Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Tuesday, September 18, 2018 9:40 PM
On a 2012 R2 server running Exchange 2016 I'm getting the following event error:
Source: Schannel
Category: None
Event ID: 36887
User (If Applicable): NT AUTHORITY\SYSTEM
Computer: exchange2016.domain.com
Event Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 46.
Event Log Name: System
Event Log Type: error
I have done a packet capture with Microsoft Message Analyzer when the errors occurred, but I don't see any issues. I may just not know what to look for though. It happens five time each hour on almost the same minute mark. I am not sure when it started as the log only goes back a few days. Some direction would be greatly appreciated.
Thanks in advanced!!!
All replies (5)
Wednesday, September 19, 2018 8:07 AM
Hi David-Mac,
From this article, we can know this alert is related with the certificate that you used:
So, I would suggest you have a check the certificate in your environment, please make sure they are valid.
By the way, there have a thread which similar to your problem, it make be useful to you.
Regards,
Kyle Xu
Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact [email protected].
Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.
Wednesday, September 19, 2018 3:55 PM
Thanks for the reply. I ran a Get-ReceiveConnector and saw the TlsCertificateName was blank for the receive connector. I followed the article and now there is a name for the receive connector but still the event viewer errors. The TlsCertificateName = <I>CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US<S>CN=*.mydomian.com, OU=Domain Control Validated Is that correct? What else can I look for?
Thanks so very much!!!
Friday, September 21, 2018 11:41 AM
Hi,
You can use command below to check the hostname and URL for services in your environment:
Get-OutlookAnywhere | Select Server,InternalHostName,ExternalHostName
Get-MAPIVirtualDirectory | Select Server,InternalURL,ExternalURL
Get-OABVirtualDirectory | Select Server,InternalURL,ExternalURL
Get-WebServicesVirtualDirectory | Select Server,InternalURL,ExternalURL
Get-ClientAccessServer | Select Name,AutoDiscoverServiceInternalUri
Get-OWAVirtualDirectory | Select Server,InternalURL,ExternalURL
Get-ECPVirtualDirectory | Select Server,InternalURL,ExternalURL
Get-ActiveSyncVirtualDirectory | Select Server,InternalURL,ExternalURL
Get-PowerShellVirtualDirectory | Select Server,InternalURL,ExternalURL
Then you can use command below to check whether your certificate contains those records and whether be assigned services successfully:
Get-ExchangeCertificate | fl Subject,CertificateDomains,Services,Status
Regards,
Kyle Xu
Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact [email protected].
Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.
Friday, September 21, 2018 8:03 PM
As far as I can tell all services have an appropriate certificate assigned to it. What is a good way to verify what certificate is being presented from pop and imap? I cant really use the Microsoft Connectivity Analyzer because my servers are behind a hardware load balancer.
Thanks again !!
Monday, October 1, 2018 1:55 PM
Any ideas anyone ?
Thanks