Event log - Schannel Event ID 36888

Hi
I did a migration from SBS 2003 to SBS 2011 and all went smoothly. After migration I started to notice these errors popping up in the system log.
Schannel Event ID 36888 :"the following fatal alert was generated: 10. The internal error state is 1203."
I have scoured the forums and tried everything I could, from upgrading the sharepoint to checking exchange. It is not affecting the server performance in any noticeable manner but it is filling up the logs and I would rather know what is causing this other
then just suppressing the log?
It could be something mayor that I am missing

Hi Jean H. Marais,
Just additional. This error (Event ID 36888) occurs if a user tries to access a web site using HTTP but specifies
an SSL port in the URL. The internal error state 1203 indicates invalid ClientHello from the client.
Please refer to the similar thread and check if can help you.
Schannel error, Event ID 36888? - IS there a way to Identify what causes Schannel to log error?
http://social.technet.microsoft.com/Forums/windowsserver/en-US/4c5430f5-43f6-41b4-97d3-03cfb3efa70b/schannel-error-event-id-36888-is-there-a-way-to-identify-what-causes-schannel-to-log-error?forum=winserverDS
Regarding to enable/disable Schannel event logging in IIS, please refer to the next KB.
How to enable Schannel event logging in IIS
Hope this helps.
Best regards,
Justin Gu

Similar Messages

  • New install: Event Log - Schannel Event ID: 36888

    I am in the process of setting up a Microsoft TMG server on a new Dell PowerEdge R610
    I have installed Windows Server 2008 R2 Enterprise, Exchange 2010 Edge Transport Service, ForeFront 2010 for Exchange and finally TMG 2010 as per the TechNet TMG installation guides.  All the latest updates have been applied including Exchange 2010 rollup 1.
    Around the point at which I installed Exchange 2010, the system event log started filling up with the following entries:
    Source: Schannel
    Event ID: 36888
    User: System
    Message: The following fatal alert was generated: 10. The internal error state is 10.
    TMG seems to be working correctly - proxy, web filtering, server publishing etc.  However I can access any HTTPS websites from the TMG server, this seems to be causing problems with Windows Update/Forefront 2010 updates.
    I have installed two SSL certificates - one was requested from our internal certificate server and I have Exchange enabled that certificate for SMTP.  The other certificate is our public SSL certificate we use for website publishing - and ultimately SMTP but in case their were problems with the intermediate certificates I haven't yet enabled it for SMTP.
    I'm having trouble finding any useful information about the Schannel error - can anyone help?
    Thanks.

    [[Message: The following fatal alert was generated: 10. The internal error state is 10]]
    A solution that worked for me is here:
    http://answers.microsoft.com/en-us/windows/forum/windows_other-gaming/id-event-36888-shannel/a74b0512-e107-4753-bf79-aecf9d54d2af
    Uncheck the TLS (transport layer security) options in Internet Explorer and check.
    a.       Open Internet Explorer and click on Tools.
    b.      Click on Internet Options and click on the advanced tab.
    c.       In Security, make sure that the TLS is not checked.
    d.      Click on Apply and then click Ok.
    e.      Now try to play the game and check.
    For further support, I would suggest you to contact steam forums or EA (electronic arts) games.
    www.forums.steampowered.com
    www.forum.ea.com
    Thank you and Regards.           
    Thahaseena M
    Microsoft Answers Support Engineer.
    Visit our Microsoft Answers Feedback Forum and
    let us know what you think.

  • Windows Operating System; Version: 6.1.7601.18409; Event ID: 36888; Event Source: Schannel; AlertDesc 10; ErrorState10

    The computer consistantly freezes for about one to two seconds over and over, making it difficult to navigate through web pages.  I have looked at the Event log and this is the only consistent error that has taken place that falls in line with this
    issue.  I have tried changing the Security in Internet Explorer and tried every option for SSL and TLS and removed all history and cookies after each change, as well as restarting my computer, and still to no avail.  Please help!  Thank you.

    See the below:
    http://social.technet.microsoft.com/Forums/en-US/67609e1a-ae35-48ef-a91a-a0b06992702f/windows-operating-system-version-61760117940-event-id-36888-event-source-schannel?forum=w7itproperf
    http://social.technet.microsoft.com/Forums/en-US/eca5e2cb-28b2-4170-944b-c4c3ea7c8d72/event-id-36888-event-source-schannel?forum=winservergen
    Rgds

  • Event ID 36888 - Schannel - A fatal alert was generated and sent to the remote endpoint.

    Exchange 2013:  2 x multi-role in one DAG - on-premise
    Performing remote mailbox migration using internet (*non-exchange web-based  tool*), to ship data from cloud Ex2010 server to Ex013 on-premise.
    Have multiple failures when doing the mailbox data copy - my migration tool error code tells me that:
    This error indicates that we were unable to authenticate to the source or destination mailbox and retrieve a list of folders when given 15
    minutes to complete these operations. This may be because the source or destination is unusually slow, has a very large number of folders, or due to "hanging" networking calls.
    Some mailboxes are copying, but around 80% are not.  Checked all permissions and other factors.
    I see in the System event log the following below:
    Log Name:      System
    Source:        Schannel
    Date:          9/14/2013 2:14:53 PM
    Event ID:      36888
    Task Category: None
    Level:         Error
    Keywords:      
    User:          SYSTEM
    Computer:      server.domain.local
    Description:
    A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Schannel" Guid="{1F678132-5938-4686-9FDC-C8FF68F15C85}" />
        <EventID>36888</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000000000</Keywords>
        <TimeCreated SystemTime="2013-09-14T20:14:53.699840000Z" />
        <EventRecordID>135625</EventRecordID>
        <Correlation />
        <Execution ProcessID="544" ThreadID="17928" />
        <Channel>System</Channel>
        <Computer>server.domain.local</Computer>
        <Security UserID="S-1-5-18" />
      </System>
      <EventData>
        <Data Name="AlertDesc">10</Data>
        <Data Name="ErrorState">1203</Data>
      </EventData>
    </Event>
    Anyone seen this? - not much recording this error available for Ex2013.

    Hello,
    Thank you for your post.
    This is a quick note to let you know that we are performing research on this issue.
    If you have feedback for TechNet Subscriber Support, contact
    [email protected]
    Simon Wu
    TechNet Community Support
    Hi Simon
    I opened a SEV B case  today.  Appears to directly reflect the amount of load i put through, in terms of data being shipped with our migration tool.  That tool is basically logging into each mailbox using a superuser account and populating
    it with mail and calendar data form a source cloud mailbox.  No fancy co-existence or online move requests.
    All throttle policies are removed.  Attempting to migrate more than 20 mailboxes at a time results in the System Event log being filled with the Schannel error above.  Reducing the amount below this still shows the errors appearing, but not enough
    to stop mailbox data being shipped and the migration tool suffering a stop error.
    I will update the thread tomorrow when i speak with the engineer.  Surprised noone has had any input so far.
    I have the same problem, here is some data. I have two exchange profiles and the 2nd one stops logging in after this error starts. I have to reset the wireless connection and restart outlook to clear the situation.
    Dave Ladouceur

  • SChannel - Help with Error # 20 (Event ID # 36888)

    Was hoping somebody could help me understand what's causing some SChannel error 20 events I'm seeing in system event logs.
    Running Server 2008 R2 as IIS web servers, have a commercial wildcard SSL certificate in use on multiple sites and we use IIS Crypto's "best practice" settings.
    Majority of our customers, monitoring apps and SSL labs report no issues with HTTPS, however we have one customer with a data-center hosted application which sometimes connects flawlessly, yet other times causes our server to generate fatal alert 20 and
    reset the connection before it even reaches IIS.
    Can't see any pattern to these issues and very little of the discussion online about error 20 seems to fit here as it mostly relates to invalid server certificates, low-level development with SSL or other "consistent HTTPS failure" scenarios while
    ours is more intermittent.
    Reading up on error 20 suggests it should be indicate a "bad record mac", where I'm reading the mac to be a checksum of the SSL message suggesting the message may be incomplete, altered or incorrectly signed -- but not being an expert on either
    schannel or crypto I could be misunderstanding what this means.
    Attempted to find more detail regarding the internal error state value, with very little luck.
    Tried enabling SChannel logging for errors and warnings (3), but that's not provided any more detail before or after this event.
    Right now I'm not entirely sure what's causing the problem which makes it even harder to look at solutions, so if you have any questions or need more detail let me know, will try and keep an eye on this for the next few days.
    - T
    Log Name: System
    Source: Schannel
    Date: [removed]
    Event ID: 36888
    Task Category: None
    Level: Error
    Keywords:
    User: SYSTEM
    Computer: [removed]
    Description:
    The following fatal alert was generated: 20. The internal error state is 960.

    Hi twrty,
    This error can caused by many reasons, typically reason I experienced such as ,Incorrect certificate bind with HTTPS Port 443, enabled Cert Authentication wrong certificate
    was used ,certificate on TMG server is revoked and has not validity, SSL handshake failures between client and server also can cause these events, please check all this above conditions and disable the port 443 related security of your firewall then monitor
    again.
    The similar thread:
    Certificate Services - can't connect using SSL
    https://social.technet.microsoft.com/forums/windowsserver/en-US/091a3222-641b-43a3-ae19-6cc238828950/certificate-services-cant-connect-using-ssl
    Error schannel
    https://social.technet.microsoft.com/Forums/windowsserver/en-US/dc661a87-d78a-4398-96d8-e3659d26f282/error-schannel
    I’m glad to be of help to you!
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

  • Exchange 2013 event ID 36888 SChannel error 12 and 1203

    I am running Windows Server 2012 STD with Exchange 2013 installed on the same server. I know that Microsoft doesnt recommend to do this, but I had no choice. Errors are follow:
    A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 12.
    A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203.
    - System
    - Provider
    [ Name] Schannel
    [ Guid] {1F678132-5938-4686-9FDC-C8FF68F15C85}
    EventID 36888
    Version 0
    Level 2
    Task 0
    Opcode 0
    Keywords 0x8000000000000000
    - TimeCreated
    [ SystemTime] 2014-11-25T23:30:34.120233400Z
    EventRecordID 121125
    Correlation
    - Execution
    [ ProcessID] 1064
    [ ThreadID] 20184
    Channel System
    Computer server
    - Security
    [ UserID] S-1-5-18
    - EventData
    AlertDesc 10
    ErrorState 12
    System
    - Provider
    [ Name] Schannel
    [ Guid] {1F678132-5938-4686-9FDC-C8FF68F15C85}
    EventID 36888
    Version 0
    Level 2
    Task 0
    Opcode 0
    Keywords 0x8000000000000000
    - TimeCreated
    [ SystemTime] 2014-11-26T05:45:22.650086300Z
    EventRecordID 121230
    Correlation
    - Execution
    [ ProcessID] 1064
    [ ThreadID] 45336
    Channel System
    Computer SERVER
    - Security
    [ UserID] S-1-5-18
    - EventData
    AlertDesc 10
    ErrorState 1203
    Process ID 1064 is Isass.exe
    I found somewhere that error 1203 could be ignored, but nothing about error 12. 
    Server is running with selfsigned SAN certificate, hosted 2 exchange domains (10 mailboxes, 5 local, 5 linked for remote domain connected via external 2 way non transitive domain trust).
    Thank you very much for any advise.
    Regards,
    Jan
    Šerý

    Hi Jan,
    Based on my research for the Event 36888, the issue may be caused by not standard or corrupted behavior of web browsers or users, such as user use HTTP protocol to access Exchange service which is a SSL site on port 443.
    Please check whether there is a HTTP redirect configured in your IIS Manager of Exchange server. Also reset web browsers to have a try. Here are some similar thread for this issue:
    https://social.technet.microsoft.com/Forums/forefront/en-US/92c63737-c2a3-41f7-8878-3b0cf5ee95ff/new-install-event-log-schannel-event-id-36888?forum=Forefrontedgegeneral
    http://ficility.net/2013/10/21/exchange-2013-exchange-2010-windows-server-2012-schannel-event-id36888-1203-tlsssl-error-the-root-cause/
    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make
    sure that you completely understand the risk before retrieving any suggestions from the above link.
    Regards,
    Winnie Liang
    TechNet Community Support

  • Event ID 36888. The following fatal alert was generated: 51. The internal error state is 1306.

    I have searched on TechNet as well as googled it. I have not found too much information as to what specifically is the issue here. I do know that Alert 51 has to do with TLS. I have adjusted the registry to enable logging for TLS 1.0 (client and server),
    but do not know exactly the version Lync 2010 uses.
    I have also removed an old certificate.  This did eliminate an earlier Schannel error message.  Yet, this particular one, 51 internal error state 1306, kept coming back.
    Although I can disable the logging, I prefer to know what specifically is going on and what is generating this error message.  Does anyone have any ideas?
    TIA
    Blue

    we need the Operating System details and Lync client details 
    And the complete text for Event ID 36888 along with it XML details 
    Please remember, if you see a post that helped you please click ;Vote As Helpful" and if it answered your question please click "Mark As Answer" Regards Edwin Anthony Joseph

  • Schannel event ID 36888 , alert 43, internal error state 252

    When i go to certain sites in IE, i get the following error and IE reports that it could not connect to the site.
    Any ideas where to start looking.
    I'm running Windows 7 Pro X64 Sp1
    - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    - <System>
    <Provider
    Name="Schannel"
    Guid="{1F678132-5938-4686-9FDC-C8FF68F15C85}" />
    <EventID>36888</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated
    SystemTime="2012-12-03T21:55:46.193662500Z" />
    <EventRecordID>26882</EventRecordID>
    <Correlation
    />
    <Execution
    ProcessID="808" ThreadID="6052" />
    <Channel>System</Channel>
    <Computer>redearl-toy</Computer>
    <Security
    UserID="S-1-5-18" />
    </System>
    - <EventData>
    <Data Name="AlertDesc">43</Data>
    <Data Name="ErrorState">252</Data>
    </EventData>
    </Event>

    Hi,
    Whether this issue only occurred with this website. Have you tried using another computer or other browser to test the issue.
    If this issue only occurred with specific website, it is better to contact the website for more help.
    In addition, here is a thread for your reference:
    http://social.technet.microsoft.com/Forums/en-US/windowsserver2008r2general/thread/6b0d1a30-753d-491e-b2b2-dc1a1111dd51
    Regards,
    Vincent Wang
    TechNet Community Support

  • SSMS Errors and event id 36888 and 36882

    Hallo to everybody,
    I'm facing a tricky situation from which I'm not able to come out.
    Because of an Hard Drive failure, I had to rebuild my workstation.
    Apart from the hard drive changed, both hardware and software environment are the same as before, when everything was working correctly. I'm using Windows server 2012 R2 as O/S, and a series of MS software, among them, the last three releases of SQL Server
    (2008R2, 2012 and 2014).
    But differently from first setup, now because of the hurry to rebuild the system, I installed all the software without taking care of the "chronological" order. Meaning I installed SQL Server 2014 as first, then 2012 and 2008R2 as last one.
    My system is joined to a domain and, summarizing, everything works correctly (as before hard drive failure) but the ability to connect to remote (within domain) SQL Server instances through any of the SSMS edition.
    When I try, I get strange behaviour, like errors while connecting (sometimes), errors while retrieving data (right click on a table and EDIT top <n> rows), or sometimes even a partially filled grid without any error. For partially filled, I mean a
    result set in which not all requested rows are returned.
    The common elements are: The error source in message box is always "System.Data" and the error message is "Internal connection fatal error".
    Below you can find a more detailed technical description of the error message.
    After some investigation, I found that in correspondence to any of these user interface errors, other errors messages are logged in System Event Log in this sequence:
    1) Event 36888 source Schannel:
    A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 48. The Windows SChannel error state is 552.
    1) Event 36882 source Schannel:
    The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The SSL connection request has failed. The attached data contains the server
    certificate.
    Needless to say, SQL Connections are NOT configured to be encrypted, neither on client nor on servers, SSL certificates are the self generated ones, so there should be no reason at all for these errors.
    I already browsed the Internet searching for a solution, but I was not able to find something matching my situation. For instance, the closest one that talk about "wrong synonym definition" is not valid in my case, as there
    are no wrong synonym.  
    I strongly hope that someone of you could be helpful before I decide to start reformatting and reinstalling everything from scratch keeping the "correct" order during installation.
    Thank you in advance,
    ===================================
    Internal connection fatal error. (System.Data)
    Program Location:
       at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)
       at System.Data.SqlClient.SqlDataReader.TryCloseInternal(Boolean closeReader)
       at System.Data.SqlClient.SqlDataReader.Close()
       at Microsoft.SqlServer.Management.Smo.DataProvider.Close()
       at Microsoft.SqlServer.Management.UI.VSIntegration.ObjectExplorer.NavigableItemBuilder.NavigableItemBuilderDataReader.Close()
       at Microsoft.SqlServer.Management.UI.VSIntegration.ObjectExplorer.NavigableItemBuilder.NavigableItemBuilderDataReader.System.IDisposable.Dispose()
       at Microsoft.SqlServer.Management.UI.VSIntegration.ObjectExplorer.NavigableItemBuilder.BuildDynamicItemWithQuery(IList`1 nodes, INodeInformation source, INavigableItem sourceItem, String urnQuery, Boolean registerBuilder, Boolean registerBuiltItems)
       at Microsoft.SqlServer.Management.UI.VSIntegration.ObjectExplorer.NavigableItemBuilder.BuildDynamicItem(IList`1 nodes, INodeInformation source, INavigableItem sourceItem, IFilterProvider filter)
       at Microsoft.SqlServer.Management.UI.VSIntegration.ObjectExplorer.NavigableItemBuilder.Build(IList`1 nodes, INodeInformation source, INavigableItem sourceItem, IFilterProvider filter)
       at Microsoft.SqlServer.Management.UI.VSIntegration.ObjectExplorer.NonContextFilterNavigableItemBuilder.Build(IList`1 targetList, INodeInformation source, INavigableItem sourceItem, IFilterProvider filter)
       at Microsoft.SqlServer.Management.UI.VSIntegration.ObjectExplorer.NavigableItem.RequestChildren(IGetChildrenRequest request)
       at Microsoft.SqlServer.Management.UI.VSIntegration.ObjectExplorer.ExplorerHierarchyNode.BuildChildren(WaitHandle quitEvent)

    Hello,
    Since you installed in that order, I would try to update the SQL Server 2012 instance to the latest service pack. I would update all the instances to the latest service pack too.
    http://www.microsoft.com/en-us/download/details.aspx?id=43340
    Hope this helps.
    Regards,
    Alberto Morillo
    SQLCoffee.com

  • Continuous "36888 Schannel Errors" in System Event Log when NOT connected to Internet

    We are hoping someone will be able to assist with us this very strange issue please ?
    We are using Windows 8.1 x64 Enterprise with Office 2013 and the latest Symantec Endpoint Proctecion v12.1.5 installed. They are managed using SCCM2012 in a large AD domain environment
    When our workstations are NOT connected to the internet (only local intranet) the following errors appear in SYSTEM event log almost continuously (several times a minute).
    Event ID:36888  User: SYSTEM  OpCode:Info  Level:Error  Source:SChannel 
    "A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows Schannel error state is 11."
    The process associated with these events is "Local Security Authority Process"
    When an internet connection is enabled for these machines these 36888 errors will suddenly stop !.
    An event "Error 36887 "A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40." Is also occurring on these machines but only occasionally.
    As a result, We suspect there must be a process continuously attempting to connect to an internet service and failing ?.
    Some of the things we have tried so far;
    - We have disabled all non-essential services (e.g. Windows Store Service) one by one but this didn't fix.
    - We have tried disabling Tile updates on Start 
    - We have tried a bunch of different Group Policy settings to disable different combinations of TLS/SSL in IE config.
    - We have searched the internet forums and tried some suggested fixes but this combination of error state and error code seems unique ?.
    It doesn't happen on our Windows 7 x64 workstations that have much same apps & configuration.
    Any advice or suggestions would be greatly appreciated !
    Thanks.

    Hi Makes006,
    This Event ID 36888 occurs if a user tries to access a web site using HTTP but specifies an SSL port in the URL.
    We can try clean boot to troubleshoot whether this issue is caused by a third party program .
    How to perform a clean boot in Windows
    http://support.microsoft.com/kb/929135
    If there is no sensible impacts on operating the machines ,we can try to disable this log by modify the following registry key value to 0.
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\EventLogging
    For more information, please refer to the following link:
    How to enable Schannel event logging in IIS
    http://support.microsoft.com/kb/260729
    Regards,
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

  • EVENT 36888, Schannel A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

    I keep losing my network connection for a few seconds at a time.  Not  a big deal unless I just spent time filling in a form and have to redo it.
    Getting:
    A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252. Using windows 8.  I just installed the new ARRIS
    TG862 provided by Comcast. 
    Any Ideas?
    Also get the following errors in my events:
    The name "WORKGROUP      :1d" could not be registered on the interface with IP address 10.0.0.2. The computer with the IP address 10.0.0.3 did not allow the name to be claimed by this computer.
    Realtek PCIe GBE Family Controller is disconnected from network.
    Any help is appreciated

    Hi,
    Critical Kernel-power event ID 41 is used appear after PC restarts or randomly restarts with error
    BugcheckCode listed or a cold reboot. Do you get BSOD and some dump files?
     Default location is %SystemRoot%\Minidump. You can upload it to skydrive, then paste link here.
    How to use Skydrive
    http://www.wikihow.com/Use-SkyDrive
    Kernel-PnP event ID 219: A Plug and Play device driver on your system is failing to load due to a device driver or device malfunction, you can unplug any external devices (except mouse and keyboard, but please keep the latest drivers), and
    check device status in device manager, please also keep the all latest driver update of your PC.
    And for error 36888, I found a similar thread, please refer to this link
    http://social.technet.microsoft.com/Forums/windowsserver/en-US/4c5430f5-43f6-41b4-97d3-03cfb3efa70b/schannel-error-event-id-36888-is-there-a-way-to-identify-what-causes-schannel-to-log-error?forum=winserverDS
    Regards
    Yolanda
    TechNet Community Support

  • PC reboots at random, Kernel errors in event log

    Hello my PC has been acting funny and rebooting ever since I got Windows 8.1
    Here is the errors.
    1 Critical Kernel-power event ID 41 2:01PM
    2. Warning. Kernel-PnP event ID 219 2:01PM
    The driver \Driver\WudfRd failed to load for the device SWD\WPDBUSENUM\_??_USBSTOR#Disk&Ven_Kingston&Prod_DataTraveler_2.0&Rev_1.00#0019E06B58C2SK870A0410D5&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}.
    Error. Schannel event ID 36888 11:28 AM
    A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.
    I am quite sure the PSU is still good, never had an issue until I get windows 8.1 installed directly over windows 7.

    I just froze on the desktop at 2:55 and windows was not responding box was open but I was unable to click or do any thing.
    Here is that error in the event log.
    Session "Pku2uLog" stopped due to the following error: 0xC0000188
    Also the time stamp is incorrect, The time on the PC is 3:22 not 2:55, this error was just a few minutes ago.
    Heres another one.
    The maximum file size for session "Pku2uLog" has been reached. As a result, events might be lost (not logged) to file "C:\WINDOWS\Logs\Homegroup\pku2u.etl". The maximum files size is currently set to 5242880 bytes.

  • Schannel Errors 36874 and 36888

    Greetings,
    The scenario is the following: 1 Windows Server 2008 R2 SP1 (patched up to date).
    There are two errors that shows every 10 seconds:
    Log Name:      System
    Source:        Schannel
    Date:          19/07/2012 14:59:58
    Event ID:      36874
    Task Category: None
    Level:         Error
    Keywords:      
    User:          SYSTEM
    Computer:      Server.Mydomain.com
    Description:
    An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Schannel" Guid="{1F678132-5938-4686-9FDC-C8FF68F15C85}" />
        <EventID>36874</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000000000</Keywords>
        <TimeCreated SystemTime="2012-07-19T19:59:58.511146300Z" />
        <EventRecordID>5908</EventRecordID>
        <Correlation />
        <Execution ProcessID="484" ThreadID="524" />
        <Channel>System</Channel>
        <Computer>Server.Mydomain.com</Computer>
        <Security UserID="S-1-5-18" />
      </System>
      <EventData>
        <Data Name="Protocol">SSL 3.0</Data>
      </EventData>
    </Event>
    Log Name:      System
    Source:        Schannel
    Date:          19/07/2012 14:59:58
    Event ID:      36888
    Task Category: None
    Level:         Error
    Keywords:      
    User:          SYSTEM
    Computer:      Server.Mydomain.com
    Description:
    The following fatal alert was generated: 40. The internal error state is 107.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Schannel" Guid="{1F678132-5938-4686-9FDC-C8FF68F15C85}" />
        <EventID>36888</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000000000</Keywords>
        <TimeCreated SystemTime="2012-07-19T19:59:58.511146300Z" />
        <EventRecordID>5909</EventRecordID>
        <Correlation />
        <Execution ProcessID="484" ThreadID="524" />
        <Channel>System</Channel>
        <Computer>Server.Mydomain.com</Computer>
        <Security UserID="S-1-5-18" />
      </System>
      <EventData>
        <Data Name="AlertDesc">40</Data>
        <Data Name="ErrorState">107</Data>
      </EventData>
    </Event>
    Note: This server has IIS installed (requirement for web console of System Center Operations Manager 2012)
    The questions are:
    Is this behavior normal?
    if no
    How to fix this problem?
    Thanks in advance!

    Hi,
    This error can be received due to an incompatible browser problem and SSL 3.0 connection request cannot be handled.
    As discussed, we can modify that registry key to disable the additional secure channel event logging if every works fine.
    Also we can check the thread below. It mentioned another scenario in which the "The following fatal alert was generated: 40. The internal error state is 107." error could be received:
    Why does Window's SSL Cipher-Suite get restricted under certain SSL certificates?
    http://serverfault.com/questions/166750/why-does-windows-ssl-cipher-suite-get-restricted-under-certain-ssl-certificates
    (Note: Since the site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.)
    Regards
    Kevin

  • Schannel errors in logs

    I have a Windows Server 2008 R2 server flooded with Schannel Event ID's 36874 and 36888.  Can someone please help?
    The server is running Exchange 2010.
    Event 36874, Schannel
    An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
    Event 36888, Schannel
    The following fatal alert was generated: 40. The internal error state is 1205.

    Hi,
    Please refer to the similar threads below:
    Schannel Error ID 36888
    getting Schannel 36874 errors on my CAS/HT servers
    If the above is not helpful, please feel free to let me know.
    Best regards,
    Susie

  • Schannel errors - appears to be causing blue screens

    Hi guys
    Every once in a while (a few times a month) our RDS server (server 200r82 hyper-v VM) decides to blue screen and restart.
    Each and every time it crashes, we notice hundreds and hundreds of schannel errors appearing just before the crash (event ID 36888)
    Well, it did it again this afternoon, and over the last 12 hours we noticed 1008 instances of this error, with 60 odd messages appearing within 0.2 seconds of each other, and 2 minutes before the crash.
    I also noticed that just before the crash, there were a handful of services which hung seconds before the logged unexpected shutdown event. These services are as follows.
    - UmRDPService
    - WPDBusEnum
    - UxSMS
    - Audio Endpoint Builder
    After the crash, it doesnt log any Schannel errors. although, saying this now and just checking again, it looks like its logged 127 instances of the same schannel error, starting from after around 2 hours of bringing the server back online.
    Do these Schannel errors cause blue screens/crashes? Or is it something else I should be looking at... I'm at a loss, as there's not a lot more in the way of logs that seem to be telling me what's going on..

    Hi EsDood,
    Would you please let me know complete message of Event ID
    36888? For Event ID 36888, it generally occur if a user tries to access a web site using HTTP but specifies an SSL port in the URL. Please check the Schannel tracing log if find relevant clues.
    How to enable Schannel event logging in IIS
    Please also refer to following thread and check if can help you.
    Schannel
    error, Event ID 36888? - IS there a way to Identify what causes Schannel to log error?
    In addition, I noticed that a BSOD issue occurred on the Windows Server 2008 R2. Troubleshoot this kind of
    kernel crash issue, we need to analyze the crash dump file to narrow down the root cause of the issue. Did you get any dump files? If get, please refer to
    KB315263 and check if can help you.
    If this issues is a state of emergency for you. Please contact Microsoft Customer Service and Support (CSS) via telephone so that a dedicated Support Professional can assist with your request.
    To obtain the phone numbers for specific technology request, please refer to the web site listed below:
    http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone#faq607
    If any update, please feel free to let me know.
    Hope this helps.
    Best regards,
    Justin Gu

Maybe you are looking for