In my case, I am using two servers: server 1 is an AD server with FSMO and server 2 is an Exchange server. If server 2 boots up before server 1, it will not establish Schannel and the Exchange server will have a problem. Solution: Make sure that the AD Server with FSMO is started up successfully and then boot up server 2.
From a newsgroup post: "In my case, this problem turned out to be caused by corrupt emails sitting in the queue. I removed all e-mails from the queue into a temporary folder, started the SMTP virtual server and things ran OK. I have added the formerly queued emails back into the queue and I removed any one that did not move".
Information on how to block open SMTP relaying and clean up Exchange Server SMTP queues in Windows Small Business Server can be found in ME324958
According to Microsoft "This is an erroneous Event log entry. You can safely ignore this message. To prevent this Event log entry, you must assign a certificate to the SMTP site. "
When I see this error it usually indicates that an Exchange server is having problems creating a secure channel to the DC. This may be indicated by mail sticking in the Directory Lookups queue.
To solve the problem, from a command prompt on the Exchange server use:
E.g. If you were in the Microsoft domain you would type:
NLTEST /SC_RESET:MICROSOFT (This will reset to another DC if there are problems)
NLTEST /SC_QUERY:MICROSOFT (This will display the current DC secure channel)
May occur if an antivirus software is running during the installation of a service pack. See ME308601
Some instances of this problem should be fixed by Windows 2000 Service Pack 2.
As per ME293101
, this problem can occur because a fault in the SSL certificate has occurred while it is being exported from Microsoft Internet Information Server (IIS) or imported to ISA Server.
says that this also may occur on IIS 5.0 when you import an SSL certificate in which the wrong cryptographic service provider (CSP) is chosen.
The problem still occurs after SP2 when the SMTP service processing an incoming EHLO command if no certificate is assigned to an SMTP site. See ME305088