Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [schannel]

23 questions
8
votes
4 answers

find the client responsible for the schannel ldap error

somewhere in our network an ldap client is querying our AD servers without the proper CA information. This provokes the (in my view useless) system critical (source: schannel) event id 36887 on the domain controllers' event log: The following fatal…
natxo asenjo
  • 5,641
  • 2
  • 25
  • 27
5
votes
1 answer

What are the security risks of selecting "allow local activation security check exemptions"?

When viewing the events in Server Manager under Windows Server 2012 R2, I have many schannel error messages that say "A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol…
enharmonic
  • 166
  • 1
  • 9
5
votes
1 answer

IIS 7.5 and above - enable schannel cipher DHE_RSA_AES_128_GCM following patch KB2992611 - Is this safe?

I recently became aware that following the release of patch KB2992611 in November, Microsoft made available four new cipher suites for schannel (and thus…
Steve365
  • 1,253
  • 9
  • 16
4
votes
0 answers

Schannel Error - Random

I'm currently experiencing an issue on a Windows Server 2012 R2. In the event log is an Error for the Source "Schannel". The error description is: "A fatal alert was generated and sent to the remote endpoint. This may result in termination of the…
Martin Blore
  • 41
  • 1
4
votes
2 answers

TLS 1.2 Not showing by default in Windows Server 2012 R2

It is my understanding from reading this article: https://technet.microsoft.com/en-gb/library/dn786418.aspx#BKMK_SchannelTR_TLS12 That in the registry TLS 1.2 should be enabled by default on Windows Server 2012 R2. However, checking the registry on…
Uberzen1
  • 179
  • 1
  • 1
  • 8
3
votes
2 answers

Event ID: 36888 The following fatal alert was generated: 10. The internal error state is 10

We are experiencing the following schannel errors most frequently on our Remote Desktop Terminal Servers. Log Name: System Source: Schannel Date: 11/18/2015 1:04:56 PM Event ID: 36888 Task Category: None Level: …
DanielJay
  • 265
  • 2
  • 5
  • 13
3
votes
1 answer

SChannel errors after enabling SSL on a Windows Server 2012 R2

I have a Windows Server 2012 R2 instance on Azure. For a new website I have ordered a certificate by GlobalSign. After getting the certificates from them I have completed the certificate request in IIS and installed the root certifcate. I moved the…
tobi.at
  • 133
  • 1
  • 1
  • 5
3
votes
0 answers

SChannel "cannot find certificate in either LocalMachine or CurrentUser store"

We have an in-house application that requires the use of client SSL certificates to authenticate with a remote server (not under our control). This has worked without problems before but on deploying to a new server, we're having problems getting…
Chris J
  • 1,218
  • 18
  • 32
2
votes
2 answers

SSL/TLS handshake failure

Configuration A Windows 2008R2 RDS server RDS01 A Windows 2008R2 RDS server RDS02 A Windows 2012R2 RemoteApp server APP01 Problem Calling URL https://APP01.domain.local/rdweb : From RDS01 : Schannel error 40 (handshake_failure) From RDS02 :…
alex
  • 141
  • 6
2
votes
0 answers

Left with 0 client certificates to choose from when moving SSRS service to TLS 1.2

Environment: Reporting Services running on a SQL Server 2008 R2 SP3 installation on a Windows 2008 server with .Net 4.6.1 installed and .Net 3.5 enabled as feature. IIS, database and reporting service all in the local machine (custom login URL in a…
Ignacio Soler Garcia
  • 159
  • 7
2
votes
1 answer

IIS 7.5 - SSL Fails After Reboot - Rebind Cert fixes until reboot

Recently, my IIS 7.5 SSL site started refusing connections after a reboot. Oddly, the issue can be workaround by binding the site with a different cert and the switching back to the correct one. When failing, wireshark shows the client send various…
Joe Mroczek
  • 21
  • 1
2
votes
3 answers

IIS 8.5 server not accepting a TLS 1.0 connection from Windows Server 2003

(If you're wondering why I'm trying to enable cipher suites that are deprecated, the short answer is that it's for the few people who really can't use anything newer because they're stuck on Windows Server 2003, neither we nor them can do anything…
Jesper
  • 115
  • 1
  • 2
  • 12
1
vote
1 answer

TONS of 4625 events. Failed login attempts. No IP, no username

I have a server that gets keeps getting failed login events (4625). They occur roughly every 20-30 minutes daily. Also appears to be on a schedule. I've tried deleting stored credentials. Disabling RDS. I've tried locating a pattern with Procmon…
ToatesMagoats
  • 19
  • 1
  • 4
1
vote
1 answer

Windows server 2008 R2 Schannel error 36887 fatal alert 46

I have a webserver that is secured using an SSL cert from godaddy. The certificate seems to be working fine for about 30 clients, but one client cannot connect and I cannot for the life of me figure out why. Here's the error in the windows event…
elevenUser
  • 13
  • 1
  • 1
  • 3
1
vote
1 answer

Windows Server 2012 R2 - Adding Cipher

this might be a complete newbee question. I have an 2012 R2 Server on which an application should call a partner who only offers the following ciphers: (0xc02f) TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 (eq. 3072 bits RSA) FS 128 (0xc030)…
Moritz
  • 23
  • 1
  • 2
  • 5
1
2