0

While investigating an issue where some customer requests are being unexpectedly rejected with HTTP 403, I noticed that the Windows event log contains a lot of these errors for source Schannel.

EventID 36887    
The following fatal alert was received: 80.

The reference shows this code as SEC_E_INTERNAL_ERROR 0x80090304. Further searching this new code reveals this page but none of the cases apply:

  1. Our Server certificate is 2048 bits
  2. We are not using EAP.
  3. We are not using EAP, no VPN is involved in our scenario.
  4. We are not using ISA.

How can I figure out what is causing my schannel to fail internally?

Guillaume CR
  • 141
  • 1
  • 4
  • Would you mind tell what the sub-status for that 403? https://support.microsoft.com/en-ca/help/943891/the-http-status-code-in-iis-7-0-iis-7-5-and-iis-8-0 – Lex Li Mar 14 '19 at 01:19
  • 403.7 which suggests a missing certificate however the client side ssl logs clearly show the certificate being included. – Guillaume CR Mar 14 '19 at 13:00
  • Use a tool like Wireshark on the server side to capture and analyze TLS handshakes. That should tell what's wrong. – Lex Li Mar 14 '19 at 13:55

0 Answers0