SCHANNEL Fatal Alert:80 in Event Viewer

Similar Messages

• Event ID 36887 Schannel - fatal alert code 49

  Use process explorer and refer to the PID in the event log. This should at least tell you what program is creating the event, narrowing down the cause a bit.

  Windows Server 2012 R2 Hyper-V VM Fileserver.
  Have these errors happening consistently in event viewer every 2 to 3 minutes.
  Am not running web server, just a file server.
  Any ideas on how to track this down?
  Not seeing much info on 36887 with code "49"
  Anyone else had/solved this problem?
  This topic first appeared in the Spiceworks Community

• ID: 36887; source: Schannel "fatal alert was recieved; 49"

  at my eventlog i get only one error - the following error one:
  "the following fatal alert was recieved; 49"
  Log Name : System
  Source: Schannel
  Event ID: 36887
  Level: Error
  User: System
  The notification comes irregularly over again
  I did a some intensive research but I can't find hints for alert 49.
  Anybody has a hint to solve the problem ?
  _________________________________________________ assist others - and you can hope of help at self

  Hi,
  Thanks for posting in Microsoft TechNet forums.
  I would appreciate if you can help clarify the following questions:
  When did this issue begin to occur?
  Have you experience any low performance since came across this event error?
  Is this a client inside a domain?
  Please refer to this thread,
  it seems this issue have something to do with security software or exchange server related client.
  At this point, I suggest we prepare
  clean boot to test.
  Best Regards
  Magon Liu
  TechNet Subscriber Support
  in forum. If you have any feedback on our support, please contact
  [email protected]
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”

• Event ID 36888 - Schannel - A fatal alert was generated and sent to the remote endpoint.

  Exchange 2013:  2 x multi-role in one DAG - on-premise
  Performing remote mailbox migration using internet (*non-exchange web-based  tool*), to ship data from cloud Ex2010 server to Ex013 on-premise.
  Have multiple failures when doing the mailbox data copy - my migration tool error code tells me that:
  This error indicates that we were unable to authenticate to the source or destination mailbox and retrieve a list of folders when given 15
  minutes to complete these operations. This may be because the source or destination is unusually slow, has a very large number of folders, or due to "hanging" networking calls.
  Some mailboxes are copying, but around 80% are not.  Checked all permissions and other factors.
  I see in the System event log the following below:
  Log Name:      System
  Source:        Schannel
  Date:          9/14/2013 2:14:53 PM
  Event ID:      36888
  Task Category: None
  Level:         Error
  Keywords:      
  User:          SYSTEM
  Computer:      server.domain.local
  Description:
  A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Schannel" Guid="{1F678132-5938-4686-9FDC-C8FF68F15C85}" />
      <EventID>36888</EventID>
      <Version>0</Version>
      <Level>2</Level>
      <Task>0</Task>
      <Opcode>0</Opcode>
      <Keywords>0x8000000000000000</Keywords>
      <TimeCreated SystemTime="2013-09-14T20:14:53.699840000Z" />
      <EventRecordID>135625</EventRecordID>
      <Correlation />
      <Execution ProcessID="544" ThreadID="17928" />
      <Channel>System</Channel>
      <Computer>server.domain.local</Computer>
      <Security UserID="S-1-5-18" />
    </System>
    <EventData>
      <Data Name="AlertDesc">10</Data>
      <Data Name="ErrorState">1203</Data>
    </EventData>
  </Event>
  Anyone seen this? - not much recording this error available for Ex2013.

  Hello,
  Thank you for your post.
  This is a quick note to let you know that we are performing research on this issue.
  If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Simon Wu
  TechNet Community Support
  Hi Simon
  I opened a SEV B case  today.  Appears to directly reflect the amount of load i put through, in terms of data being shipped with our migration tool.  That tool is basically logging into each mailbox using a superuser account and populating
  it with mail and calendar data form a source cloud mailbox.  No fancy co-existence or online move requests.
  All throttle policies are removed.  Attempting to migrate more than 20 mailboxes at a time results in the System Event log being filled with the Schannel error above.  Reducing the amount below this still shows the errors appearing, but not enough
  to stop mailbox data being shipped and the migration tool suffering a stop error.
  I will update the thread tomorrow when i speak with the engineer.  Surprised noone has had any input so far.
  I have the same problem, here is some data. I have two exchange profiles and the 2nd one stops logging in after this error starts. I have to reset the wireless connection and restart outlook to clear the situation.
  Dave Ladouceur

• EVENT 36888, Schannel A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

  I keep losing my network connection for a few seconds at a time.  Not  a big deal unless I just spent time filling in a form and have to redo it.
  Getting:
  A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252. Using windows 8.  I just installed the new ARRIS
  TG862 provided by Comcast. 
  Any Ideas?
  Also get the following errors in my events:
  The name "WORKGROUP      :1d" could not be registered on the interface with IP address 10.0.0.2. The computer with the IP address 10.0.0.3 did not allow the name to be claimed by this computer.
  Realtek PCIe GBE Family Controller is disconnected from network.
  Any help is appreciated

  Hi,
  Critical Kernel-power event ID 41 is used appear after PC restarts or randomly restarts with error
  BugcheckCode listed or a cold reboot. Do you get BSOD and some dump files?
   Default location is %SystemRoot%\Minidump. You can upload it to skydrive, then paste link here.
  How to use Skydrive
  http://www.wikihow.com/Use-SkyDrive
  Kernel-PnP event ID 219: A Plug and Play device driver on your system is failing to load due to a device driver or device malfunction, you can unplug any external devices (except mouse and keyboard, but please keep the latest drivers), and
  check device status in device manager, please also keep the all latest driver update of your PC.
  And for error 36888, I found a similar thread, please refer to this link
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/4c5430f5-43f6-41b4-97d3-03cfb3efa70b/schannel-error-event-id-36888-is-there-a-way-to-identify-what-causes-schannel-to-log-error?forum=winserverDS
  Regards
  Yolanda
  TechNet Community Support

• Repeated Schannel 36887 Errors - Fatal alert 46

  I'm having a strange Schannel error repeatedly on my Exchange SP2 install.  Everything is working properly (webmail/ecp/activesync), but I get repeated Schannel event 36887 errors.  Each error coincides exactly with two Security Audit Success events. 
  This is happening on average more than once per minute. 
  Schannel Event 36887
  The following fatal alert was received: 46.
  Microsoft Windows Security  Event 5058:
  Key file operation.
  Subject:
  Security ID: NETWORK SERVICE
  Account Name: <servername$>
  Account Domain: <mydomain>
  Logon ID: 0x3e4
  Cryptographic Parameters:
  Provider Name: Microsoft Software Key Storage Provider
  Algorithm Name: Not Available.
  Key Name: <omitted>
  Key Type: Machine key.
  Key File Operation Information:
  File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\<omitted>
  Operation: Read persisted key from file.
  Return Code: 0x0
  Microsoft Windows security event 5061
  Cryptographic operation.
  Subject:
  Security ID: NETWORK SERVICE
  Account Name: <servername$>
  Account Domain: <mydomain>
  Logon ID: 0x3e4
  Cryptographic Parameters:
  Provider Name: Microsoft Software Key Storage Provider
  Algorithm Name: RSA
  Key Name: <omitted, same as above event>
  Key Type: Machine key.
  Cryptographic Operation:
  Operation: Open Key.
  Return Code: 0x0

  These forums are useless. People post a useless answer and then mark it as an answer for themselves. Meanwhile, my EXCHANGE server keeps filling the event log with this error. The error did not occur when the server was set up. No changes were made
  to the server except for Windows updates. Ergo, Microsoft did something to cause this error, but they don't want to do anything to fix the error. And why would we discuss this in the IIS forum when it's an Exchange issue? Possibly Exchange is using IIS but
  it's still an Exchange issue.
  I usually simply disable the chatter and only enable it if I am troubleshooting an error in the registry:
  Set-itemproperty HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel -Name
  EventLogging -Value 0
  As for why that chatter is in the logs in the first place, that I do not know, sorry.
  Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

• Webcenter Spaces Events Service configuration: FATAL Alert BAD CERTIFICATE

  Hello,
  I have a simple requirement to connect the events taskflow from an exchange server that is https and has a confirmed security certificate. I use the wsdl path for the events service and add it to my webcenter spaces service configuration -> Personal Events configuration.
  Then I ran into this error.
  javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.
  So, I downloaded the .crt file from Chrome (in per format) and used the keytool to upload the certificate exception into the cacerts file inside jdk and jrocket folders. I restart the managed server running WebCenter Spaces. This had no effect on the error.
  Is there anything else that I should do?
  Thanks,
  Pradyumna

  I have the same problem. Did You resolve it?

• I can no longer use all of the "Computer Management" tools against a remote computer. "Local Users and Groups", "Event Viewer", "Performance Logs and Alerts" and "Device Manager"

  Hello All,
  I can no longer use all of the "Computer Management" tools against a remote
  computer. "Local Users and Groups", "Event Viewer", "Performance Logs and
  Alerts" and "Device Manager"
  kindly see the below snapshot for assistance
  REGARDS DANISH DANIE

  This link may help....
  http://windowsxp.mvps.org/admintools.htm
  Freeman

• Fatal Alert

  We have been receiving this error message several times a day:
  A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203.
  None of the Lync functionality seems to be effected it just looks to be an annoying error.
  Has anyone seen this error and know how to stop it.

  Sometimes the 1203s go hand in hand with 1205s.
  Check out the following:
  http://ucken.blogspot.com/2013/12/schannel-errors-on-lync-server.html
  http://serverfault.com/questions/445426/lync-tls-event-36874-how-to-handle
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
  SWC Unified Communications
  This forum post is based upon my personal experience and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Continuous "36888 Schannel Errors" in System Event Log when NOT connected to Internet

  We are hoping someone will be able to assist with us this very strange issue please ?
  We are using Windows 8.1 x64 Enterprise with Office 2013 and the latest Symantec Endpoint Proctecion v12.1.5 installed. They are managed using SCCM2012 in a large AD domain environment
  When our workstations are NOT connected to the internet (only local intranet) the following errors appear in SYSTEM event log almost continuously (several times a minute).
  Event ID:36888  User: SYSTEM  OpCode:Info  Level:Error  Source:SChannel 
  "A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows Schannel error state is 11."
  The process associated with these events is "Local Security Authority Process"
  When an internet connection is enabled for these machines these 36888 errors will suddenly stop !.
  An event "Error 36887 "A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40." Is also occurring on these machines but only occasionally.
  As a result, We suspect there must be a process continuously attempting to connect to an internet service and failing ?.
  Some of the things we have tried so far;
  - We have disabled all non-essential services (e.g. Windows Store Service) one by one but this didn't fix.
  - We have tried disabling Tile updates on Start 
  - We have tried a bunch of different Group Policy settings to disable different combinations of TLS/SSL in IE config.
  - We have searched the internet forums and tried some suggested fixes but this combination of error state and error code seems unique ?.
  It doesn't happen on our Windows 7 x64 workstations that have much same apps & configuration.
  Any advice or suggestions would be greatly appreciated !
  Thanks.

  Hi Makes006,
  This Event ID 36888 occurs if a user tries to access a web site using HTTP but specifies an SSL port in the URL.
  We can try clean boot to troubleshoot whether this issue is caused by a third party program .
  How to perform a clean boot in Windows
  http://support.microsoft.com/kb/929135
  If there is no sensible impacts on operating the machines ,we can try to disable this log by modify the following registry key value to 0.
  HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\EventLogging
  For more information, please refer to the following link:
  How to enable Schannel event logging in IIS
  http://support.microsoft.com/kb/260729
  Regards,
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Windows server 2008 R2: The following fatal alert was generated: 40. The internal error state is 1205.

  On my app server which is win2008R2, no IIS installed, I kept getting these errors:
  "The following fatal alert was generated: 40. The internal error state is 1205." - Event ID 36888
  "An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed." - Event ID 36874
  I did a few search on google but they mentioned about the SSL.  However, my server has no SSL installed.  We don't have a need to put SSL on the app server.   Any help will very appreciated.
  -vecon

  Simply ignore the message then.
  If you would like to investigate further, you will need to identify the source of the TLS connection. If this is not logged in event viewer then you could give a look to IIS logs or simply use a Network Sniffer like Wireshark to inspect the traffic.
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• The following fatal alert was generated: 20. The internal error state is 960.

  Hi,
  In Some servers including domain controller i am getting error in system event logs.
  The following fatal alert was generated: 20. The internal error state is 960.  ( In Domain controller)
  The following fatal alert was generated: 40. The internal error state is 1205. (In same server CAS & HUB role is instaled).
  An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed. (In
  same server CAS & HUB role is instaled).
  The following fatal alert was received: 46.  (In same server CAS & HUB role is instaled).
  I have read in many blogs some techie is telling to ignore the events. But i want to now exactly what is issue which is creating this alerts. Mostly in Domain controller i am getting this alerts. Kindly need your valuable suggestion and solution to overcome
  the problem.
  Thanks & Regards,

  Hello,
  for the first 2 errors you find answers like
  https://social.technet.microsoft.com/forums/windowsserver/en-US/091a3222-641b-43a3-ae19-6cc238828950/certificate-services-cant-connect-using-ssl
  https://social.technet.microsoft.com/Forums/windowsserver/en-US/a87505a3-1fd0-47b3-b6db-d36444da34fc/schannel-errors-36874-and-36888?forum=winserversecurity
  So assure that used certificates are not broken.
  Also it would be great to post the complete error messages and list all installed server roles and applications from that machines with the errors for a better overview.
  Are all machines installed with the latest available SPs and updates?
  Best regards
  Meinolf Weber
  MVP, MCP, MCTS
  Microsoft MVP - Directory Services
  My Blog: http://blogs.msmvps.com/MWeber
  Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
  Twitter:  

• Https Issue:SSLHandshakeException:Received fatal alert:bad_certificate

  hi experts,
    My scenario is Proxy to AS2. In AS2 receiver I have https protocol. I have put SSL Certificate(keystore) value.
  Let say
  View-  x
  Certificate name-  cer
  then I  have given
  TRUSTED\x\cer
  in SSL Certificate(keystore) field of AS2 receiver channel.
  Let me know weather it is correct.
  Second field in Communication channel is "Private key for Client Authentication".  I have kept it as blank.
  I am getting an error in AS2 Receiver Channel saying:-
  Message processing failed. Cause: javax.resource.ResourceException: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate # , SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate #
  My certificate has not expired yet.
  Please help me in this matter.
  Thanks
  Jaideep

  hi experts,
  Please look into the below  matter and help me to resolve it.
  Thanks
  Jaideep

• Event ID 10317 PnP event is logged in Event Viewer

  Network device on Win 2012R2 OEM server loses connectivity.
  Event Viewer's general info:
  Miniport had event Fatal error: The miniport has detected an internal error.
  Only reset helps and the problem doesn't occur in WIN7.
  Someone maybe have an idea about this problem?
  Thanks.

  Hi,
  Just addition. Please also refer to following KB and check if can help you.
  Event ID 10317 is logged when you turn on a mobile broadband
  device or resume it from sleep
  Hope this helps.
  Best regards,
  Justin Gu

• Alerts for events showing two time zones? Alerts happening at odd times.

  I just set a new event for later today using the calender app. I set two alerts, one for 30 mins before, and one for 15 minutes before. It is currently TWO hours until the appointment, but my phone just gave me the alert saying "*event name* in 30 minues (6:30, 5:30 ADT)"
  Why is my phone suddently telling me when my events are happening in ADT? (That means Atlantic Daylight Time... I think!) And why is it giving me the alert 2 hours before, rather than the set 30 mins?
  Message was edited by: Sarah CMac

  It just happened again! I wrote down exactly what it said.
  the current time is 5:00
  the message said:
  " Table Viewers
  Today at 5:30pm (6:30pm ADT)"
  The event is set to happen at 6:30.
  What the heck is going on??
  (Table Viewers: I am selling a table set. People are coming to view it)