TLS/SSL connection fails with the Schannel event logged

Some customers may encounter one of these symptoms:

1. If you have an IIS web site, the HTTPS connection may fail.

2. If you are using IAS server to authenticate wireless clients, you find that the authentication fails.

3. If you have a Live Communications Sever, you may find that the TLS connection fails.

At the same time, you may find the following event on the server’s Event log:

 

Event Type: Warning
Event Source: Schannel
Event Category: None
Event ID: 36885
Date: date
Time: time
User:
Computer: COMPUTERNAME
Description: When asking for client authentication, this server sends a list of trusted certificate authorities to the client. The client uses this list to choose a client certificate that is trusted by the server. Currently, this server trusts so many certificate authorities that the list has grown too long. This list has thus been truncated. The administrator of this machine should review the certificate authorities trusted for client authentication and remove those that do not really need to be trusted.

 

When these happen, most likely there are too many entries in the trusted root certification list on the server. For this issue, please refer to the article below for the resolution:

933430 Clients cannot make connections if you require client certificates on a Web site or if you use IAS in Windows Server 2003

https://support.microsoft.com/default.aspx?scid=kb;EN-US;933430