Hi Folks, I see lots of discussion of this event log entry, but I am in the very fortunate position that I know exactly what is causing it; I just don't know why or what to do about it. I have a brand new Windows 7 workstation that is a member of a Windows Server 2008r2 Domain. On that workstation, I installed Outlook and configured a e-mail account to use IMAP. The IMAP server is a Cyrus server running on Fedora 12 outside my subnet. I have a Fedora 17 notebook that runs evolution and can transact mail with the Cyrus mail server just fine. Since I have a working client on my notebook, I know exactly the correct settings and I have configured Outlook with those settings. The high points are: inbound and outbound each require TLS. EVERY time I push <F9> on the Windows Workstation (Outlook Send and Receive), Windows logs the above mentioned event. lsass.exe is the complaining process. So, I surmise that Windows 7 is trying to establish a secure channel (S-Channel!!!) to the Cyrus mail server. O.K., now, how do I diagnose this? Why is it failing and what do I do to fix it? What is "Fatal Alert 10" and what is "Internal Error State 10"? <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Schannel" Guid="{1F678132-5938-4686-9FDC-C8FF68F15C85}" /> <EventID>36888</EventID> <Version>0</Version> <Level>2</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x8000000000000000</Keywords> <Security UserID="S-1-5-18" /> </System> <EventData> <Data Name="AlertDesc">10</Data> <Data Name="ErrorState">10</Data> </EventData> </Event> Thanks for the help, Chris.

Hi, I would suggest you to simply disable SCHANNEL logging. In the search run box type regedit and navigate to the following key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL Change the EventLogging value from 1 to 0 (that's a zero). For your information: http://support.microsoft.com/kb/260729 Before modify the registry keys, please take a backup of the key. For more information about how to back up and restore the registry, please click the following link to view the article: Back up the registry http://windows.microsoft.com/en-us/windows7/Back-up-the-registryTracy Cai TechNet Community Support

Hi, I would suggest you to simply disable SCHANNEL logging. In the search run box type regedit and navigate to the following key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL Change the EventLogging value from 1 to 0 (that's a zero). For your information: http://support.microsoft.com/kb/260729 Before modify the registry keys, please take a backup of the key. For more information about how to back up and restore the registry, please click the following link to view the article: Back up the registry http://windows.microsoft.com/en-us/windows7/Back-up-the-registryTracy Cai TechNet Community Support

Hi Tracy, I don't want to silence the alarm; I need to put out the fire. Outlook does not work and this is why Outlook is failing to connect to a specific IMAP server. As I asked in my original post: So, I surmise that Windows 7 is trying to establish a secure channel (S-Channel!!!) to the Cyrus mail server. O.K., now, how do I diagnose this? Why is it failing and what do I do to fix it? What is "Fatal Alert 10" and what is "Internal Error State 10"? Thanks for the help, Chris.

Hi Tracy, I don't want to silence the alarm; I need to put out the fire. Outlook does not work and this is why Outlook is failing to connect to a specific IMAP server. As I asked in my original post: So, I surmise that Windows 7 is trying to establish a secure channel (S-Channel!!!) to the Cyrus mail server. O.K., now, how do I diagnose this? Why is it failing and what do I do to fix it? What is "Fatal Alert 10" and what is "Internal Error State 10"? Thanks for the help, Chris.

Hi, For the outlook issue, , I would redirect you to post this issue on Microsoft Office forum for further help. The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding.Tracy Cai TechNet Community Support

Hi Tracy, I don't have an "Outlook Issue", I have an "SChannel Issue" which effects Outlook. SChannel is part of Windows 7 Security, NOT Outlook. There is absolutely nothing I can do in Outlook that will change this. It is a very simple question. Event logs are documented completely somewhere, and I need to know where, so I can find out: So, I surmise that Windows 7 is trying to establish a secure channel (S-Channel!!!) to the Cyrus mail server. O.K., now, how do I diagnose this? Why is it failing and what do I do to fix it? What is "Fatal Alert 10" and what is "Internal Error State 10"? Thanks for the help, Chris.

Hi Tracy, I don't have an "Outlook Issue", I have an "SChannel Issue" which effects Outlook. SChannel is part of Windows 7 Security, NOT Outlook. There is absolutely nothing I can do in Outlook that will change this. It is a very simple question. Event logs are documented completely somewhere, and I need to know where, so I can find out: So, I surmise that Windows 7 is trying to establish a secure channel (S-Channel!!!) to the Cyrus mail server. O.K., now, how do I diagnose this? Why is it failing and what do I do to fix it? What is "Fatal Alert 10" and what is "Internal Error State 10"? Thanks for the help, Chris.

Hi, Basically, Schannel internal error state 10 indicates that TLS alert unexpected_message has been sent. This means that your machine received an unrecognized TLS message type, or a message in the incorrect order. The cause is likely to be communication with a server that has an incorrect TLS implementation. Currently, the four message types that we support are Handshake, ChangeCipherSpec, Alert, and ApplicationData, the only four defined in the TLS RFCs (defined in appendix A.1 of the TLS 1.2 RFC). In other words, we were passed an SSL/TLS message that wasnt of four accepted SSL/TLS Content Types. What this indicates is that some application that uses Schannel is passing non-SSL/TLS data to InitializeSecurityContext or AcceptSecurityContext. You may look at the network traces and check the application which running on this computer and using SSL/TLS. If you have found out it, update the application and check the result. For more information on this alert, see section 7.2.2 of the TLS 1.0 RFC (http://www.ietf.org/rfc/rfc2246.txt) or the TLS 1.2 RFC (http://www.ietf.org/rfc/rfc5246.txt). Also, I found this post which may helpful for you. http://social.msdn.microsoft.com/Forums/en-US/netfxnetcom/thread/aec1df53-bd6e-4bb4-afdb-11cc94150b0a/Tracy Cai TechNet Community Support

Hi, Basically, Schannel internal error state 10 indicates that TLS alert unexpected_message has been sent. This means that your machine received an unrecognized TLS message type, or a message in the incorrect order. The cause is likely to be communication with a server that has an incorrect TLS implementation. Currently, the four message types that we support are Handshake, ChangeCipherSpec, Alert, and ApplicationData, the only four defined in the TLS RFCs (defined in appendix A.1 of the TLS 1.2 RFC). In other words, we were passed an SSL/TLS message that wasnt of four accepted SSL/TLS Content Types. What this indicates is that some application that uses Schannel is passing non-SSL/TLS data to InitializeSecurityContext or AcceptSecurityContext. You may look at the network traces and check the application which running on this computer and using SSL/TLS. If you have found out it, update the application and check the result. For more information on this alert, see section 7.2.2 of the TLS 1.0 RFC (http://www.ietf.org/rfc/rfc2246.txt) or the TLS 1.2 RFC (http://www.ietf.org/rfc/rfc5246.txt). Also, I found this post which may helpful for you. http://social.msdn.microsoft.com/Forums/en-US/netfxnetcom/thread/aec1df53-bd6e-4bb4-afdb-11cc94150b0a/Tracy Cai TechNet Community Support

Hi, Basically, Schannel internal error state 10 indicates that TLS alert unexpected_message has been sent. This means that your machine received an unrecognized TLS message type, or a message in the incorrect order. The cause is likely to be communication with a server that has an incorrect TLS implementation. Currently, the four message types that we support are Handshake, ChangeCipherSpec, Alert, and ApplicationData, the only four defined in the TLS RFCs (defined in appendix A.1 of the TLS 1.2 RFC). In other words, we were passed an SSL/TLS message that wasnt of four accepted SSL/TLS Content Types. What this indicates is that some application that uses Schannel is passing non-SSL/TLS data to InitializeSecurityContext or AcceptSecurityContext. You may look at the network traces and check the application which running on this computer and using SSL/TLS. If you have found out it, update the application and check the result. For more information on this alert, see section 7.2.2 of the TLS 1.0 RFC (http://www.ietf.org/rfc/rfc2246.txt) or the TLS 1.2 RFC (http://www.ietf.org/rfc/rfc5246.txt). Also, I found this post which may helpful for you. http://social.msdn.microsoft.com/Forums/en-US/netfxnetcom/thread/aec1df53-bd6e-4bb4-afdb-11cc94150b0a/Tracy Cai TechNet Community Support