Schannel Errors 36874 and 36888
Greetings,
The scenario is the following: 1 Windows Server 2008 R2 SP1 (patched up to date).
There are two errors that shows every 10 seconds:
Log Name: System
Source: Schannel
Date: 19/07/2012 14:59:58
Event ID: 36874
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: Server.Mydomain.com
Description:
An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Schannel" Guid="{1F678132-5938-4686-9FDC-C8FF68F15C85}" />
<EventID>36874</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2012-07-19T19:59:58.511146300Z" />
<EventRecordID>5908</EventRecordID>
<Correlation />
<Execution ProcessID="484" ThreadID="524" />
<Channel>System</Channel>
<Computer>Server.Mydomain.com</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Protocol">SSL 3.0</Data>
</EventData>
</Event>
Log Name: System
Source: Schannel
Date: 19/07/2012 14:59:58
Event ID: 36888
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: Server.Mydomain.com
Description:
The following fatal alert was generated: 40. The internal error state is 107.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Schannel" Guid="{1F678132-5938-4686-9FDC-C8FF68F15C85}" />
<EventID>36888</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2012-07-19T19:59:58.511146300Z" />
<EventRecordID>5909</EventRecordID>
<Correlation />
<Execution ProcessID="484" ThreadID="524" />
<Channel>System</Channel>
<Computer>Server.Mydomain.com</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="AlertDesc">40</Data>
<Data Name="ErrorState">107</Data>
</EventData>
</Event>
Note: This server has IIS installed (requirement for web console of System Center Operations Manager 2012)
The questions are:
Is this behavior normal?
if no
How to fix this problem?
Thanks in advance!
July 24th, 2012 5:25pm
Hi,
Thanks for posting in Microsoft TechNet forums.
If everything is working fine, it is OK that we just turn off these two error reporting.
We can check the information in this thread:
Getting Schannel 36874 errors on my CAS/HT servers
http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/7b95a21c-67fc-49a9-8198-b9e364523d27/
Also if you need any help regarding IIS, we can seek help in our IIS forum:
Internet Information Server (IIS)
http://social.technet.microsoft.com/Forums/en-US/iises/threads
Hope the information can be useful to you.
Regards
Kevin
Free Windows Admin Tool Kit Click here and download it now
July 24th, 2012 10:55pm
Hi,
Thanks for posting in Microsoft TechNet forums.
If everything is working fine, it is OK that we just turn off these two error reporting.
We can check the information in this thread:
Getting Schannel 36874 errors on my CAS/HT servers
http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/7b95a21c-67fc-49a9-8198-b9e364523d27/
Also if you need any help regarding IIS, we can seek help in our IIS forum:
Internet Information Server (IIS)
http://social.technet.microsoft.com/Forums/en-US/iises/threads
Hope the information can be useful to you.
Regards
Kevin
July 24th, 2012 11:02pm
Hi
I had the same problem who solve by putting the numeric val 0 into registry localised at :
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL
regards,
Free Windows Admin Tool Kit Click here and download it now
July 25th, 2012 5:20am
Hi Kevin Zhu,
I would like to know what is the meaning of 40 and what is the meaning of
107 in the following message (second above error):
"The following fatal alert was generated: 40. The internal error state is 107."
Thanks!
July 25th, 2012 12:22pm
Hi,
This error can be received due to an incompatible browser problem and SSL 3.0 connection request cannot be handled.
As discussed, we can modify that registry key to disable the additional secure channel event logging if every works fine.
Also we can check the thread below. It mentioned another scenario in which the "The following fatal alert was generated: 40. The internal error state is 107." error could be received:
Why does Window's SSL Cipher-Suite get restricted under certain SSL certificates?
http://serverfault.com/questions/166750/why-does-windows-ssl-cipher-suite-get-restricted-under-certain-ssl-certificates
(Note: Since the site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.)
Regards
Kevin
Free Windows Admin Tool Kit Click here and download it now
July 25th, 2012 10:21pm
Hi,
This error can be received due to an incompatible browser problem and SSL 3.0 connection request cannot be handled.
As discussed, we can modify that registry key to disable the additional secure channel event logging if every works fine.
Also we can check the thread below. It mentioned another scenario in which the "The following fatal alert was generated: 40. The internal error state is 107." error could be received:
Why does Window's SSL Cipher-Suite get restricted under certain SSL certificates?
http://serverfault.com/questions/166750/why-does-windows-ssl-cipher-suite-get-restricted-under-certain-ssl-certificates
(Note: Since the site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.)
Regards
Kevin
July 25th, 2012 10:25pm