Event ID/Source search
Keyword searchExample: Windows cannot unload your registry file
Event ID: 36871 Source: Schannel
|Maintenance: Recommended maintenance tasks for Windows servers|
A fatal error occurred while creating an SSL server credential.
|English: Request a translation of the event description in plain English.|
|Concepts to understand:|
Why are some errors fatal?
What is Schannel?
|Our approach: This information is only available to subscribers. An example of Our approach|
In my case, I am using two servers: server 1 is an AD server with FSMO and server 2 is an Exchange server. If server 2 boots up before server 1, it will not establish Schannel and the Exchange server will have a problem. Solution: Make sure that the AD Server with FSMO is started up successfully and then boot up server 2.
From a newsgroup post: "In my case, this problem turned out to be caused by corrupt emails sitting in the queue. I removed all e-mails from the queue into a temporary folder, started the SMTP virtual server and things ran OK. I have added the formerly queued emails back into the queue and I removed any one that did not move".
Information on how to block open SMTP relaying and clean up Exchange Server SMTP queues in Windows Small Business Server can be found in ME324958.
According to Microsoft "This is an erroneous Event log entry. You can safely ignore this message. To prevent this Event log entry, you must assign a certificate to the SMTP site. "
May occur if an antivirus software is running during the installation of a service pack. See ME308601.
Some instances of this problem should be fixed by Windows 2000 Service Pack 2.
As per ME293101, this problem can occur because a fault in the SSL certificate has occurred while it is being exported from Microsoft Internet Information Server (IIS) or imported to ISA Server.
ME292296 says that this also may occur on IIS 5.0 when you import an SSL certificate in which the wrong cryptographic service provider (CSP) is chosen.
When I see this error it usually indicates that an Exchange server is having problems creating a secure channel to the DC. This may be indicated by mail sticking in the Directory Lookups queue.
To solve the problem, from a command prompt on the Exchange server use:
E.g. If you were in the Microsoft domain you would type:
NLTEST /SC_RESET:MICROSOFT (This will reset to another DC if there are problems)
NLTEST /SC_QUERY:MICROSOFT (This will display the current DC secure channel)
The problem still occurs after SP2 when the SMTP service processing an incoming EHLO command if no certificate is assigned to an SMTP site. See ME305088.
|Private comment: Subscribers only. See example of private comment|
|Links: Backup the SSL Certificate|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated