Error 36888 Lync
Contents |
two pools in two datacenters. The server deployment went without a hitch and we got everything up and running in no
Kb 2464556
time flat. However, we could not sign on with a Lync 2013 an tls 1.2 connection request was received from a remote client application but none of the cipher client to either pool. The client just complained it couldn't log on. Looking at the server event logs, we the following fatal alert was generated: 45. the internal error state is 552. saw numerous SChannel errors as below: Event ID: 36874 - TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the
A Fatal Alert Was Generated And Sent To The Remote Endpoint Server 2012
client application are supported by the server. The SSL connection request has failed. Event ID: 36888 - A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 1205. Looking around for solutions on the web, I came across
The Tls Protocol Defined Fatal Error Code Is 10
these two apparent gems: http://social.technet.microsoft.com/Forums/lync/en-US/41718327-203f-445f-8657-87b0a8545ead/lync-2013-client-signin-issue-with-lync-2013-server?forum=lyncprofile (Look towards the bottom for the answer) and http://www.logicspot.net/index.php?id=50 If you don't feel like reading the aforementioned links, the answer was to use Regedit to disable TLS 1.2 on the Lync front-ends. This was the solution provided by MS Support. Sure enough, doing that fixed the problem, but as noted in the links above, this broke Windows Update. To get Windows Update to work, you would have to remove the registry entry, restart the server, run Windows Update, re-add the registry entry and reboot the server once more. Since this was a brand-new Lync deployment on brand new Windows 2012 servers, I had a hard time believing this was the only fix for the problem. Since the problem was affecting two independent pools, I figured there must be some common feature shared between them causing the issue. After much flailing about, I turned my attention to the recently installed Windows Certificate Authority installation. Another consultant had installed a CA for the company in preparation for Lync. Comparing against known good installations, we noticed the signature hash a
Start here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about Stack Overflow the company Business Learn more about hiring developers the tls protocol defined fatal error code is 10. the windows schannel error state is 1203 or posting ads with us Server Fault Questions Tags Users Badges Unanswered Ask Question _ Server
Schannel 1203
Fault is a question and answer site for system and network administrators. Join them; it only takes a minute: Sign up Here's how it works: kb2975719 Anybody can ask a question Anybody can answer The best answers are voted up and rise to the top Lync & TLS: Event 36874 - how to handle? up vote 2 down vote favorite 1 Setting up a new Lync http://ucken.blogspot.com/2013/12/schannel-errors-on-lync-server.html 2013 install in the Company Network I got everything nearly working except Client Login. here seems to be a mismatch of capabilities or some Settings in the TLS area - Connection Fails, and I get quite a lot of Schannel Events 36874. EventData is:
all the Lync clientsstopped working.They are unable to verify the certificate from the server. I ran the Lync Server 2010 Deployment Wizard / Certificate Wizard and found an issue, I wish I wrote it down or http://www.networksteve.com/windows/topic.php/Lync_client_unable_to_receive_certificate_from_the_remote_server/?TopicId=64189&Posts=1 took a snapshot but I didn't, I re-ran the Certificate Wizard and now my default cert is Assigned and looks good. I tried the Lync client again but no go. I checked the Event logs on the client computer and received the following: EventID: 36888, Source: Schannel The following fatal alert was generated: 48. The internal error state is 552. EventID: 36882, Source: Schannel The certificate received from the remote server was fatal alert issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The SSL connection request has failed. The attached data contains the server certificate. All myclient computers are having this issue. I tried running a repair on the Lync client and also did an uninstall / install but didn't help. Then I decided to install the Lync client on the Lync server itself and fatal alert was it works great. Any advice is appreciated. Thanks in advance.& February 26th, 2015 12:33pm The certificate you assigned is either a self-signed or issued from a CA that the clients don't have the root cert for. The client works on the server because the Lync server trusted the issuing authority for that cert. If you open a web browser on one of the clients and go to your https//meet.domain.com url you'll see the same certificate issue. Free Windows Admin Tool Kit Click here and download it now February 26th, 2015 12:43pm Michael, That makes sense. So how do I give the clients the root cert? Thanks, February 26th, 2015 12:57pm The client must join domain or if it's workgroup, must have root CA in Trusted to allow client login on Lync. Free Windows Admin Tool Kit Click here and download it now February 26th, 2015 2:18pm Manual steps for importing the Root Cert: http://www.sqlservermart.com/HowTo/Windows_Import_Certificate.aspx February 26th, 2015 2:25pm Michael, I exported the LYNC-CA trusted root cert from my LYNC server and imported it to my client computer under Trusted Root Certification Authorities. I am still getting the same issue. I tried exported it as a DER encoded binary and Base-64 encoded but neither worked for me. Must be something else? Thanks, Free Windows Admin Tool Kit Cl