Error 36870
Contents |
(PFE) Platforms Ask the Core Team Cloud Platform Blogs Hybrid Cloud Microsoft the error code returned from the cryptographic module is 0x8009030d Azure Building Clouds Datacenter Management Hybrid Cloud Operations Management Suite
Event Id 36870 0x8009030d
(OMS) System Center Virtual Machine Manager System Center Service Manager System Center Operations Manager System Center
Event Id 36870 Schannel Windows 2012 R2
Orchestrator System Center Data Protection Manager Client Management System Center Configuration Manager Configuration Manager Team System Center Service Manager Malware Protection Center Microsoft Intune Server
"a Fatal Error Occurred When Attempting To Access The Tls Server Credential Private Key"
Update Services Enterprise Mobility Virtualization, VDI & Remote Desktop Virtualization Team Ben Armstrong's Virtualization Remote Desktop Services Ask the Core Team on Hyper-V Enterprise Mobility File & Storage & High Availability File & Storage Ask the Core Team on Failover Cluster Clustering & High Availability Windows Server Management PowerShell Hey Scripting Guy event 36870 schannel 10001 (PowerShell) Networking Identity, Access & Security Datacenter and Private Cloud Security Active Directory Enterprise Mobility Ask Directory Services Ask the Performance Team Blog Thoughts from the EPS Windows Server Performance Team RDP Fails with Event ID 1058 & Event 36870 with Remote Desktop Session Host Certificate & SSL Communication ★★★★★★★★★★★★★★★ October 22, 2014June 29, 2015 by Blake Morrison // 10 Comments 0 0 0 Hello AskPerf! Sanket here from the Windows Platforms team here to discuss an issue with Remote Desktop Services where RDP does not work when you try to connect from a remote machine. With that, let’s get started! I’m sure most of you have come across the following message when connecting to a machine via RDP: Remote Desktop Connection This computer can't connect to the remote computer. Try connecting again. If the problem continues, contact the owner of the remote computer or your network administrator. This is a gen
Analyzer Sample report Advanced filtering Direct links to www.eventid.net Email notifications Scheduled reporting Free for subscribers EventReader Event Viewer Sample report Custom views/filters Servers list, organized in groups Integration with EventID.Net Consolidated view for all logs Free for subscribers Event event id 1057 ID: 36870 Source: Schannel Source: Schannel Maintenance: Recommended maintenance tasks for Windows servers Type: the rd session host server has failed to create a new self signed certificate Error Description:A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module a fatal error occured when attempting to access the ssl server credential private key is 0xffffffff. English: This information is only available to subscribers. An example of English, please! Concepts to understand: Why are some errors fatal? What is Schannel? Comments: EventID.Net This event can be about a server certificate or https://blogs.technet.microsoft.com/askperf/2014/10/22/rdp-fails-with-event-id-1058-event-36870-with-remote-desktop-session-host-certificate-ssl-communication/ a client certificate and different error codes can be reported. One should pay attention to these details as they require a different troubleshooting approach. A Microsoft engineer provided the following suggestions: If the certificate is not considered valid by the schannel provider, the schannel provider will reject the cert if one of the following validation problems exists: 1. The root to which the LDAPS / DC Cert is not trusted 2. The DC is not http://www.eventid.net/display-eventid-36870-source-Schannel-eventno-1099-phase-1.htm able to validate that the CA is trusted (cannot build a trust chain) 3. The certificate is expired 4. The certificate is revoked Please determine if the certificate is failing validation checking by using certutil from Windows Server 2003 and correct the issues that certutil reports (expired CRL, server isn't reachable on the network, CRL isn't published to the location as expected, etc.) For more information, see ME825061 (Certificate Services Does Not Start After You Upgrade to Windows 2000). Also, you may use the "dsstore -dcmon" command and look at a verbose display. Then, correct the trust chain on the certificate that you are using for schannel. For more information about the Directory Services Store Tool, please refer to ME313197 (HOW TO: Use the Directory Services Store Tool to Add a Non-Windows 2000) * * * Error code: 0x80090016 - This error seems to indicate a permissions problem. Most of the newsgroup posts below were from Microsoft support engineers. From a newsgroup post: "I would suggest you export the cert out (with private key) then reimport again, or import to other machine, and export from there and import back to this machine. See ME232137 on import and export certificates and ME232136 on how to backup a server certificate in IIS 5.0. From another post: "Try going to the properties of the Docu
acting … weird. There were issues with the OWA site loading, and some bizarre event log messages regarding SChannel http://peter-kline.com/?p=87 errors. I began investigating these by opening the IIS console and looking at the bindings for HTTPS, which appeared good. And then I clicked OK … the server slowed http://lokna.no/?p=581 significantly (wrote thousands of messages to the event log), and then I received this message: A specified logon session does not exist. It may already have been terminated. (Exception event id from HRESULT: [...]) At this moment, IIS went down. Knowing this message can happen because of a certificate validity issue, I checked the certificates console and found the certificates showed valid, with private keys in place. The event log yielded Schannel #36870 messages reading: A fatal error occurred when attempting to access the SSL server credential private key. event id 36870 The error code returned from the cryptographic module is 0x8009030D. The internal error state is 10001. Some quick Google-fu yielded the potential that my private keys were missing, or had some access issues. There are many articles out there to deal with this, such as this one at MSDN or this MS KB Article. But it's a bit lacking for Server 2012. Here's some stuff to know: Some articles reference C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA, while others reference C:\Users\All Users\Application Data\Microsoft\Crypto\RSA. The one above references C:\ProgramData\Microsoft\Crypto\RSA. On Server 2012, these are all hard links to one another. I had issues making this fix without first stopping the Cryptographic Services service first. The article wants you to confirm that Administrators has Full Control of the MachineKeys folder, and that Everyone has the following individual permissions: - List Folder/Read Data, Read Attributes, Read Extended Attributes, Create Files/Write Data, Create Folders/Append Data, Write Attributes, Write Extended Attributes, Read Permissions None of the articles discuss inheritance. In my case, I had every one of the permission
windows update 2011.03.24 in Windows 2008 | 1 comment Problem After patching one of our SQL servers it was acting strange. Suddenly, the reporting services service refused to service https requests, and the SCOM monitoring agent refused to start. The error message from the reporting server website as reported by opera was “Secure connection: fatal error 552”. This could be translated to either “Requested file action aborted, storage allocation exceeded”, which is an FTP status code, or "552 - Unknown authentication service call-back", which is a more likely explanation. An examination of the event logs on the server revealed some certificate related messages from the SCOM agent: Log Name: Operations Manager Source: HealthService Date: 17.03.2011 17:26:55 Event ID: 7029 Task Category: Health Service Level: Error Keywords: Classic User: N/A Computer: ########## Description: The Health Service was detected that the private key for secure data processing has been removed or is invalid. The certificate and key will be regenerated. Log Name: Operations Manager Source: HealthService Date: 17.03.2011 17:26:55 Event ID: 7022 Task Category: Health Service Level: Error Keywords: Classic User: N/A Computer: ########## Description: The Health Service has downloaded secure configuration for management group ##########, and processing the configuration failed with error code Cannot find the certificate and private key for decryption.(0x8009200B). Log Name: Operations Manager Source: HealthService Date: 17.03.2011 17:26:55 Event ID: 1220 Task Category: Health Service Level: Error Keywords: Classic User: N/A Computer: ########## Description: Received configuration cannot be processed. Management group "##########". The error is Cannot find the certificate and private key for decryption.(0x8009200B). When we tried to restart the service, the following event occured: Log Name: Operations Manager Source: OpsMgr Connector Date: 23.03.2011 09:07:33 Event ID: 21021 Task Category: None Level: Error Keywords: Classic User: N/A Computer: ########## Description: No certificate could be loaded or created. This Health Service will not be able to communicate with other health services. Look for previous events in the event log for more detail. We also tried to assign a new HTTPS certificate to MSSQL Reporting services, which raised the following events: Log Name: System Source: Schannel Date: 23.03.2011 10:19:09 Event ID: 36870 Task Category: None Level: Error Keywords: Classic User: N/A Computer: ########## Description: A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptogra