Schannel Errors 36874 and 36888
Greetings,
The scenario is the following: 1 Windows Server 2008 R2 SP1 (patched up to date).
There are two errors that shows every 10 seconds:
Log Name: System
Source: Schannel
Date: 19/07/2012 14:59:58
Event ID: 36874
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: Server.Mydomain.com
Description:
An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Schannel" Guid="{1F678132-5938-4686-9FDC-C8FF68F15C85}" />
<EventID>36874</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2012-07-19T19:59:58.511146300Z" />
<EventRecordID>5908</EventRecordID>
<Correlation />
<Execution ProcessID="484" ThreadID="524" />
<Channel>System</Channel>
<Computer>Server.Mydomain.com</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Protocol">SSL 3.0</Data>
</EventData>
</Event>
Log Name: System
Source: Schannel
Date: 19/07/2012 14:59:58
Event ID: 36888
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: Server.Mydomain.com
Description:
The following fatal alert was generated: 40. The internal error state is 107.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Schannel" Guid="{1F678132-5938-4686-9FDC-C8FF68F15C85}" />
<EventID>36888</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2012-07-19T19:59:58.511146300Z" />
<EventRecordID>5909</EventRecordID>
<Correlation />
<Execution ProcessID="484" ThreadID="524" />
<Channel>System</Channel>
<Computer>Server.Mydomain.com</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="AlertDesc">40</Data>
<Data Name="ErrorState">107</Data>
</EventData>
</Event>
Note: This server has IIS installed (requirement for web console of System Center Operations Manager 2012)
The questions are:
Is this behavior normal?
if no
How to fix this problem?
Thanks in advance!
Hi,
This error can be received due to an incompatible browser problem and SSL 3.0 connection request cannot be handled.
As discussed, we can modify that registry key to disable the additional secure channel event logging if every works fine.
Also we can check the thread below. It mentioned another scenario in which the "The following fatal alert was generated: 40. The internal error state is 107." error could be received:
Why does Window's SSL Cipher-Suite get restricted under certain SSL certificates?
http://serverfault.com/questions/166750/why-does-windows-ssl-cipher-suite-get-restricted-under-certain-ssl-certificates
(Note: Since the site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.)
Regards
Kevin
Similar Messages
-
Exchange 2013 event ID 36888 SChannel error 12 and 1203
I am running Windows Server 2012 STD with Exchange 2013 installed on the same server. I know that Microsoft doesnt recommend to do this, but I had no choice. Errors are follow:
A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 12.
A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203.
- System
- Provider
[ Name] Schannel
[ Guid] {1F678132-5938-4686-9FDC-C8FF68F15C85}
EventID 36888
Version 0
Level 2
Task 0
Opcode 0
Keywords 0x8000000000000000
- TimeCreated
[ SystemTime] 2014-11-25T23:30:34.120233400Z
EventRecordID 121125
Correlation
- Execution
[ ProcessID] 1064
[ ThreadID] 20184
Channel System
Computer server
- Security
[ UserID] S-1-5-18
- EventData
AlertDesc 10
ErrorState 12
System
- Provider
[ Name] Schannel
[ Guid] {1F678132-5938-4686-9FDC-C8FF68F15C85}
EventID 36888
Version 0
Level 2
Task 0
Opcode 0
Keywords 0x8000000000000000
- TimeCreated
[ SystemTime] 2014-11-26T05:45:22.650086300Z
EventRecordID 121230
Correlation
- Execution
[ ProcessID] 1064
[ ThreadID] 45336
Channel System
Computer SERVER
- Security
[ UserID] S-1-5-18
- EventData
AlertDesc 10
ErrorState 1203
Process ID 1064 is Isass.exe
I found somewhere that error 1203 could be ignored, but nothing about error 12.
Server is running with selfsigned SAN certificate, hosted 2 exchange domains (10 mailboxes, 5 local, 5 linked for remote domain connected via external 2 way non transitive domain trust).
Thank you very much for any advise.
Regards,
Jan
ŠerýHi Jan,
Based on my research for the Event 36888, the issue may be caused by not standard or corrupted behavior of web browsers or users, such as user use HTTP protocol to access Exchange service which is a SSL site on port 443.
Please check whether there is a HTTP redirect configured in your IIS Manager of Exchange server. Also reset web browsers to have a try. Here are some similar thread for this issue:
https://social.technet.microsoft.com/Forums/forefront/en-US/92c63737-c2a3-41f7-8878-3b0cf5ee95ff/new-install-event-log-schannel-event-id-36888?forum=Forefrontedgegeneral
http://ficility.net/2013/10/21/exchange-2013-exchange-2010-windows-server-2012-schannel-event-id36888-1203-tlsssl-error-the-root-cause/
Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make
sure that you completely understand the risk before retrieving any suggestions from the above link.
Regards,
Winnie Liang
TechNet Community Support -
I keep losing my network connection for a few seconds at a time. Not a big deal unless I just spent time filling in a form and have to redo it.
Getting:
A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252. Using windows 8. I just installed the new ARRIS
TG862 provided by Comcast.
Any Ideas?
Also get the following errors in my events:
The name "WORKGROUP :1d" could not be registered on the interface with IP address 10.0.0.2. The computer with the IP address 10.0.0.3 did not allow the name to be claimed by this computer.
Realtek PCIe GBE Family Controller is disconnected from network.
Any help is appreciatedHi,
Critical Kernel-power event ID 41 is used appear after PC restarts or randomly restarts with error
BugcheckCode listed or a cold reboot. Do you get BSOD and some dump files?
Default location is %SystemRoot%\Minidump. You can upload it to skydrive, then paste link here.
How to use Skydrive
http://www.wikihow.com/Use-SkyDrive
Kernel-PnP event ID 219: A Plug and Play device driver on your system is failing to load due to a device driver or device malfunction, you can unplug any external devices (except mouse and keyboard, but please keep the latest drivers), and
check device status in device manager, please also keep the all latest driver update of your PC.
And for error 36888, I found a similar thread, please refer to this link
http://social.technet.microsoft.com/Forums/windowsserver/en-US/4c5430f5-43f6-41b4-97d3-03cfb3efa70b/schannel-error-event-id-36888-is-there-a-way-to-identify-what-causes-schannel-to-log-error?forum=winserverDS
Regards
Yolanda
TechNet Community Support -
I have a Windows Server 2008 R2 server flooded with Schannel Event ID's 36874 and 36888. Can someone please help?
The server is running Exchange 2010.
Event 36874, Schannel
An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
Event 36888, Schannel
The following fatal alert was generated: 40. The internal error state is 1205.Hi,
Please refer to the similar threads below:
Schannel Error ID 36888
getting Schannel 36874 errors on my CAS/HT servers
If the above is not helpful, please feel free to let me know.
Best regards,
Susie -
Schannel errors - appears to be causing blue screens
Hi guys
Every once in a while (a few times a month) our RDS server (server 200r82 hyper-v VM) decides to blue screen and restart.
Each and every time it crashes, we notice hundreds and hundreds of schannel errors appearing just before the crash (event ID 36888)
Well, it did it again this afternoon, and over the last 12 hours we noticed 1008 instances of this error, with 60 odd messages appearing within 0.2 seconds of each other, and 2 minutes before the crash.
I also noticed that just before the crash, there were a handful of services which hung seconds before the logged unexpected shutdown event. These services are as follows.
- UmRDPService
- WPDBusEnum
- UxSMS
- Audio Endpoint Builder
After the crash, it doesnt log any Schannel errors. although, saying this now and just checking again, it looks like its logged 127 instances of the same schannel error, starting from after around 2 hours of bringing the server back online.
Do these Schannel errors cause blue screens/crashes? Or is it something else I should be looking at... I'm at a loss, as there's not a lot more in the way of logs that seem to be telling me what's going on..Hi EsDood,
Would you please let me know complete message of Event ID
36888? For Event ID 36888, it generally occur if a user tries to access a web site using HTTP but specifies an SSL port in the URL. Please check the Schannel tracing log if find relevant clues.
How to enable Schannel event logging in IIS
Please also refer to following thread and check if can help you.
Schannel
error, Event ID 36888? - IS there a way to Identify what causes Schannel to log error?
In addition, I noticed that a BSOD issue occurred on the Windows Server 2008 R2. Troubleshoot this kind of
kernel crash issue, we need to analyze the crash dump file to narrow down the root cause of the issue. Did you get any dump files? If get, please refer to
KB315263 and check if can help you.
If this issues is a state of emergency for you. Please contact Microsoft Customer Service and Support (CSS) via telephone so that a dedicated Support Professional can assist with your request.
To obtain the phone numbers for specific technology request, please refer to the web site listed below:
http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone#faq607
If any update, please feel free to let me know.
Hope this helps.
Best regards,
Justin Gu -
Continuous "36888 Schannel Errors" in System Event Log when NOT connected to Internet
We are hoping someone will be able to assist with us this very strange issue please ?
We are using Windows 8.1 x64 Enterprise with Office 2013 and the latest Symantec Endpoint Proctecion v12.1.5 installed. They are managed using SCCM2012 in a large AD domain environment
When our workstations are NOT connected to the internet (only local intranet) the following errors appear in SYSTEM event log almost continuously (several times a minute).
Event ID:36888 User: SYSTEM OpCode:Info Level:Error Source:SChannel
"A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows Schannel error state is 11."
The process associated with these events is "Local Security Authority Process"
When an internet connection is enabled for these machines these 36888 errors will suddenly stop !.
An event "Error 36887 "A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40." Is also occurring on these machines but only occasionally.
As a result, We suspect there must be a process continuously attempting to connect to an internet service and failing ?.
Some of the things we have tried so far;
- We have disabled all non-essential services (e.g. Windows Store Service) one by one but this didn't fix.
- We have tried disabling Tile updates on Start
- We have tried a bunch of different Group Policy settings to disable different combinations of TLS/SSL in IE config.
- We have searched the internet forums and tried some suggested fixes but this combination of error state and error code seems unique ?.
It doesn't happen on our Windows 7 x64 workstations that have much same apps & configuration.
Any advice or suggestions would be greatly appreciated !
Thanks.Hi Makes006,
This Event ID 36888 occurs if a user tries to access a web site using HTTP but specifies an SSL port in the URL.
We can try clean boot to troubleshoot whether this issue is caused by a third party program .
How to perform a clean boot in Windows
http://support.microsoft.com/kb/929135
If there is no sensible impacts on operating the machines ,we can try to disable this log by modify the following registry key value to 0.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\EventLogging
For more information, please refer to the following link:
How to enable Schannel event logging in IIS
http://support.microsoft.com/kb/260729
Regards,
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
We have a public SSL certificate that allows for Active Directory sync with LDAPS on port 636 with our email smart host. This was working fine and suddenly stopped working and we are now getting SChannel errors Event ID 36869. There were no changes made
to the Exchange server, the firewall or the DC which holds the certificate. I have run a new certreq from the DC and then re-keyed the public SSL certificate and re-installed 3 times but the error does not go away and AD Sync with the vendor
fails. When I run LDP.exe the connection on port 636 fails with "cannot open connection" and the system event log throws the S Channel event 36869 "The SSL server credential's certificate does
not have a private key information property attached to it" There is no software firewall set on the DC. When I run Certutil -VerifyStore MY it shows the current certificates as well as the revoked and expired certificates
correctly. Certificate 0 is the public cert and is listed with Server and Client authentication, the FQDN of the server is correct and "Certificate is Valid" is listed. The private cert is Certificate 1 and has server and client authentication, the
FQDN is correct, Private key is not exportable and it ends with Certificate is Valid. I do not see a point in re-keying the cert again until I figure out what the root of the problem is. I have read in some forums that the private cert should not be set to
expire after the public cert but that does not make a lot of sense when in a situation like this the private cert is of course newer than the public. In fact it is too early to renew the public cert. I have been troubleshooting this for a few days and at this
point I would have to drop my AD sync with the vendor to LDAP in order to add new users. I do not want to do that for obvious reasons and I do not want to have our spam filtering and email archive service running without Directory sync. Any help would be greatly
appreciated.Hi,
Have you tried this?
How to assign a private key to a new certificate after you use the Certificates snap-in to delete the original certificate in Internet Information Services
http://support.microsoft.com/kb/889651
Best Regards,
Amy -
Front End Services won't start with new cert, SChannel error about hostname
We have an existing Lync 2013 Enterprise system set up, and many of the servers are using certs issues by our local CA. I want to move several of the certs to third-party certificates so that non-domain machines can connect. The first change I'm making is
on our Edge pool. However, I'm having an issue. Here are the details:
Our internal domain space is int.domain.com. Our external domain space is domain.com. Our Lync FE server is LS01.int.pool.com and our FE pool is pool01.int.domain.com. I have generated a CSR and requested a certificate from Globalsign with the following
characteristics:
SN: pool01.int.domain.com
SAN: pool01.int.domain.com
SAN: domain.com (wildcard)
SAN: int.domain.com (wildcard)
After applying the new cert using the topology builder, I've rebooted and the Lync Front-End Server service will no longer start. The following SChannel error is in the event logs:
The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is ls01.int.domain.com. The SSL connection request
has failed. The attached data contains the server certificate.
After reverting back to the original local CA cert, the services start. The local cert has a ton of individual SANs set up but I was under the impression that the wildcard SANs were supported and would be ok for the hostnames.
Why is it looking for my FE server name and not the pool? Is this an issue with my deployment, or is it with the cert? I'm not sure where to go from here.Hey Matt,
As mentioned above wildcards are only supported for Lync web services such as lyncdiscover, dialin and meeting URL's. It is OK to have wildcards in the certificates SAN, but you must also specifically include the following:
SN: pool01.int.domain.com (SN must be pool)
SAN: pool01.int.domain.com (pool must also be included in SAN)
SAN: lync-fe-001.int.domain.com (the machine name of your front end server)
This should solve the issue for you.
Andrew Morpeth
Lync Server Specialist - Auckland, NZ
Check out my blog -
Schannel errors on three of my DC's; Event ID 36887, Alert 46
I too am recieving the elusive schannel errors on three of my DC's, Event ID 36887, Alert 46. They only happen occasionally, at seemingly arbitrary times.
All three are Domain Controllers only; no IIS installed, no Exchange servers. No one logs in to these and browses from them (yes, I checked the event logs). There are no third party browsers installed. I have even tried disabling TLS
in the IE settings, no luck (not sure how or wy that would even work).
I have read as many forum posts as I can on this, and am still no closer to understanding what is going on.
How do I track this down?
EventID : 36887
MachineName : DCXY.Domain.us
Data : {}
Index : 27206
Category : (0)
CategoryNumber : 0
EntryType : Error
Message : The following fatal alert was received: 46.
Source : Schannel
ReplacementStrings : {46}
InstanceId : 36887
TimeGenerated : 3/26/2012 7:21:36 AM
TimeWritten : 3/26/2012 7:21:36 AM
UserName : NT AUTHORITY\SYSTEM
Thanks!I REALLY NEED HELP! I AM NEW TO THIS LAPTOP, AND I DO NOT UNDERSTAND THIS IN MY EVENT VIEWER, IT SHOWS FATAL ERROR:
Provider
Name]
Schannel
Guid]
{1F678132-5938-4686-9FDC-C8FF68F15C85}
EventID
36887
Version
0
Level
2
Task
0
Opcode
0
Keywords
0x8000000000000000
TimeCreated
SystemTime]
2014-01-12T21:23:37.220815100Z
EventRecordID
5190
Correlation
Execution
ProcessID]
660
ThreadID]
6336
Channel
System
Computer
5CD3182MR2
Security
UserID]
S-1-5-18
EventData
AlertDesc
40
I REALLY NEED HELP WITH THIS I AM ON A NEW LAPTOP AND DONT UNDERSTAND!! PLEASE ADVISE OR HELP!! -
WWhen I set up family sharing i did it with me as family organizer, but as my spouse is the organizer I had to leave the "family" I created and join his. But while setting it up an error occurred, and the screen went blank. Now I tried to join his family sharing again, and my phone keeps telling me I can't because accounts can only join families twice a year.
I Don't really want to wait 364 days from now, is there a way in which I can reset my accoint so I can join family sharing again?
Apple support doesn't have a solution for me yet!
KInd regardsThis morning I looked at my family sharing account again an IT WORKS NOW! Think Apple has done a reset to my account, though I'm not exactly sure why! So I hope it works for you guys as well!
-
My ipod touch is not listed as a device when connected to my computer. As suggested I attempted to download the latest of itunes. I got an
ox8007054f error code and the down load will not complete. I have also tried to restore my computer to an earlier setting, but it will
not accept the change.Have you looked at this completed previos discussion. It discusses 0x8007054F.
Re: Error message when trying to install iTunes -
I am using action script 3. I have html codes from ccbill that I am trying to make work with flash. Here is the script I am trying to use:
import flash.net.URLRequest;
var url:String = 'http://www.lexiefyfe.com/ccbill9001/index.htm';
myButton.addEventListener(MouseEvent.CLICK, onOrderClick);
function onOrderClick():void
var request:URLRequest = new URLRequest(url);
try {
navigateToURL(request, '_blank');
} catch (e:Error) {
trace('An error occurred');
Here is the code from ccbill:
<A HREF="http://www.lexiefyfe.com/ccbill9001/index.htm"><img src="ccbutton.jpg"></A>
This is the error report I am getting:
Scene=photogallery, layer=buttons, frame=1, Line 1 Statement must appear within on handler
Scene=photogallery, layer=buttons, frame=1, Line 3 Statement must appear within on handler
Scene=photogallery, layer=buttons, frame=1, Line 5 Statement must appear within on handler
Scene=photogallery, layer=buttons, frame=1, Line 7 A type identifier is expected after the ':'.
Scene=photogallery, layer=buttons, frame=1, Line 9 The class or interface 'flash.net.URLRequest' could not be loaded.
Scene=photogallery, layer=buttons, frame=1, Line 7 Statement must appear within on handler
If anyone can help me with this issue I would be most grateful.
Thank you for any consideration,
ThomasYou have a mixture of things going on... AS3 code in an AS2 setting. Those are all AS2 error messages, and they are indicating you have placed the code on the buttons. To use that code, it must be placed on the timeline, and your Flash Publish Settings need to have AS3 specified instead of AS2. AS3 does not allow code to be placed on objects like AS2 does.
-
I have just bought an iPhone 5 and it won't sync to iTunes. It says it needs iTunes 10.7, which I have downloaded and installed. I still get the error message and looking at "about iTunes" it says 10.6.3. What do I do??
Perhaps check to see if you're accidentally running two different versions of iTunes. There's some information on troubleshooting that in the Opening iTunes section of the following document:
Troubleshooting iTunes installation on Mac OS X -
i cant update my iphone 3gs to a more newer ios? it says here error! and the phone flashes some connect to itunes.. an if i connct nothing happens.. help me.. the ipgone wont open . and work pls help me thank you!
Hello AlexCornejo,
Thanks for using Apple Support Communities.
The screen you're seeing on your iPhone indicates it is in recovery mode. Now since the device is not appearing in iTunes on your PC, first follow the steps in this article:
iOS: Device not recognized in iTunes for Windows
http://support.apple.com/kb/TS1538
After following those steps, you should be able to restore your iPhone.
Take care,
Alex H. -
Help. Photoshop Elements 10 will not open. I get Error message that says "Runtime Error!" and closes. What do I do? What does it mean? I bought Elements 10 at a retail store. It did work for a while.
Hi,
Can you post back with the following.
1. The full Model No. and Product No. of the notebook ( from the service tag underneath your notebook ) - see Here for a further explanation.
2. The full version of the operating system you are using ( ie Windows 7 32bit ).
Regards,
DP-K
****Click the White thumb to say thanks****
****Please mark Accept As Solution if it solves your problem****
****I don't work for HP****
Microsoft MVP - Windows Experience
Maybe you are looking for
-
Incorrect Photo Orientation - Aperture 3 to Apple TV 2
About a year ago I imported my iPhoto library of about 23,000 photos to Aperture 3. The iPhoto library had some small corruptions in it and I was hoping the more robust nature of Aperture 3 would fix these, but the import made the corruption issues
-
Hi, I cant seem to get my DR8P to burn any more, on any media. Here is a log from Nero it seems to indicate the first failure as Sense Key: 0x03 (KEY_MEDIUM_ERROR) Sense Code: 0x73 Sense Qual: 0x03 A quick google (03/73/03) shows that this is
-
How do I change all caps to lowercase on Pages 08?
How do I change all caps to lowercase on Pages 08? Help says to use 'Lower' but I can't find it on the program.
-
OdiIinvokeWebService - SOAP - HTTP header
Using OdiIinvokeWebService and HTTPS protocol, can an HTTP header be passed with the SOAP request? Thank you
-
Wifi connected but not able to access the internet
I was able to connect to the wifi, but can not access the internet. It shows the blue bars, but for example, I can't log into facebook. My laptop, my blackberry are all connected but I can't get the ipod to work. I have removed and reinstalled the ne