Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
|Maintenance: Recommended maintenance tasks for Windows servers|
The certificate received from the remote server has not validated correctly. The error code is <error code>.
|English: Request a translation of the event description in plain English.|
|Concepts to understand:|
What is Schannel?
I got this error on a Microsoft ISA Server. The Computer Certificate I had installed was from an Old CA "Fake Enterprise CA" where the new (working) CA was called "FakeCA" (I did not pick this up at first). I had to manually remove the Old Computer Certificate and remove the Old Trusted Root Certificate. Then, I also had to manually request a new computer certificate from the Root CA, but I could not do that as "Strict RPC Compliance" was enabled on the ISA Server. After removing this, I could request the new certificate and the problem was solved.
An attempt to make a secure Lightweight Directory Access Protocol (LDAP) connection may not work and may return a "SEC_E_CERT_UNKNOWN" response when you are using a valid certificate. When this occurs, this event is also logged. See ME288100 for a hotfix applicable to Microsoft Windows 2000 and Microsoft Windows NT.
This problem can occur because the domain controller continues to use the expired certificate until the domain controller restarts. See ME897721 for a hotfix applicable to Microsoft Windows 2000, and, ME917268 and ME932834 for two hotfixes applicable to Microsoft Windows Server 2003.
This problem was related to an incorrect certificate in use on our Exchange (OWA) box. The result was that we could not view and administer public folders using the Exchange System Manager. ME324345 from Microsoft solved the issue.
As per Microsoft: "This issue occurs because LDAP caches the certificate on the server. Although the certificate has expired and the server receives a new certificate from a CA, the server uses the cached certificate. You must restart the server before the server uses the new certificate. To work around this issue, restart the server after the server receives a new certificate from the CA". See ME839514 for more details.
As per Microsoft: "This issue may occur if all the following conditions are true:
1)The IAS or Routing and Remote Access server is a domain member, but automatic certificate requests functionality (autoenrollment) is not configured in the domain. Or, the IAS or Routing and Remote Access server is not a domain member.
2)You manually request and receive a new certificate for the IAS or Routing and Remote Access server.
3)You do not remove the expired certificate from the IAS or Routing and Remote Access server". See ME822406 to fix this problem.
|Private comment: Subscribers only. See example of private comment|
|Links: ME288100, ME324345, ME822406, ME839514, ME897721, ME917268, ME932834|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated