Event log - Schannel Event ID 36888
Hi
I did a migration from SBS 2003 to SBS 2011 and all went smoothly. After migration I started to notice these errors popping up in the system log.
Schannel Event ID 36888 :"the following fatal alert was generated: 10. The internal error state is 1203."
I have scoured the forums and tried everything I could, from upgrading the sharepoint to checking exchange. It is not affecting the server performance in any noticeable manner but it is filling up the logs and I would rather know what is causing this other
then just suppressing the log?
It could be something mayor that I am missing
Hi Jean H. Marais,
Just additional. This error (Event ID 36888) occurs if a user tries to access a web site using HTTP but specifies
an SSL port in the URL. The internal error state 1203 indicates invalid ClientHello from the client.
Please refer to the similar thread and check if can help you.
Schannel error, Event ID 36888? - IS there a way to Identify what causes Schannel to log error?
http://social.technet.microsoft.com/Forums/windowsserver/en-US/4c5430f5-43f6-41b4-97d3-03cfb3efa70b/schannel-error-event-id-36888-is-there-a-way-to-identify-what-causes-schannel-to-log-error?forum=winserverDS
Regarding to enable/disable Schannel event logging in IIS, please refer to the next KB.
How to enable Schannel event logging in IIS
Hope this helps.
Best regards,
Justin Gu
Similar Messages
-
New install: Event Log - Schannel Event ID: 36888
I am in the process of setting up a Microsoft TMG server on a new Dell PowerEdge R610
I have installed Windows Server 2008 R2 Enterprise, Exchange 2010 Edge Transport Service, ForeFront 2010 for Exchange and finally TMG 2010 as per the TechNet TMG installation guides. All the latest updates have been applied including Exchange 2010 rollup 1.
Around the point at which I installed Exchange 2010, the system event log started filling up with the following entries:
Source: Schannel
Event ID: 36888
User: System
Message: The following fatal alert was generated: 10. The internal error state is 10.
TMG seems to be working correctly - proxy, web filtering, server publishing etc. However I can access any HTTPS websites from the TMG server, this seems to be causing problems with Windows Update/Forefront 2010 updates.
I have installed two SSL certificates - one was requested from our internal certificate server and I have Exchange enabled that certificate for SMTP. The other certificate is our public SSL certificate we use for website publishing - and ultimately SMTP but in case their were problems with the intermediate certificates I haven't yet enabled it for SMTP.
I'm having trouble finding any useful information about the Schannel error - can anyone help?
Thanks.[[Message: The following fatal alert was generated: 10. The internal error state is 10]]
A solution that worked for me is here:
http://answers.microsoft.com/en-us/windows/forum/windows_other-gaming/id-event-36888-shannel/a74b0512-e107-4753-bf79-aecf9d54d2af
Uncheck the TLS (transport layer security) options in Internet Explorer and check.
a. Open Internet Explorer and click on Tools.
b. Click on Internet Options and click on the advanced tab.
c. In Security, make sure that the TLS is not checked.
d. Click on Apply and then click Ok.
e. Now try to play the game and check.
For further support, I would suggest you to contact steam forums or EA (electronic arts) games.
www.forums.steampowered.com
www.forum.ea.com
Thank you and Regards.
Thahaseena M
Microsoft Answers Support Engineer.
Visit our Microsoft Answers Feedback Forum and
let us know what you think. -
The computer consistantly freezes for about one to two seconds over and over, making it difficult to navigate through web pages. I have looked at the Event log and this is the only consistent error that has taken place that falls in line with this
issue. I have tried changing the Security in Internet Explorer and tried every option for SSL and TLS and removed all history and cookies after each change, as well as restarting my computer, and still to no avail. Please help! Thank you.See the below:
http://social.technet.microsoft.com/Forums/en-US/67609e1a-ae35-48ef-a91a-a0b06992702f/windows-operating-system-version-61760117940-event-id-36888-event-source-schannel?forum=w7itproperf
http://social.technet.microsoft.com/Forums/en-US/eca5e2cb-28b2-4170-944b-c4c3ea7c8d72/event-id-36888-event-source-schannel?forum=winservergen
Rgds -
Event ID 36888 - Schannel - A fatal alert was generated and sent to the remote endpoint.
Exchange 2013: 2 x multi-role in one DAG - on-premise
Performing remote mailbox migration using internet (*non-exchange web-based tool*), to ship data from cloud Ex2010 server to Ex013 on-premise.
Have multiple failures when doing the mailbox data copy - my migration tool error code tells me that:
This error indicates that we were unable to authenticate to the source or destination mailbox and retrieve a list of folders when given 15
minutes to complete these operations. This may be because the source or destination is unusually slow, has a very large number of folders, or due to "hanging" networking calls.
Some mailboxes are copying, but around 80% are not. Checked all permissions and other factors.
I see in the System event log the following below:
Log Name: System
Source: Schannel
Date: 9/14/2013 2:14:53 PM
Event ID: 36888
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: server.domain.local
Description:
A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Schannel" Guid="{1F678132-5938-4686-9FDC-C8FF68F15C85}" />
<EventID>36888</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2013-09-14T20:14:53.699840000Z" />
<EventRecordID>135625</EventRecordID>
<Correlation />
<Execution ProcessID="544" ThreadID="17928" />
<Channel>System</Channel>
<Computer>server.domain.local</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="AlertDesc">10</Data>
<Data Name="ErrorState">1203</Data>
</EventData>
</Event>
Anyone seen this? - not much recording this error available for Ex2013.Hello,
Thank you for your post.
This is a quick note to let you know that we are performing research on this issue.
If you have feedback for TechNet Subscriber Support, contact
[email protected]
Simon Wu
TechNet Community Support
Hi Simon
I opened a SEV B case today. Appears to directly reflect the amount of load i put through, in terms of data being shipped with our migration tool. That tool is basically logging into each mailbox using a superuser account and populating
it with mail and calendar data form a source cloud mailbox. No fancy co-existence or online move requests.
All throttle policies are removed. Attempting to migrate more than 20 mailboxes at a time results in the System Event log being filled with the Schannel error above. Reducing the amount below this still shows the errors appearing, but not enough
to stop mailbox data being shipped and the migration tool suffering a stop error.
I will update the thread tomorrow when i speak with the engineer. Surprised noone has had any input so far.
I have the same problem, here is some data. I have two exchange profiles and the 2nd one stops logging in after this error starts. I have to reset the wireless connection and restart outlook to clear the situation.
Dave Ladouceur -
SChannel - Help with Error # 20 (Event ID # 36888)
Was hoping somebody could help me understand what's causing some SChannel error 20 events I'm seeing in system event logs.
Running Server 2008 R2 as IIS web servers, have a commercial wildcard SSL certificate in use on multiple sites and we use IIS Crypto's "best practice" settings.
Majority of our customers, monitoring apps and SSL labs report no issues with HTTPS, however we have one customer with a data-center hosted application which sometimes connects flawlessly, yet other times causes our server to generate fatal alert 20 and
reset the connection before it even reaches IIS.
Can't see any pattern to these issues and very little of the discussion online about error 20 seems to fit here as it mostly relates to invalid server certificates, low-level development with SSL or other "consistent HTTPS failure" scenarios while
ours is more intermittent.
Reading up on error 20 suggests it should be indicate a "bad record mac", where I'm reading the mac to be a checksum of the SSL message suggesting the message may be incomplete, altered or incorrectly signed -- but not being an expert on either
schannel or crypto I could be misunderstanding what this means.
Attempted to find more detail regarding the internal error state value, with very little luck.
Tried enabling SChannel logging for errors and warnings (3), but that's not provided any more detail before or after this event.
Right now I'm not entirely sure what's causing the problem which makes it even harder to look at solutions, so if you have any questions or need more detail let me know, will try and keep an eye on this for the next few days.
- T
Log Name: System
Source: Schannel
Date: [removed]
Event ID: 36888
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: [removed]
Description:
The following fatal alert was generated: 20. The internal error state is 960.Hi twrty,
This error can caused by many reasons, typically reason I experienced such as ,Incorrect certificate bind with HTTPS Port 443, enabled Cert Authentication wrong certificate
was used ,certificate on TMG server is revoked and has not validity, SSL handshake failures between client and server also can cause these events, please check all this above conditions and disable the port 443 related security of your firewall then monitor
again.
The similar thread:
Certificate Services - can't connect using SSL
https://social.technet.microsoft.com/forums/windowsserver/en-US/091a3222-641b-43a3-ae19-6cc238828950/certificate-services-cant-connect-using-ssl
Error schannel
https://social.technet.microsoft.com/Forums/windowsserver/en-US/dc661a87-d78a-4398-96d8-e3659d26f282/error-schannel
I’m glad to be of help to you!
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Exchange 2013 event ID 36888 SChannel error 12 and 1203
I am running Windows Server 2012 STD with Exchange 2013 installed on the same server. I know that Microsoft doesnt recommend to do this, but I had no choice. Errors are follow:
A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 12.
A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203.
- System
- Provider
[ Name] Schannel
[ Guid] {1F678132-5938-4686-9FDC-C8FF68F15C85}
EventID 36888
Version 0
Level 2
Task 0
Opcode 0
Keywords 0x8000000000000000
- TimeCreated
[ SystemTime] 2014-11-25T23:30:34.120233400Z
EventRecordID 121125
Correlation
- Execution
[ ProcessID] 1064
[ ThreadID] 20184
Channel System
Computer server
- Security
[ UserID] S-1-5-18
- EventData
AlertDesc 10
ErrorState 12
System
- Provider
[ Name] Schannel
[ Guid] {1F678132-5938-4686-9FDC-C8FF68F15C85}
EventID 36888
Version 0
Level 2
Task 0
Opcode 0
Keywords 0x8000000000000000
- TimeCreated
[ SystemTime] 2014-11-26T05:45:22.650086300Z
EventRecordID 121230
Correlation
- Execution
[ ProcessID] 1064
[ ThreadID] 45336
Channel System
Computer SERVER
- Security
[ UserID] S-1-5-18
- EventData
AlertDesc 10
ErrorState 1203
Process ID 1064 is Isass.exe
I found somewhere that error 1203 could be ignored, but nothing about error 12.
Server is running with selfsigned SAN certificate, hosted 2 exchange domains (10 mailboxes, 5 local, 5 linked for remote domain connected via external 2 way non transitive domain trust).
Thank you very much for any advise.
Regards,
Jan
ŠerýHi Jan,
Based on my research for the Event 36888, the issue may be caused by not standard or corrupted behavior of web browsers or users, such as user use HTTP protocol to access Exchange service which is a SSL site on port 443.
Please check whether there is a HTTP redirect configured in your IIS Manager of Exchange server. Also reset web browsers to have a try. Here are some similar thread for this issue:
https://social.technet.microsoft.com/Forums/forefront/en-US/92c63737-c2a3-41f7-8878-3b0cf5ee95ff/new-install-event-log-schannel-event-id-36888?forum=Forefrontedgegeneral
http://ficility.net/2013/10/21/exchange-2013-exchange-2010-windows-server-2012-schannel-event-id36888-1203-tlsssl-error-the-root-cause/
Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make
sure that you completely understand the risk before retrieving any suggestions from the above link.
Regards,
Winnie Liang
TechNet Community Support -
I have searched on TechNet as well as googled it. I have not found too much information as to what specifically is the issue here. I do know that Alert 51 has to do with TLS. I have adjusted the registry to enable logging for TLS 1.0 (client and server),
but do not know exactly the version Lync 2010 uses.
I have also removed an old certificate. This did eliminate an earlier Schannel error message. Yet, this particular one, 51 internal error state 1306, kept coming back.
Although I can disable the logging, I prefer to know what specifically is going on and what is generating this error message. Does anyone have any ideas?
TIA
Bluewe need the Operating System details and Lync client details
And the complete text for Event ID 36888 along with it XML details
Please remember, if you see a post that helped you please click ;Vote As Helpful" and if it answered your question please click "Mark As Answer" Regards Edwin Anthony Joseph -
Schannel event ID 36888 , alert 43, internal error state 252
When i go to certain sites in IE, i get the following error and IE reports that it could not connect to the site.
Any ideas where to start looking.
I'm running Windows 7 Pro X64 Sp1
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider
Name="Schannel"
Guid="{1F678132-5938-4686-9FDC-C8FF68F15C85}" />
<EventID>36888</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated
SystemTime="2012-12-03T21:55:46.193662500Z" />
<EventRecordID>26882</EventRecordID>
<Correlation
/>
<Execution
ProcessID="808" ThreadID="6052" />
<Channel>System</Channel>
<Computer>redearl-toy</Computer>
<Security
UserID="S-1-5-18" />
</System>
- <EventData>
<Data Name="AlertDesc">43</Data>
<Data Name="ErrorState">252</Data>
</EventData>
</Event>Hi,
Whether this issue only occurred with this website. Have you tried using another computer or other browser to test the issue.
If this issue only occurred with specific website, it is better to contact the website for more help.
In addition, here is a thread for your reference:
http://social.technet.microsoft.com/Forums/en-US/windowsserver2008r2general/thread/6b0d1a30-753d-491e-b2b2-dc1a1111dd51
Regards,
Vincent Wang
TechNet Community Support -
SSMS Errors and event id 36888 and 36882
Hallo to everybody,
I'm facing a tricky situation from which I'm not able to come out.
Because of an Hard Drive failure, I had to rebuild my workstation.
Apart from the hard drive changed, both hardware and software environment are the same as before, when everything was working correctly. I'm using Windows server 2012 R2 as O/S, and a series of MS software, among them, the last three releases of SQL Server
(2008R2, 2012 and 2014).
But differently from first setup, now because of the hurry to rebuild the system, I installed all the software without taking care of the "chronological" order. Meaning I installed SQL Server 2014 as first, then 2012 and 2008R2 as last one.
My system is joined to a domain and, summarizing, everything works correctly (as before hard drive failure) but the ability to connect to remote (within domain) SQL Server instances through any of the SSMS edition.
When I try, I get strange behaviour, like errors while connecting (sometimes), errors while retrieving data (right click on a table and EDIT top <n> rows), or sometimes even a partially filled grid without any error. For partially filled, I mean a
result set in which not all requested rows are returned.
The common elements are: The error source in message box is always "System.Data" and the error message is "Internal connection fatal error".
Below you can find a more detailed technical description of the error message.
After some investigation, I found that in correspondence to any of these user interface errors, other errors messages are logged in System Event Log in this sequence:
1) Event 36888 source Schannel:
A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 48. The Windows SChannel error state is 552.
1) Event 36882 source Schannel:
The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The SSL connection request has failed. The attached data contains the server
certificate.
Needless to say, SQL Connections are NOT configured to be encrypted, neither on client nor on servers, SSL certificates are the self generated ones, so there should be no reason at all for these errors.
I already browsed the Internet searching for a solution, but I was not able to find something matching my situation. For instance, the closest one that talk about "wrong synonym definition" is not valid in my case, as there
are no wrong synonym.
I strongly hope that someone of you could be helpful before I decide to start reformatting and reinstalling everything from scratch keeping the "correct" order during installation.
Thank you in advance,
===================================
Internal connection fatal error. (System.Data)
Program Location:
at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)
at System.Data.SqlClient.SqlDataReader.TryCloseInternal(Boolean closeReader)
at System.Data.SqlClient.SqlDataReader.Close()
at Microsoft.SqlServer.Management.Smo.DataProvider.Close()
at Microsoft.SqlServer.Management.UI.VSIntegration.ObjectExplorer.NavigableItemBuilder.NavigableItemBuilderDataReader.Close()
at Microsoft.SqlServer.Management.UI.VSIntegration.ObjectExplorer.NavigableItemBuilder.NavigableItemBuilderDataReader.System.IDisposable.Dispose()
at Microsoft.SqlServer.Management.UI.VSIntegration.ObjectExplorer.NavigableItemBuilder.BuildDynamicItemWithQuery(IList`1 nodes, INodeInformation source, INavigableItem sourceItem, String urnQuery, Boolean registerBuilder, Boolean registerBuiltItems)
at Microsoft.SqlServer.Management.UI.VSIntegration.ObjectExplorer.NavigableItemBuilder.BuildDynamicItem(IList`1 nodes, INodeInformation source, INavigableItem sourceItem, IFilterProvider filter)
at Microsoft.SqlServer.Management.UI.VSIntegration.ObjectExplorer.NavigableItemBuilder.Build(IList`1 nodes, INodeInformation source, INavigableItem sourceItem, IFilterProvider filter)
at Microsoft.SqlServer.Management.UI.VSIntegration.ObjectExplorer.NonContextFilterNavigableItemBuilder.Build(IList`1 targetList, INodeInformation source, INavigableItem sourceItem, IFilterProvider filter)
at Microsoft.SqlServer.Management.UI.VSIntegration.ObjectExplorer.NavigableItem.RequestChildren(IGetChildrenRequest request)
at Microsoft.SqlServer.Management.UI.VSIntegration.ObjectExplorer.ExplorerHierarchyNode.BuildChildren(WaitHandle quitEvent)Hello,
Since you installed in that order, I would try to update the SQL Server 2012 instance to the latest service pack. I would update all the instances to the latest service pack too.
http://www.microsoft.com/en-us/download/details.aspx?id=43340
Hope this helps.
Regards,
Alberto Morillo
SQLCoffee.com -
Continuous "36888 Schannel Errors" in System Event Log when NOT connected to Internet
We are hoping someone will be able to assist with us this very strange issue please ?
We are using Windows 8.1 x64 Enterprise with Office 2013 and the latest Symantec Endpoint Proctecion v12.1.5 installed. They are managed using SCCM2012 in a large AD domain environment
When our workstations are NOT connected to the internet (only local intranet) the following errors appear in SYSTEM event log almost continuously (several times a minute).
Event ID:36888 User: SYSTEM OpCode:Info Level:Error Source:SChannel
"A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows Schannel error state is 11."
The process associated with these events is "Local Security Authority Process"
When an internet connection is enabled for these machines these 36888 errors will suddenly stop !.
An event "Error 36887 "A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40." Is also occurring on these machines but only occasionally.
As a result, We suspect there must be a process continuously attempting to connect to an internet service and failing ?.
Some of the things we have tried so far;
- We have disabled all non-essential services (e.g. Windows Store Service) one by one but this didn't fix.
- We have tried disabling Tile updates on Start
- We have tried a bunch of different Group Policy settings to disable different combinations of TLS/SSL in IE config.
- We have searched the internet forums and tried some suggested fixes but this combination of error state and error code seems unique ?.
It doesn't happen on our Windows 7 x64 workstations that have much same apps & configuration.
Any advice or suggestions would be greatly appreciated !
Thanks.Hi Makes006,
This Event ID 36888 occurs if a user tries to access a web site using HTTP but specifies an SSL port in the URL.
We can try clean boot to troubleshoot whether this issue is caused by a third party program .
How to perform a clean boot in Windows
http://support.microsoft.com/kb/929135
If there is no sensible impacts on operating the machines ,we can try to disable this log by modify the following registry key value to 0.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\EventLogging
For more information, please refer to the following link:
How to enable Schannel event logging in IIS
http://support.microsoft.com/kb/260729
Regards,
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
I keep losing my network connection for a few seconds at a time. Not a big deal unless I just spent time filling in a form and have to redo it.
Getting:
A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252. Using windows 8. I just installed the new ARRIS
TG862 provided by Comcast.
Any Ideas?
Also get the following errors in my events:
The name "WORKGROUP :1d" could not be registered on the interface with IP address 10.0.0.2. The computer with the IP address 10.0.0.3 did not allow the name to be claimed by this computer.
Realtek PCIe GBE Family Controller is disconnected from network.
Any help is appreciatedHi,
Critical Kernel-power event ID 41 is used appear after PC restarts or randomly restarts with error
BugcheckCode listed or a cold reboot. Do you get BSOD and some dump files?
Default location is %SystemRoot%\Minidump. You can upload it to skydrive, then paste link here.
How to use Skydrive
http://www.wikihow.com/Use-SkyDrive
Kernel-PnP event ID 219: A Plug and Play device driver on your system is failing to load due to a device driver or device malfunction, you can unplug any external devices (except mouse and keyboard, but please keep the latest drivers), and
check device status in device manager, please also keep the all latest driver update of your PC.
And for error 36888, I found a similar thread, please refer to this link
http://social.technet.microsoft.com/Forums/windowsserver/en-US/4c5430f5-43f6-41b4-97d3-03cfb3efa70b/schannel-error-event-id-36888-is-there-a-way-to-identify-what-causes-schannel-to-log-error?forum=winserverDS
Regards
Yolanda
TechNet Community Support -
PC reboots at random, Kernel errors in event log
Hello my PC has been acting funny and rebooting ever since I got Windows 8.1
Here is the errors.
1 Critical Kernel-power event ID 41 2:01PM
2. Warning. Kernel-PnP event ID 219 2:01PM
The driver \Driver\WudfRd failed to load for the device SWD\WPDBUSENUM\_??_USBSTOR#Disk&Ven_Kingston&Prod_DataTraveler_2.0&Rev_1.00#0019E06B58C2SK870A0410D5&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}.
Error. Schannel event ID 36888 11:28 AM
A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.
I am quite sure the PSU is still good, never had an issue until I get windows 8.1 installed directly over windows 7.I just froze on the desktop at 2:55 and windows was not responding box was open but I was unable to click or do any thing.
Here is that error in the event log.
Session "Pku2uLog" stopped due to the following error: 0xC0000188
Also the time stamp is incorrect, The time on the PC is 3:22 not 2:55, this error was just a few minutes ago.
Heres another one.
The maximum file size for session "Pku2uLog" has been reached. As a result, events might be lost (not logged) to file "C:\WINDOWS\Logs\Homegroup\pku2u.etl". The maximum files size is currently set to 5242880 bytes. -
Schannel Errors 36874 and 36888
Greetings,
The scenario is the following: 1 Windows Server 2008 R2 SP1 (patched up to date).
There are two errors that shows every 10 seconds:
Log Name: System
Source: Schannel
Date: 19/07/2012 14:59:58
Event ID: 36874
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: Server.Mydomain.com
Description:
An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Schannel" Guid="{1F678132-5938-4686-9FDC-C8FF68F15C85}" />
<EventID>36874</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2012-07-19T19:59:58.511146300Z" />
<EventRecordID>5908</EventRecordID>
<Correlation />
<Execution ProcessID="484" ThreadID="524" />
<Channel>System</Channel>
<Computer>Server.Mydomain.com</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Protocol">SSL 3.0</Data>
</EventData>
</Event>
Log Name: System
Source: Schannel
Date: 19/07/2012 14:59:58
Event ID: 36888
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: Server.Mydomain.com
Description:
The following fatal alert was generated: 40. The internal error state is 107.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Schannel" Guid="{1F678132-5938-4686-9FDC-C8FF68F15C85}" />
<EventID>36888</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2012-07-19T19:59:58.511146300Z" />
<EventRecordID>5909</EventRecordID>
<Correlation />
<Execution ProcessID="484" ThreadID="524" />
<Channel>System</Channel>
<Computer>Server.Mydomain.com</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="AlertDesc">40</Data>
<Data Name="ErrorState">107</Data>
</EventData>
</Event>
Note: This server has IIS installed (requirement for web console of System Center Operations Manager 2012)
The questions are:
Is this behavior normal?
if no
How to fix this problem?
Thanks in advance!Hi,
This error can be received due to an incompatible browser problem and SSL 3.0 connection request cannot be handled.
As discussed, we can modify that registry key to disable the additional secure channel event logging if every works fine.
Also we can check the thread below. It mentioned another scenario in which the "The following fatal alert was generated: 40. The internal error state is 107." error could be received:
Why does Window's SSL Cipher-Suite get restricted under certain SSL certificates?
http://serverfault.com/questions/166750/why-does-windows-ssl-cipher-suite-get-restricted-under-certain-ssl-certificates
(Note: Since the site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.)
Regards
Kevin -
I have a Windows Server 2008 R2 server flooded with Schannel Event ID's 36874 and 36888. Can someone please help?
The server is running Exchange 2010.
Event 36874, Schannel
An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
Event 36888, Schannel
The following fatal alert was generated: 40. The internal error state is 1205.Hi,
Please refer to the similar threads below:
Schannel Error ID 36888
getting Schannel 36874 errors on my CAS/HT servers
If the above is not helpful, please feel free to let me know.
Best regards,
Susie -
Schannel errors - appears to be causing blue screens
Hi guys
Every once in a while (a few times a month) our RDS server (server 200r82 hyper-v VM) decides to blue screen and restart.
Each and every time it crashes, we notice hundreds and hundreds of schannel errors appearing just before the crash (event ID 36888)
Well, it did it again this afternoon, and over the last 12 hours we noticed 1008 instances of this error, with 60 odd messages appearing within 0.2 seconds of each other, and 2 minutes before the crash.
I also noticed that just before the crash, there were a handful of services which hung seconds before the logged unexpected shutdown event. These services are as follows.
- UmRDPService
- WPDBusEnum
- UxSMS
- Audio Endpoint Builder
After the crash, it doesnt log any Schannel errors. although, saying this now and just checking again, it looks like its logged 127 instances of the same schannel error, starting from after around 2 hours of bringing the server back online.
Do these Schannel errors cause blue screens/crashes? Or is it something else I should be looking at... I'm at a loss, as there's not a lot more in the way of logs that seem to be telling me what's going on..Hi EsDood,
Would you please let me know complete message of Event ID
36888? For Event ID 36888, it generally occur if a user tries to access a web site using HTTP but specifies an SSL port in the URL. Please check the Schannel tracing log if find relevant clues.
How to enable Schannel event logging in IIS
Please also refer to following thread and check if can help you.
Schannel
error, Event ID 36888? - IS there a way to Identify what causes Schannel to log error?
In addition, I noticed that a BSOD issue occurred on the Windows Server 2008 R2. Troubleshoot this kind of
kernel crash issue, we need to analyze the crash dump file to narrow down the root cause of the issue. Did you get any dump files? If get, please refer to
KB315263 and check if can help you.
If this issues is a state of emergency for you. Please contact Microsoft Customer Service and Support (CSS) via telephone so that a dedicated Support Professional can assist with your request.
To obtain the phone numbers for specific technology request, please refer to the web site listed below:
http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone#faq607
If any update, please feel free to let me know.
Hope this helps.
Best regards,
Justin Gu
Maybe you are looking for
-
HT5052 my ipod A1288 cannot be updated to ios 5.0.1 ?
my ipod a1288 cannot be updated to ios 5.0.1 can u help me ??? plz i am worried
-
Dear All, I have a scenario in which client wants to pay commission on sales. In this case commission will be paid on the basis of sale made and amount of commission from return will be deducted. For this I give the solution to create new condition t
-
I have been using this for months with no problem. A PDF scanned document looks fine but when it prints, it is either 1) reversed black background with white text; or 2) zoomed in at 500%. How do i solve this problem? Matt
-
Attempted reboot - tech heavy menu screen. Need advice on how to proceed.
I typed Carl-alt-del and before the blue screen came up I typed F10. A tech-heavy menu appeared and I think I am on the right track, but am unsure of what to do now. .
-
I need to access my "collected Addresses", but when I open the addressbook, it only shows my "Personalbook", which is "empty. How to change to my "Collected addressbook?