Alex Manakov
asked on
Exchange system log spammed with schannel errors
After configuring a Hybrid Exchange environment, the system log of my onpremise Exchange server is constantly spammed (upto 10 errors every second) with schannel errors saying "A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 46." The errors are generated by lsass.exe. We also noted an increased CPU load caused by lsass.exe.
- System
- Provider
[ Name] Schannel
[ Guid] {1F678132-5938-4686-9FDC-C
EventID 36887
Version 0
Level 2
Task 0
Opcode 0
Keywords 0x8000000000000000
- TimeCreated
[ SystemTime] 2018-01-23T10:06:02.273160
EventRecordID 105008218
Correlation
- Execution
[ ProcessID] 564
[ ThreadID] 10744
Channel System
Computer MAIL1.mydomain.local
- Security
[ UserID] S-1-5-18
- EventData
AlertDesc 46
The difficulty is that our Exchange server is joined to a local domain, serves local and public mail addresses, and we currently only have a wildcard certificate for a public domain, which is used for SMTP and IIS services by Exchange.
Quick research in the internet says that the issue might be caused by the mail server trying to use this certificate for LDAPS, generating errors because the server FQDN is in a local domain.
Would be very gratefull if someone points me a way to make it working without purchasing a SAN certificate and disabling scannel logging (if there is such way)
- System
- Provider
[ Name] Schannel
[ Guid] {1F678132-5938-4686-9FDC-C
EventID 36887
Version 0
Level 2
Task 0
Opcode 0
Keywords 0x8000000000000000
- TimeCreated
[ SystemTime] 2018-01-23T10:06:02.273160
EventRecordID 105008218
Correlation
- Execution
[ ProcessID] 564
[ ThreadID] 10744
Channel System
Computer MAIL1.mydomain.local
- Security
[ UserID] S-1-5-18
- EventData
AlertDesc 46
The difficulty is that our Exchange server is joined to a local domain, serves local and public mail addresses, and we currently only have a wildcard certificate for a public domain, which is used for SMTP and IIS services by Exchange.
Quick research in the internet says that the issue might be caused by the mail server trying to use this certificate for LDAPS, generating errors because the server FQDN is in a local domain.
Would be very gratefull if someone points me a way to make it working without purchasing a SAN certificate and disabling scannel logging (if there is such way)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I have recommended this question be closed as follows:
Accept: ajohnson30 (https:#a42445401)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
seth2740
Experts-Exchange Cleanup Volunteer