Schannel error 70 on Exchange CAS and Mailbox servers

akyuen used Ask the Experts™
I noticed that my Exchange CAS and mailbox servers (running Exchange 2010 on Windows server 2008 R2) are filled with Schannel Event ID: 36887 errors (The following fatal alert was received: 70).  I've read that these might be the cause of SSL errors; however, I've installed and run WireShark but don't see any SSL related errors.  In the event log, the errors occur consistently at equal intervals every minute.  Any ideas on what could be the cause of these errors? Here's a sample of one of the errors:

- System

  - Provider

   [ Name]  Schannel
   [ Guid]  {xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx}
   EventID 36887
   Version 0
   Level 2
   Task 0
   Opcode 0
   Keywords 0x8000000000000000
  - TimeCreated

   [ SystemTime]  2017-03-15T04:08:34.094792700Z
   EventRecordID 307600
  - Execution

   [ ProcessID]  736
   [ ThreadID]  788
   Channel System
  - Security

   [ UserID]  S-1-5-18

- EventData

  AlertDesc 70
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Gaurav SinghSolutions Architect

it seem the issue with Client Device and Server communcation. you need to further check events on the server for any Device connection issues.
IT Engineer
Distinguished Expert 2017
It looks like profile or configuration error for user ID [ UserID]  S-1-5-18
Check who from your users has this ID and try create mail profile from scratch.


The user ID of S-1-5-18 corresponds to a local system account, and the process ID of 736 points to SamSs (security Accounts Manager).


The user ID listed is a local system account, which narrows down the devices.  Using wireshark, I was able to find the culprit searching for all traffic instead of just SSL.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial