Hi, we're experiencing a small issue with our Exchange 2013 system. At present we don't have a load balancer, so our firewall points directly to one our of Exchange servers. Whichever server is set as the recipient of email is bombarded by Schannel Errors (Event ID: 36887) and the following message:
"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 46."
It would seem this is one error message per received email. If I change the firewall to point to the other server the errors then start on that server.
I've read previous posts which point to having multiple certificates set up but only the current valid certificate is present. The only other certificates on the servers are:
- Microsoft Exchange Server Auth Certificate
- WMSVC
- Microsoft Exchange
These are the self signed ones that are created during installation, I'm assuming they're used internally still for various operations and should not be removed. None of them have our external URLs, but the 'Microsoft Exchange' one does contain the internal name of the server in the CertificatesDomains property.
This issue seems to have coincided with us moving to Mimecast, I've spoken to their support but they're certain it's our issue rather than something at their end. Mimecast do provide the ability to use strict TLS but we don't use this.
I'm aware of a registry setting existing that will stop the errors from appearing in the event log but I think I'd rather solve the issue rather than ignore it!
I'd appreciate any other suggestions, thanks.