbox.domain.com
- Security
[ UserID] S-1-5-18
- EventData
AlertDesc 70
Zero AI Policy
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
it seem the issue with Client Device and Server communcation. you need to further check events on the server for any Device connection issues.
ASKER CERTIFIED SOLUTION
membership
Log in or create a free account to see answer.
Signing up is free and takes 30 seconds. No credit card required.
The user ID of S-1-5-18 corresponds to a local system account, and the process ID of 736 points to SamSs (security Accounts Manager).
The user ID listed is a local system account, which narrows down the devices. Using wireshark, I was able to find the culprit searching for all traffic instead of just SSL.
EARN REWARDS FOR ASKING, ANSWERING, AND MORE.
Earn free swag for participating on the platform.
Windows Server 2008
--
Questions
--
Followers
Top Experts
Windows Server 2008 and Windows Server 2008 R2, based on the Microsoft Vista codebase, is the last 32-bit server operating system released by Microsoft. It has a number of versions, including including Foundation, Standard, Enterprise, Datacenter, Web, HPC Server, Itanium and Storage; new features included server core installation and Hyper-V.