Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 36871 Source: Schannel

A fatal error occurred while creating an SSL server credential.
In my case, I am using two servers: server 1 is an AD server with FSMO and server 2 is an Exchange server. If server 2 boots up before server 1, it will not establish Schannel and the Exchange server will have a problem. Solution: Make sure that the AD Server with FSMO is started up successfully and then boot up server 2.
From a newsgroup post: "In my case, this problem turned out to be caused by corrupt emails sitting in the queue. I removed all e-mails from the queue into a temporary folder, started the SMTP virtual server and things ran OK. I have added the formerly queued emails back into the queue and I removed any one that did not move".
Information on how to block open SMTP relaying and clean up Exchange Server SMTP queues in Windows Small Business Server can be found in ME324958.
According to Microsoft "This is an erroneous Event log entry. You can safely ignore this message. To prevent this Event log entry, you must assign a certificate to the SMTP site. "
May occur if an antivirus software is running during the installation of a service pack. See ME308601.
Some instances of this problem should be fixed by Windows 2000 Service Pack 2.

As per ME293101, this problem can occur because a fault in the SSL certificate has occurred while it is being exported from Microsoft Internet Information Server (IIS) or imported to ISA Server.

ME292296 says that this also may occur on IIS 5.0 when you import an SSL certificate in which the wrong cryptographic service provider (CSP) is chosen.
When I see this error it usually indicates that an Exchange server is having problems creating a secure channel to the DC. This may be indicated by mail sticking in the Directory Lookups queue.
To solve the problem, from a command prompt on the Exchange server use:


E.g. If you were in the Microsoft domain you would type:
NLTEST /SC_RESET:MICROSOFT (This will reset to another DC if there are problems)
NLTEST /SC_QUERY:MICROSOFT (This will display the current DC secure channel)

The problem still occurs after SP2 when the SMTP service processing an incoming EHLO command if no certificate is assigned to an SMTP site. See ME305088.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.