schannel 36888: The following fatal alert was generated: 10. The internal error state is 10.
Hi Folks,
I see lots of discussion of this event log entry, but I am in the very fortunate position that I know exactly what is causing it; I just don't know why or what to do about it.
I have a brand new Windows 7 workstation that is a member of a Windows Server 2008r2 Domain. On that workstation, I installed Outlook and configured a e-mail account to use IMAP. The IMAP server is a Cyrus server running on Fedora 12 outside
my subnet. I have a Fedora 17 notebook that runs evolution and can transact mail with the Cyrus mail server just fine. Since I have a working client on my notebook, I know exactly the correct settings and I have configured Outlook with
those settings. The high points are: inbound and outbound each require TLS.
EVERY time I push <F9> on the Windows Workstation (Outlook Send and Receive), Windows logs the above mentioned event. lsass.exe is the complaining process.
So, I surmise that Windows 7 is trying to establish a secure channel (S-Channel!!!) to the Cyrus mail server. O.K., now, how do I diagnose this? Why is it failing and what do I do to fix it? What is "Fatal Alert 10" and what is "Internal
Error State 10"?
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Schannel" Guid="{1F678132-5938-4686-9FDC-C8FF68F15C85}" />
<EventID>36888</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="AlertDesc">10</Data>
<Data Name="ErrorState">10</Data>
</EventData>
</Event>
Thanks for the help,
Chris.
September 8th, 2012 6:16pm
Hi,
I would suggest you to simply disable SCHANNEL logging.
In the search run box type regedit and navigate to the following key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL
Change the EventLogging value from 1 to 0 (that's a zero).
For your information:
http://support.microsoft.com/kb/260729
Before modify the registry keys, please take a backup of the key. For more information about how to back up and restore the registry,
please click the following link to view the article:
Back up the registry
http://windows.microsoft.com/en-us/windows7/Back-up-the-registryTracy Cai
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
September 10th, 2012 4:24am
Hi,
I would suggest you to simply disable SCHANNEL logging.
In the search run box type regedit and navigate to the following key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL
Change the EventLogging value from 1 to 0 (that's a zero).
For your information:
http://support.microsoft.com/kb/260729
Before modify the registry keys, please take a backup of the key. For more information about how to back up and restore the registry,
please click the following link to view the article:
Back up the registry
http://windows.microsoft.com/en-us/windows7/Back-up-the-registryTracy Cai
TechNet Community Support
September 10th, 2012 4:28am
Hi Tracy,
I don't want to silence the alarm; I need to put out the fire. Outlook does not work and this is why Outlook is failing to connect to a specific IMAP server. As I asked in my original post:
So, I surmise that Windows 7 is trying to establish a secure channel (S-Channel!!!) to the Cyrus mail server. O.K., now, how do I diagnose this? Why is it failing and what do I do to fix it? What is "Fatal Alert 10" and what is
"Internal Error State 10"?
Thanks for the help,
Chris.
Free Windows Admin Tool Kit Click here and download it now
September 10th, 2012 6:42am
Hi Tracy,
I don't want to silence the alarm; I need to put out the fire. Outlook does not work and this is why Outlook is failing to connect to a specific IMAP server. As I asked in my original post:
So, I surmise that Windows 7 is trying to establish a secure channel (S-Channel!!!) to the Cyrus mail server. O.K., now, how do I diagnose this? Why is it failing and what do I do to fix it? What is "Fatal Alert 10" and what is
"Internal Error State 10"?
Thanks for the help,
Chris.
September 10th, 2012 6:46am
Hi,
For the outlook issue, , I would redirect you to post this issue on
Microsoft Office forum for further help.
The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge
or learn from your interaction with us. Thank you for your understanding.Tracy Cai
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
September 11th, 2012 2:44am
Hi Tracy,
I don't have an "Outlook Issue", I have an "SChannel Issue" which effects Outlook. SChannel is part of Windows 7 Security, NOT Outlook. There is absolutely nothing I can do in Outlook that will change this. It is a very simple question.
Event logs are documented completely somewhere, and I need to know where, so I can find out:
So, I surmise that Windows 7 is trying to establish a secure channel (S-Channel!!!) to the Cyrus mail server. O.K., now, how do I diagnose this? Why is it failing and what do I do to fix it? What is "Fatal Alert 10" and what is "Internal Error State
10"? Thanks for the help,
Chris.
September 11th, 2012 7:37am
Hi Tracy,
I don't have an "Outlook Issue", I have an "SChannel Issue" which effects Outlook. SChannel is part of Windows 7 Security, NOT Outlook. There is absolutely nothing I can do in Outlook that will change this. It is a very simple question.
Event logs are documented completely somewhere, and I need to know where, so I can find out:
So, I surmise that Windows 7 is trying to establish a secure channel (S-Channel!!!) to the Cyrus mail server. O.K., now, how do I diagnose this? Why is it failing and what do I do to fix it? What is "Fatal Alert 10" and what is "Internal Error State
10"? Thanks for the help,
Chris.
Free Windows Admin Tool Kit Click here and download it now
September 11th, 2012 7:42am
Hi,
Basically, Schannel internal error state 10 indicates that
TLS alert unexpected_message has been
sent. This means that your machine received an unrecognized
TLS message type, or a
message in the incorrect order. The cause is likely to be communication with a server that has an incorrect
TLS implementation. Currently, the four message types that we support are Handshake,
ChangeCipherSpec, Alert, and ApplicationData, the only four defined in the
TLS RFCs (defined in appendix A.1 of the TLS 1.2 RFC). In other words, we were passed an SSL/TLS message that wasnt of four accepted SSL/TLS Content
Types. What this indicates is that some application that uses Schannel is passing non-SSL/TLS data to InitializeSecurityContext or AcceptSecurityContext.
You may look at the network traces and check the application which running on this computer and using SSL/TLS. If you have found out it, update the application and check the result.
For more information on this
alert, see section 7.2.2 of the TLS 1.0 RFC (http://www.ietf.org/rfc/rfc2246.txt) or the
TLS 1.2 RFC (http://www.ietf.org/rfc/rfc5246.txt).
Also, I found this post which may helpful for you.
http://social.msdn.microsoft.com/Forums/en-US/netfxnetcom/thread/aec1df53-bd6e-4bb4-afdb-11cc94150b0a/Tracy Cai
TechNet Community Support
September 12th, 2012 2:45am
Hi,
Basically, Schannel internal error state 10 indicates that
TLS alert unexpected_message has been
sent. This means that your machine received an unrecognized
TLS message type, or a
message in the incorrect order. The cause is likely to be communication with a server that has an incorrect
TLS implementation. Currently, the four message types that we support are Handshake,
ChangeCipherSpec, Alert, and ApplicationData, the only four defined in the
TLS RFCs (defined in appendix A.1 of the TLS 1.2 RFC). In other words, we were passed an SSL/TLS message that wasnt of four accepted SSL/TLS Content
Types. What this indicates is that some application that uses Schannel is passing non-SSL/TLS data to InitializeSecurityContext or AcceptSecurityContext.
You may look at the network traces and check the application which running on this computer and using SSL/TLS. If you have found out it, update the application and check the result.
For more information on this
alert, see section 7.2.2 of the TLS 1.0 RFC (http://www.ietf.org/rfc/rfc2246.txt) or the
TLS 1.2 RFC (http://www.ietf.org/rfc/rfc5246.txt).
Also, I found this post which may helpful for you.
http://social.msdn.microsoft.com/Forums/en-US/netfxnetcom/thread/aec1df53-bd6e-4bb4-afdb-11cc94150b0a/Tracy Cai
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
September 12th, 2012 2:45am
Hi,
Basically, Schannel internal error state 10 indicates that
TLS alert unexpected_message has been
sent. This means that your machine received an unrecognized
TLS message type, or a
message in the incorrect order. The cause is likely to be communication with a server that has an incorrect
TLS implementation. Currently, the four message types that we support are Handshake,
ChangeCipherSpec, Alert, and ApplicationData, the only four defined in the
TLS RFCs (defined in appendix A.1 of the TLS 1.2 RFC). In other words, we were passed an SSL/TLS message that wasnt of four accepted SSL/TLS Content
Types. What this indicates is that some application that uses Schannel is passing non-SSL/TLS data to InitializeSecurityContext or AcceptSecurityContext.
You may look at the network traces and check the application which running on this computer and using SSL/TLS. If you have found out it, update the application and check the result.
For more information on this
alert, see section 7.2.2 of the TLS 1.0 RFC (http://www.ietf.org/rfc/rfc2246.txt) or the
TLS 1.2 RFC (http://www.ietf.org/rfc/rfc5246.txt).
Also, I found this post which may helpful for you.
http://social.msdn.microsoft.com/Forums/en-US/netfxnetcom/thread/aec1df53-bd6e-4bb4-afdb-11cc94150b0a/Tracy Cai
TechNet Community Support
September 12th, 2012 2:50am