Schannel Errors 36874 and 36888

Similar Messages

• Exchange 2013 event ID 36888 SChannel error 12 and 1203

  I am running Windows Server 2012 STD with Exchange 2013 installed on the same server. I know that Microsoft doesnt recommend to do this, but I had no choice. Errors are follow:
  A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 12.
  A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203.
  - System
  - Provider
  [ Name] Schannel
  [ Guid] {1F678132-5938-4686-9FDC-C8FF68F15C85}
  EventID 36888
  Version 0
  Level 2
  Task 0
  Opcode 0
  Keywords 0x8000000000000000
  - TimeCreated
  [ SystemTime] 2014-11-25T23:30:34.120233400Z
  EventRecordID 121125
  Correlation
  - Execution
  [ ProcessID] 1064
  [ ThreadID] 20184
  Channel System
  Computer server
  - Security
  [ UserID] S-1-5-18
  - EventData
  AlertDesc 10
  ErrorState 12
  System
  - Provider
  [ Name] Schannel
  [ Guid] {1F678132-5938-4686-9FDC-C8FF68F15C85}
  EventID 36888
  Version 0
  Level 2
  Task 0
  Opcode 0
  Keywords 0x8000000000000000
  - TimeCreated
  [ SystemTime] 2014-11-26T05:45:22.650086300Z
  EventRecordID 121230
  Correlation
  - Execution
  [ ProcessID] 1064
  [ ThreadID] 45336
  Channel System
  Computer SERVER
  - Security
  [ UserID] S-1-5-18
  - EventData
  AlertDesc 10
  ErrorState 1203
  Process ID 1064 is Isass.exe
  I found somewhere that error 1203 could be ignored, but nothing about error 12. 
  Server is running with selfsigned SAN certificate, hosted 2 exchange domains (10 mailboxes, 5 local, 5 linked for remote domain connected via external 2 way non transitive domain trust).
  Thank you very much for any advise.
  Regards,
  Jan
  Šerý

  Hi Jan,
  Based on my research for the Event 36888, the issue may be caused by not standard or corrupted behavior of web browsers or users, such as user use HTTP protocol to access Exchange service which is a SSL site on port 443.
  Please check whether there is a HTTP redirect configured in your IIS Manager of Exchange server. Also reset web browsers to have a try. Here are some similar thread for this issue:
  https://social.technet.microsoft.com/Forums/forefront/en-US/92c63737-c2a3-41f7-8878-3b0cf5ee95ff/new-install-event-log-schannel-event-id-36888?forum=Forefrontedgegeneral
  http://ficility.net/2013/10/21/exchange-2013-exchange-2010-windows-server-2012-schannel-event-id36888-1203-tlsssl-error-the-root-cause/
  Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make
  sure that you completely understand the risk before retrieving any suggestions from the above link.
  Regards,
  Winnie Liang
  TechNet Community Support

• EVENT 36888, Schannel A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

  I keep losing my network connection for a few seconds at a time.  Not  a big deal unless I just spent time filling in a form and have to redo it.
  Getting:
  A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252. Using windows 8.  I just installed the new ARRIS
  TG862 provided by Comcast. 
  Any Ideas?
  Also get the following errors in my events:
  The name "WORKGROUP      :1d" could not be registered on the interface with IP address 10.0.0.2. The computer with the IP address 10.0.0.3 did not allow the name to be claimed by this computer.
  Realtek PCIe GBE Family Controller is disconnected from network.
  Any help is appreciated

  Hi,
  Critical Kernel-power event ID 41 is used appear after PC restarts or randomly restarts with error
  BugcheckCode listed or a cold reboot. Do you get BSOD and some dump files?
   Default location is %SystemRoot%\Minidump. You can upload it to skydrive, then paste link here.
  How to use Skydrive
  http://www.wikihow.com/Use-SkyDrive
  Kernel-PnP event ID 219: A Plug and Play device driver on your system is failing to load due to a device driver or device malfunction, you can unplug any external devices (except mouse and keyboard, but please keep the latest drivers), and
  check device status in device manager, please also keep the all latest driver update of your PC.
  And for error 36888, I found a similar thread, please refer to this link
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/4c5430f5-43f6-41b4-97d3-03cfb3efa70b/schannel-error-event-id-36888-is-there-a-way-to-identify-what-causes-schannel-to-log-error?forum=winserverDS
  Regards
  Yolanda
  TechNet Community Support

• Schannel errors in logs

  I have a Windows Server 2008 R2 server flooded with Schannel Event ID's 36874 and 36888.  Can someone please help?
  The server is running Exchange 2010.
  Event 36874, Schannel
  An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
  Event 36888, Schannel
  The following fatal alert was generated: 40. The internal error state is 1205.

  Hi,
  Please refer to the similar threads below:
  Schannel Error ID 36888
  getting Schannel 36874 errors on my CAS/HT servers
  If the above is not helpful, please feel free to let me know.
  Best regards,
  Susie

• Schannel errors - appears to be causing blue screens

  Hi guys
  Every once in a while (a few times a month) our RDS server (server 200r82 hyper-v VM) decides to blue screen and restart.
  Each and every time it crashes, we notice hundreds and hundreds of schannel errors appearing just before the crash (event ID 36888)
  Well, it did it again this afternoon, and over the last 12 hours we noticed 1008 instances of this error, with 60 odd messages appearing within 0.2 seconds of each other, and 2 minutes before the crash.
  I also noticed that just before the crash, there were a handful of services which hung seconds before the logged unexpected shutdown event. These services are as follows.
  - UmRDPService
  - WPDBusEnum
  - UxSMS
  - Audio Endpoint Builder
  After the crash, it doesnt log any Schannel errors. although, saying this now and just checking again, it looks like its logged 127 instances of the same schannel error, starting from after around 2 hours of bringing the server back online.
  Do these Schannel errors cause blue screens/crashes? Or is it something else I should be looking at... I'm at a loss, as there's not a lot more in the way of logs that seem to be telling me what's going on..

  Hi EsDood,
  Would you please let me know complete message of Event ID
  36888? For Event ID 36888, it generally occur if a user tries to access a web site using HTTP but specifies an SSL port in the URL. Please check the Schannel tracing log if find relevant clues.
  How to enable Schannel event logging in IIS
  Please also refer to following thread and check if can help you.
  Schannel
  error, Event ID 36888? - IS there a way to Identify what causes Schannel to log error?
  In addition, I noticed that a BSOD issue occurred on the Windows Server 2008 R2. Troubleshoot this kind of
  kernel crash issue, we need to analyze the crash dump file to narrow down the root cause of the issue. Did you get any dump files? If get, please refer to
  KB315263 and check if can help you.
  If this issues is a state of emergency for you. Please contact Microsoft Customer Service and Support (CSS) via telephone so that a dedicated Support Professional can assist with your request.
  To obtain the phone numbers for specific technology request, please refer to the web site listed below:
  http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone#faq607
  If any update, please feel free to let me know.
  Hope this helps.
  Best regards,
  Justin Gu

• Continuous "36888 Schannel Errors" in System Event Log when NOT connected to Internet

  We are hoping someone will be able to assist with us this very strange issue please ?
  We are using Windows 8.1 x64 Enterprise with Office 2013 and the latest Symantec Endpoint Proctecion v12.1.5 installed. They are managed using SCCM2012 in a large AD domain environment
  When our workstations are NOT connected to the internet (only local intranet) the following errors appear in SYSTEM event log almost continuously (several times a minute).
  Event ID:36888  User: SYSTEM  OpCode:Info  Level:Error  Source:SChannel 
  "A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows Schannel error state is 11."
  The process associated with these events is "Local Security Authority Process"
  When an internet connection is enabled for these machines these 36888 errors will suddenly stop !.
  An event "Error 36887 "A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40." Is also occurring on these machines but only occasionally.
  As a result, We suspect there must be a process continuously attempting to connect to an internet service and failing ?.
  Some of the things we have tried so far;
  - We have disabled all non-essential services (e.g. Windows Store Service) one by one but this didn't fix.
  - We have tried disabling Tile updates on Start 
  - We have tried a bunch of different Group Policy settings to disable different combinations of TLS/SSL in IE config.
  - We have searched the internet forums and tried some suggested fixes but this combination of error state and error code seems unique ?.
  It doesn't happen on our Windows 7 x64 workstations that have much same apps & configuration.
  Any advice or suggestions would be greatly appreciated !
  Thanks.

  Hi Makes006,
  This Event ID 36888 occurs if a user tries to access a web site using HTTP but specifies an SSL port in the URL.
  We can try clean boot to troubleshoot whether this issue is caused by a third party program .
  How to perform a clean boot in Windows
  http://support.microsoft.com/kb/929135
  If there is no sensible impacts on operating the machines ,we can try to disable this log by modify the following registry key value to 0.
  HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\EventLogging
  For more information, please refer to the following link:
  How to enable Schannel event logging in IIS
  http://support.microsoft.com/kb/260729
  Regards,
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• SChannel error- The SSL server credential's certificate does not have a private key information property attached to it.

  We have a public SSL certificate that allows for Active Directory sync with LDAPS on port 636 with our email smart host. This was working fine and suddenly stopped working and we are now getting SChannel errors Event ID 36869. There were no changes made
  to the Exchange server, the firewall or the DC which holds the certificate. I have run a new certreq from the DC and then re-keyed the public SSL certificate and re-installed 3 times but the error does not go away and AD Sync with the vendor
  fails. When I run LDP.exe the connection on port 636 fails with "cannot open connection" and the system event log throws the S Channel event 36869 "The SSL server credential's certificate does
  not have a private key information property attached to it"  There is no software firewall set on the DC. When I run Certutil -VerifyStore MY  it shows the current certificates as well as the revoked and expired certificates
  correctly. Certificate 0 is the public cert and is listed with Server and Client authentication, the FQDN of the server is correct and "Certificate is Valid" is listed. The private cert is Certificate 1 and has server and client authentication, the
  FQDN is correct, Private key is not exportable and it ends with Certificate is Valid. I do not see a point in re-keying the cert again until I figure out what the root of the problem is. I have read in some forums that the private cert should not be set to
  expire after the public cert but that does not make a lot of sense when in a situation like this the private cert is of course newer than the public. In fact it is too early to renew the public cert. I have been troubleshooting this for a few days and at this
  point I would have to drop my AD sync with the vendor to LDAP in order to add new users. I do not want to do that for obvious reasons and I do not want to have our spam filtering and email archive service running without Directory sync. Any help would be greatly
  appreciated.

  Hi,
  Have you tried this?
  How to assign a private key to a new certificate after you use the Certificates snap-in to delete the original certificate in Internet Information Services
  http://support.microsoft.com/kb/889651
  Best Regards,
  Amy

• Front End Services won't start with new cert, SChannel error about hostname

  We have an existing Lync 2013 Enterprise system set up, and many of the servers are using certs issues by our local CA. I want to move several of the certs to third-party certificates so that non-domain machines can connect. The first change I'm making is
  on our Edge pool. However, I'm having an issue. Here are the details:
  Our internal domain space is int.domain.com. Our external domain space is domain.com. Our Lync FE server is LS01.int.pool.com and our FE pool is pool01.int.domain.com. I have generated a CSR and requested a certificate from Globalsign with the following
  characteristics:
  SN: pool01.int.domain.com
  SAN: pool01.int.domain.com
  SAN: domain.com (wildcard)
  SAN: int.domain.com (wildcard)
  After applying the new cert using the topology builder, I've rebooted and the Lync Front-End Server service will no longer start. The following SChannel error is in the event logs:
  The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is ls01.int.domain.com. The SSL connection request
  has failed. The attached data contains the server certificate.
  After reverting back to the original local CA cert, the services start. The local cert has a ton of individual SANs set up but I was under the impression that the wildcard SANs were supported and would be ok for the hostnames.
  Why is it looking for my FE server name and not the pool? Is this an issue with my deployment, or is it with the cert? I'm not sure where to go from here.

  Hey Matt,
  As mentioned above wildcards are only supported for Lync web services such as lyncdiscover, dialin and meeting URL's. It is OK to have wildcards in the certificates SAN, but you must also specifically include the following:
  SN: pool01.int.domain.com (SN must be pool)
  SAN: pool01.int.domain.com (pool must also be included in SAN)
  SAN: lync-fe-001.int.domain.com (the machine name of your front end server)
  This should solve the issue for you.
  Andrew Morpeth
  Lync Server Specialist - Auckland, NZ
  Check out my blog

• Schannel errors on three of my DC's; Event ID 36887, Alert 46

  I too am recieving the elusive schannel errors on three of my DC's, Event ID 36887, Alert 46. They only happen occasionally, at seemingly arbitrary times.
  All three are Domain Controllers only; no IIS installed, no Exchange servers. No one logs in to these and browses from them (yes, I checked the event logs). There are no third party browsers installed. I have even tried disabling TLS
  in the IE settings, no luck (not sure how or wy that would even work).
  I have read as many forum posts as I can on this, and am still no closer to understanding what is going on.
  How do I track this down?
  EventID : 36887
  MachineName : DCXY.Domain.us
  Data : {}
  Index : 27206
  Category : (0)
  CategoryNumber : 0
  EntryType : Error
  Message : The following fatal alert was received: 46.
  Source : Schannel
  ReplacementStrings : {46}
  InstanceId : 36887
  TimeGenerated : 3/26/2012 7:21:36 AM
  TimeWritten : 3/26/2012 7:21:36 AM
  UserName : NT AUTHORITY\SYSTEM
  Thanks!

  I REALLY NEED HELP! I AM NEW TO THIS LAPTOP, AND I DO NOT UNDERSTAND THIS IN MY EVENT VIEWER, IT SHOWS FATAL ERROR:
  Provider
  Name]
  Schannel
  Guid]
  {1F678132-5938-4686-9FDC-C8FF68F15C85}
  EventID
  36887
  Version
  0
  Level
  2
  Task
  0
  Opcode
  0
  Keywords
  0x8000000000000000
  TimeCreated
  SystemTime]
  2014-01-12T21:23:37.220815100Z
  EventRecordID
  5190
  Correlation
  Execution
  ProcessID]
  660
  ThreadID]
  6336
  Channel
  System
  Computer
  5CD3182MR2
  Security
  UserID]
  S-1-5-18
  EventData
  AlertDesc
  40
  I REALLY NEED HELP WITH THIS I AM ON A NEW LAPTOP AND DONT UNDERSTAND!! PLEASE ADVISE OR HELP!!

• I set up family sharing wrong, so i left family sharing and joined the right way agin but an error occurred and now it tells me I'll have to wait 364 days to rejoin again! How can I reset my account so I can use it again?

  WWhen I set up family sharing i did it with me as family organizer, but as my spouse is the organizer I had to leave the "family" I created and join his. But while setting it up an error occurred, and the screen went blank. Now I tried to join his family sharing again, and my phone keeps telling me I can't because accounts can only join families twice a year.
  I Don't really want to wait 364 days from now, is there a way in which I can reset my accoint so I can join family sharing again?
  Apple support doesn't have a solution for me yet!
  KInd regards

  This morning I looked at my family sharing account again an IT WORKS NOW! Think Apple has done a reset to my account, though I'm not exactly sure why! So I hope it works for you guys as well!

• My ipod touch is not list as a device on itunes.  When I tried do update itunes, I get a ox8007054f error code and the update will not complete.

  My ipod touch is not listed as a device when connected to my computer.  As suggested I attempted to download the latest of itunes.  I got an
  ox8007054f error code and the down load will not complete.  I have also tried to restore my computer to an earlier setting, but it will
  not accept the change.

  Have you looked at this completed previos discussion. It discusses 0x8007054F.
  Re: Error message when trying to install iTunes

• I am getting an error report and not sure how to fix the script. Please help...

  I am using action script 3. I have html codes from ccbill that I am trying to make work with flash. Here is the script I am trying to use:
  import flash.net.URLRequest;
  var url:String = 'http://www.lexiefyfe.com/ccbill9001/index.htm';
  myButton.addEventListener(MouseEvent.CLICK, onOrderClick);
  function onOrderClick():void
        var request:URLRequest = new URLRequest(url);
        try {
              navigateToURL(request, '_blank');
        } catch (e:Error) {
              trace('An error occurred');
  Here is the code from ccbill:
  <A HREF="http://www.lexiefyfe.com/ccbill9001/index.htm"><img src="ccbutton.jpg"></A>
  This is the error report I am getting:
  Scene=photogallery, layer=buttons, frame=1, Line 1 Statement must appear within on handler
  Scene=photogallery, layer=buttons, frame=1, Line 3 Statement must appear within on handler
  Scene=photogallery, layer=buttons, frame=1, Line 5 Statement must appear within on handler
  Scene=photogallery, layer=buttons, frame=1, Line 7 A type identifier is expected after the ':'.
  Scene=photogallery, layer=buttons, frame=1, Line 9 The class or interface 'flash.net.URLRequest' could not be loaded.
  Scene=photogallery, layer=buttons, frame=1, Line 7 Statement must appear within on handler
  If anyone can help me with this issue I would be most grateful.
  Thank you for any consideration,
  Thomas

  You have a mixture of things going on... AS3 code in an AS2 setting.  Those are all AS2 error messages, and they are indicating you have placed the code on the buttons.  To use that code, it must be placed on the timeline, and your Flash Publish Settings need to have AS3 specified instead of AS2.  AS3 does not allow code to be placed on objects like AS2 does.

• I have just bought an iPhone 5 and it won't sync to iTunes.  It says it needs  iTunes 10.7, which I have downloaded and installed.  I still get the error message and looking at "about iTunes" it says 10.6.3.  What do I do??

  I have just bought an iPhone 5 and it won't sync to iTunes.  It says it needs  iTunes 10.7, which I have downloaded and installed.  I still get the error message and looking at "about iTunes" it says 10.6.3.  What do I do??

  Perhaps check to see if you're accidentally running two different versions of iTunes. There's some information on troubleshooting that in the Opening iTunes section of the following document:
  Troubleshooting iTunes installation on Mac OS X

• HT4972 i cant update my iphone 3gs to a more newer ios? it says here error! and the phone flashes some connect to itunes.. an if i connct nothing happens.. help me.. the ipgone wont open . and work pls help me thank you!

  i cant update my iphone 3gs to a more newer ios? it says here error! and the phone flashes some connect to itunes.. an if i connct nothing happens.. help me.. the ipgone wont open . and work pls help me thank you!

  Hello AlexCornejo,
  Thanks for using Apple Support Communities.
  The screen you're seeing on your iPhone indicates it is in recovery mode.  Now since the device is not appearing in iTunes on your PC, first follow the steps in this article:
  iOS: Device not recognized in iTunes for Windows
  http://support.apple.com/kb/TS1538
  After following those steps, you should be able to restore your iPhone.
  Take care,
  Alex H.

• Photoshop Elements 10 will not open.  I get Error message that says "Runtime Error!" and closes.  What do I do?

  Help.  Photoshop Elements 10 will not open.  I get Error message that says "Runtime Error!" and closes. What do I do?  What does it mean?  I bought Elements 10 at a retail store.  It did work for a while.

  Hi,
  Can you post back with the following.
  1.  The full Model No. and Product No. of the notebook ( from the service tag underneath your notebook ) - see Here for a further explanation.
  2.  The full version of the operating system you are using ( ie Windows 7 32bit ).
  Regards,
  DP-K
  ****Click the White thumb to say thanks****
  ****Please mark Accept As Solution if it solves your problem****
  ****I don't work for HP****
  Microsoft MVP - Windows Experience