RE: Event ID: 36870 - Schannel / cryptographic module
- From: v-stwang@xxxxxxxxxxxxxxxxxxxx (Steven Wang [MSFT])
- Date: Thu, 25 May 2006 09:29:51 GMT
Hi Ben,
Thank you for posting here.
If the certificate is not considered valid by the schannel provider, the
schannel provider will reject the cert if one of the following validation
problems exists:
1. The root to which the LDAPS / DC Cert is not trusted
2. The DC is not able to validate that the CA is trusted (cannot build a
trust chain)
3. The certificate is expired
4. The certificate is revoked
Please determine if the certificate is failing validation checking by using
certutil from Windows Server 2003 and correct the issues that certutil
reports (expired CRL, server isn't reachable on the network, CRL isn't
published to the location as expected, etc.)
For more information, please refer to the following article.
825061 Certificate Services Does Not Start After You Upgrade to Windows 2000
http://support.microsoft.com/?id=825061
Also, you may use the "dsstore -dcmon" command and look at a verbose
display. Then, correct the trust chain on the certificate that you are
using for schannel.
For more information about the Directory Services Store Tool, please refer
to the following article.
313197 HOW TO: Use the Directory Services Store Tool to Add a Non-Windows
2000
http://support.microsoft.com/?id=313197
Hope this helps. If anything is unclear or you have any concerns, please
feel free to post back. I am glad to be of assistance.
Best regards,
Steven Wang
Microsoft Online Support
--------------------
Reply-To: <benblackmore@xxxxxxxxxxxxxxxx>googled
From: <benblackmore@xxxxxxxxxxxxxxxx>
Subject: Event ID: 36870 - Schannel / cryptographic module
Date: Wed, 24 May 2006 12:05:33 +0100
Lines: 33
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.2869
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
X-RFC2646: Format=Flowed; Original
Message-ID: <Ogby7HyfGHA.3860@xxxxxxxxxxxxxxxxxxxx>
Newsgroups: microsoft.public.windows.server.general
NNTP-Posting-Host: host217-37-28-250.in-addr.btopenworld.com 217.37.28.250
Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP02.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.general:96738
X-Tomcat-NG: microsoft.public.windows.server.general
Hi,
I'm receiving the below error on our Windows 2003 server (sp1). I've
Microsoft support, but the closest KB is 331333 http://tinyurl.com/onz9cdomain
which isn't relevant to our problem, as we are not running an NT4 domain,
and the error code quoted (0x80090016) is different. The server is a
controller, running Exchange 2003, and Live Communication Server 2005.This
error occurs when restarting the LCS service, which is using a certificate
(web server template) for MTLS communication with Communicator Web Access,
(which isn't currently working).
Event Type: Error
Event Source: Schannel
Event Category: None
Event ID: 36870
Date: 24/05/2006
Time: 10:55:09
User: N/A
Computer: SVR02
Description:
A fatal error occurred when attempting to access the SSL client credential
private key. The error code returned from the cryptographic module is
0x8010002e.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Does anyone have any suggestions?
Cheers
Ben
.
- Follow-Ups:
- Re: Event ID:36870 - Schannel / cryptographic module
- From: benblackmore
- Re: Event ID: 36870 - Schannel / cryptographic module
- From: benblackmore
- Re: Event ID:36870 - Schannel / cryptographic module
- References:
- Event ID: 36870 - Schannel / cryptographic module
- From: benblackmore
- Event ID: 36870 - Schannel / cryptographic module
- Prev by Date: Re: adding a NIC on a win2k3 server
- Next by Date: Re: Event ID: 36870 - Schannel / cryptographic module
- Previous by thread: Event ID: 36870 - Schannel / cryptographic module
- Next by thread: Re: Event ID: 36870 - Schannel / cryptographic module
- Index(es):
Relevant Pages
|
