Skip to main content

Consistent Schannel Errors on Windows Logs


Event ID 36882: The Certificate Received From the Remote Server Was Issued By an Untrusted Certificate Authority.

Because authentication relies on digital certificates, certification authorities (CAs) such as Verisign or Active Directory Certificate Services are an important part of TLS/SSL. A CA is a mutually-trusted third party that confirms the identity of a certificate requestor (usually a user or computer), and then issues the requestor a certificate. The certificate binds the requestor’s identity to a public key. CAs also renew and revoke certificates as necessary. For example, if a client is presented with a server’s certificate, the client computer might try to match the server’s CA against the client’s list of trusted CAs. If the issuing CA is trusted, the client will verify that the certificate is authentic and has not been tampered with.

The Schannel provider creates the list of trusted certification authorities by searching the Trusted Root Certification Authorities store on the local computer. When Schannel detects a certificate that was issued by an untrusted certification authority, this error is logged.

The issue could be due to improper import of SSL CA.

Resolution : Re-import the certificate and monitor further.

 Fatal Error codes and description at : Error codes and descriptions
Labels:

Comments

Post a Comment

Popular posts from this blog

Active Directory in Windows

                                                                Active Directory in Windows  When a windows server is bought it comes with many capabilities like AD groups for security, IIS(Internet Information Services), ability to built own VPN and many more of which Active directories are created with a domain and the computers which access the network will be connecting to the domain controllers. Practically, there will be a cluster of domain controllers where data will be replicated all over the cluster.
Post a Comment
Read more

Internet.org

                                                        Internet.org Internet.org is a non-profitable oraganisation founded by facebook and six other companies to bring affordable access to internet services to less developed countries by increasing efficiency, and facilitating the development of new business models around the provision of Internet access. It has been criticized for violating net neutrality and favouring facebook's own services. An Indian journalist criticized it as" being just a Facebook proxy targeting India's poor" as it provides restricted Internet access to Reliance Telecom's subscribers in India.However, in early May 2015, Facebook announced that this platform would be opened to websites that met its criteria.           ...
Post a Comment
Read more

Tail Log Backups

Tail log backups capture the tail of the log even if the database is offline, damaged, or missing data files. This might cause incomplete metadata from the restore information commands and msdb. However, only the metadata is incomplete; the captured log is complete and usable. If a tail-log backup has incomplete metadata, in the backupset table, has_incomplete_metadata is set to 1. Also, in the output of RESTORE HEADERONLY, HasIncompleteMetadata is set to 1. To create a tail log backup, use below script BACKUP LOG [DB Name]    TO [TLog_Device_Location]      WITH NO_TRUNCATE;   GO Scenarios That Require a Tail-Log Backup If the database is online and you plan to perform a restore operation on the database, begin by backing up the tail of the log. To avoid an error for an online database, you must use the ... WITH NORECOVERY option of the BACKUP Transact-SQL statement. If a database is offline and fails to start and you need to res...
Post a Comment
Read more