A client computer may not be able to authenticate to a Microsoft Windows Server 2003 domain controller or to a Microsoft Windows 2000 domain controller by using Lightweight Directory Access Protocol (LDAP) over a Security Sockets Layer (SSL) connection. The following event ID error message is logged to the system event log on the client computer:
Source: Schannel Category: None Event ID: 36876 Date: Date Time: Time User: N/A Computer: YourComputerName Description: The certificate received from the remote server has not validated correctly. The error code is 0x80090328. The SSL connection request has failed. The attached data contains the server certificate.
Error Code 0x80090328 = SEC_E_CERT_EXPIRED (Certificate is expired).
These symptoms occur even after the server receives a new certificate from the certification authority (CA) that replaces the expired certificate on the server.
Additionally, the System event log may also log the following event when the server side certificate fails:
Event ID: 36881 The certificate received from the remote server has expired. The SSL connection request has failed. The attached data contains the server certificate.
This issue occurs because LDAP caches the certificate on the server. Although the certificate has expired and the server receives a new certificate from a CA, the server uses the cached certificate. You must restart the server before the server uses the new certificate.
To work around this issue, restart the server after the server receives a new certificate from the CA.
For more information about how to troubleshoot similar event ID 37876 error messages, click the following article numbers to view the articles in the Microsoft Knowledge Base:
254610 System Event ID 36876 when using LDAP SSL query of the Active Directory
822406 Clients cannot authenticate with a server after you obtain a new certificate to replace an expired certificate on the server
Microsoft Windows Server 2003, Enterprise Edition (32-bit x86), Microsoft Windows Server 2003, Standard Edition (32-bit x86), Microsoft Windows XP Professional, Microsoft Windows XP Home Edition, Microsoft Windows 2000 Server, Microsoft Windows 2000 Advanced Server, Microsoft Windows 2000 Professional Edition