- Remove From My Forums
-
Question
-
Hi,
I am suddenly getting below warning event in my AD server.
Please explain me why I am getting this error.
Event ID :- 36886
Source :- Schannel
Description :-
No suitable default server credential exists on this system. This will prevent server applications that expect to make use of the system default credentials from accepting SSL connections. An example of such an application is the directory server. Applications
that manage their own credentials, such as the internet information server, are not affected by this.
Answers
-
Hi,
This event occurs when a server attempt to make an SSL connection but no server certificate is found. In a domain where no enterprise CA exists, this event is normal and can be safely ignored.
or you can install a CA in the domain.
http://technet.microsoft.com/en-us/library/cc772393%28WS.10%29.aspxRef:
Event ID 36886…New DC
Best Regards,
Abhijit Waikar.
MCSA 2003 | MCSA:Messaging | MCTS | MCITP:Server Administrator | Microsoft Community Contributor |
My BlogDisclaimer: This posting is provided «AS IS» with no warranties or guarantees , and confers no rights.
-
Marked as answer by
Tuesday, April 24, 2012 8:41 AM
-
Marked as answer by
-
Best Regards,
Sandesh Dubey.
MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator |
My BlogDisclaimer: This posting is provided «AS IS» with no warranties or guarantees , and confers no rights.
-
Marked as answer by
Miya Yao
Tuesday, April 24, 2012 8:41 AM
-
Marked as answer by
Recently, we created a new child domain in the existing AD forest with two new Windows Server 2012 R2 domain controllers. The AD authentication and AD replication between DCs are working fine.
Today, we are trying to set up a third party app (Splunk) with the secure LDAP authentication to the child domain AD. The child domain DC servers are hardened to require signing on the LDAP server signing requirements policy.
However, we get an error “the connection reset by the peer” in the third party app’s LDAP connection test. On the DC server, there is a warning in System event — Event ID 36886 “No suitable default server credential exists on this system. …”
Troubleshooting
- According to MS KB321051, “The LDAPS certificate is located in the Local Computer’s Personal certificate store.”
Solution
- There are two ways to put the root CA cert back to the trusted root CA store.
- I can copy and paste the root CA cert from the intermediate cert store to the trusted root CA store.
- I download the CA certificate chain, open the root CA cert, and install it on the child DC server. Make sure specify the store location is the Local Machine and the Trusted Root Certification Authorities. The default automatic selection will place the root CA cert in the intermediate CA store again.
- Once the root CA cert is in the right store location, the child DC’s cert shows trusted. The LDAPS connection test in the third party app is successful.
Блядь. Купил ты себе сервер 
, установил на него «Windows serever 2019» развернул на нём КД, заходишь поглядеть в «журнал событий», а там куча предупреждений 
, установил на него «Windows serever 2019» развернул на нём КД, заходишь поглядеть в «журнал событий», а там куча предупреждений 
Читаешь ошибку и не понимаешь, чё за херня. Гуглишь. И находишь какую то поебень: У вас развёрнут сервер сертификации; Вам надо выдать сертификат компьютеру; У вас оборудование обращается
по «LDAPS»; Можете игнорировать эту ошибку… Да ну нахуй.
Если у вас ничего из перечисленного сверху не происходит, то открываем консоль «MMC» добавляем туда оснастку «Сертификаты компьютера»
и в разделе «Личные» смотрим — есть ли там сертификаты с «Назначение» «Проверка подлинности клиента». И вот если там есть такой сертификат и он выдан не этому компу (имя компьютера), будет такие
ошибки
предупреждения.
В моём случае этот сертификат добавило программное обеспечение компании «DELL» «The iDRAC Service Module».
Нда… Я пока забил на мониторинг ОС из «iDRAC» — удалив этот сертификат.
Неожиданно это всё конечно… 
I’m at a loss as to what is going on with my PDC and only my PDC. SDC doesn’t have any of these events showing up. The morning of 8/22 something happened or changed to cause these events to now overload my event viewer. I don’t know/remember what was done then but I’ve been searching around and can’t find any information on how to run this down.
The PDC is just that…nothing else is installed or set up…it is purely a PDC/DNS/DHCP
I get the following events twice every 15 seconds:
Log Name: System
Source: Schannel
Date: 9/8/2016 11:34:40 AM
Event ID: 36886
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: PDX-PDC-01.pbgnw.local
Description:
No suitable default server credential exists on this system. This will prevent server applications that expect to make use of the system default credentials from accepting SSL connections. An example of such an application is the directory server. Applications that manage their own credentials, such as the internet information server, are not affected by this.
Event Xml:
<Event xmlns=»http://schemas.microsoft.com/win/2004/08/events/event»> Opens a new window;
<System>
<Provider Name=»Schannel» Guid=»{1F678132-5938-4686-9FDC-C8FF68F15C85}» />
<EventID>36886</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime=»2016-09-08T18:34:40.172599700Z» />
<EventRecordID>483254</EventRecordID>
<Correlation />
<Execution ProcessID=»700″ ThreadID=»1680″ />
<Channel>System</Channel>
<Computer>PDX-PDC-01.pbgnw.local</Computer>
<Security UserID=»S-1-5-18″ />
</System>
<EventData>
</EventData>
</Event>
________________________________________________________
Log Name: System
Source: Schannel
Date: 9/8/2016 11:34:40 AM
Event ID: 36886
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: PDX-PDC-01.pbgnw.local
Description:
No suitable default server credential exists on this system. This will prevent server applications that expect to make use of the system default credentials from accepting SSL connections. An example of such an application is the directory server. Applications that manage their own credentials, such as the internet information server, are not affected by this.
Event Xml:
<Event xmlns=»http://schemas.microsoft.com/win/2004/08/events/event»> Opens a new window;
<System>
<Provider Name=»Schannel» Guid=»{1F678132-5938-4686-9FDC-C8FF68F15C85}» />
<EventID>36886</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime=»2016-09-08T18:34:40.172599700Z» />
<EventRecordID>483255</EventRecordID>
<Correlation />
<Execution ProcessID=»700″ ThreadID=»10672″ />
<Channel>System</Channel>
<Computer>PDX-PDC-01.pbgnw.local</Computer>
<Security UserID=»S-1-5-18″ />
</System>
<EventData>
</EventData>
</Event>
- Remove From My Forums
-
Question
-
Hello,
I replaced a current production 2008 R2 DC with a newly built 2012 DC. The DCPromo process worked fine, but now I see EventID 36886, Source: Schannel in my System eventlog. The Description says ‘No suitable default server credential
exists on this system. This will prevent server applications that expect to make use of the system default credentials from accepting SSL connections. An example of such an application is the directory server. Applications that manage their own credentials,
such as the internet information server, are not affected by this.So Im trying to understand what this means and the potential impact to my system. We do have a enterprise CA in this domain.
Is the message saying an app is trying to connect to AD with SSL but no server certificate exists? Will this cause an error in an app or AD? Can SSLDiag help me here to diagnose the issue? Im thinking I have to add a server certificate
on this new Server 2012 DC, correct?
Thanks for your help! SdeDot
-
Moved by
Monday, August 26, 2013 11:53 AM
-
Moved by