0

I'm receiving the two following errors every ~60 seconds on a Windows 2008R2 SP1 Server running SQL Server 2008R2:

First:

Log Name:      System
Source:        Schannel
Date:          5/25/2016 9:23:02 AM
Event ID:      36888
Task Category: None
Level:         Error
Keywords:      
User:          SYSTEM
Computer:      sql1.contoso.com
Description:
The following fatal alert was generated: 43. The internal error state is 552.

Second:

Log Name:      System
Source:        Schannel
Date:          5/25/2016 9:23:02 AM
Event ID:      36884
Task Category: None
Level:         Error
Keywords:      
User:          SYSTEM
Computer:      sql1.contoso.com
Description:
The certificate received from the remote server does not contain the expected name. 
It is therefore not possible to determine whether we are connecting to the correct server. 
The server name we were expecting is sql1. 
The SSL connection request has failed. The attached data contains the server certificate.

The server name in the second errors description is the same hostname as the FQDN in the Computer field.

Is the SSL Connection failure from sql1.contoso.com to another computer, from another computer to sql1.contoso.com, for from sql1.contoso.com to itself?

If there is another server involved, how can I determine which server is either the source or the target?

Any help on tracking down the source of the issue and a resolution is greatly appreciated.

Justin Russell
  • 111
  • 1
  • 6

1 Answers1

0

Did you try this?

https://support.microsoft.com/en-us/kb/2275950

It says: "... that there's a known bug on Windows 2008 r2 that can make valid certificates to be rejected.". Seems to fit the description of what's happening to you, doesn't it?

Pierre.Vriens
  • 1,159
  • 34
  • 15
  • 19
Zalomon
  • 101
  • 1
  • What does it say? – Pierre.Vriens Jun 06 '16 at 14:21
  • It says that there's a known bug on Windows 2008 r2 that can make valid certificates to be rejected, and it refers to a hotfix. – Zalomon Jun 06 '16 at 14:27
  • I did see this article, thank you. It doesn't match my scenario 100% because I don't see any operations failing with the message "The certificate's CN name does not match the passed value". The only indication of any issue is the event being logged; which is why I'm really trying to understand the error message better so that I can determine the machines involved. – Justin Russell Jun 06 '16 at 20:21
  • Are you getting a "server not operational" error? – Zalomon Jun 08 '16 at 09:03
  • Not that I'm aware of however; part of my question is how to determine the servers involved. The only indication of a problem is the error in the event viewer. – Justin Russell Jun 10 '16 at 20:46
  • Supposedly you won't need to determine the servers, they just need to have a certificate that validate the load balancer's URL. – Zalomon Jun 11 '16 at 11:37
  • You can find steps for troubleshooting certificate for SQL Server here: https://support.microsoft.com/en-ph/help/316898/how-to-enable-ssl-encryption-for-an-instance-of-sql-server-by-using-mi – Jozef Izso Feb 01 '19 at 16:19