Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 36876 Source: Schannel

Source
Level
Description
The certificate received from the remote server has not validated correctly. The error code is <error code>.
Comments
 
I got this error on a Microsoft ISA Server. The Computer Certificate I had installed was from an Old CA "Fake Enterprise CA" where the new (working) CA was called "FakeCA" (I did not pick this up at first). I had to manually remove the Old Computer Certificate and remove the Old Trusted Root Certificate. Then, I also had to manually request a new computer certificate from the Root CA, but I could not do that as "Strict RPC Compliance" was enabled on the ISA Server. After removing this, I could request the new certificate and the problem was solved.
An attempt to make a secure Lightweight Directory Access Protocol (LDAP) connection may not work and may return a "SEC_E_CERT_UNKNOWN" response when you are using a valid certificate. When this occurs, this event is also logged. See ME288100 for a hotfix applicable to Microsoft Windows 2000 and Microsoft Windows NT.

This problem can occur because the domain controller continues to use the expired certificate until the domain controller restarts. See ME897721 for a hotfix applicable to Microsoft Windows 2000, and, ME917268 and ME932834 for two hotfixes applicable to Microsoft Windows Server 2003.
This problem was related to an incorrect certificate in use on our Exchange (OWA) box. The result was that we could not view and administer public folders using the Exchange System Manager. ME324345 from Microsoft solved the issue.
As per Microsoft: "This issue occurs because LDAP caches the certificate on the server. Although the certificate has expired and the server receives a new certificate from a CA, the server uses the cached certificate. You must restart the server before the server uses the new certificate. To work around this issue, restart the server after the server receives a new certificate from the CA". See ME839514 for more details.

As per Microsoft: "This issue may occur if all the following conditions are true:
1)The IAS or Routing and Remote Access server is a domain member, but automatic certificate requests functionality (autoenrollment) is not configured in the domain. Or, the IAS or Routing and Remote Access server is not a domain member.
2)You manually request and receive a new certificate for the IAS or Routing and Remote Access server.
3)You do not remove the expired certificate from the IAS or Routing and Remote Access server". See ME822406 to fix this problem.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...