Schannel error, Event ID 36888? - IS there a way to Identify what causes Schannel to log error?

-

hi, hope correct forum problem,

i seeing few of these errors (error details below) sporadically throughout system event log on windows 2008 r2 server. have seen number of threads schannel errors

http://social.technet.microsoft.com/forums/en-us/w7itprogeneral/thread/b2e0e110-f9ca-4113-8f4d-f20d6b39b8c7

http://social.technet.microsoft.com/forums/en-us/forefrontedgegeneral/thread/92c63737-c2a3-41f7-8878-3b0cf5ee95ff/

http://social.technet.microsoft.com/forums/en-us/windowsserver2008r2general/thread/675864e2-2856-44fa-b3bc-ef275d391d45

 http://social.technet.microsoft.com/forums/en-us/windowsserver2008r2general/thread/4b505150-c709-45a2-b9f3-abc7c9988d6a

http://social.technet.microsoft.com/forums/en-us/forefrontedgegeneral/thread/80b1ceee-9835-4f78-af0f-5b00a8964f34

however can find no clear way of trying find causing error. appear schannel logging errors errors being caused other processes. know ssl/tls related. question/s this.

what schannel , do?

how identify actual problem.?

i list error details below, pid refereced in error lssas.exe believe deals authentication. there anyway trace causing issue?

for reference pid 604 noted below lsasss.exe

the general error is
    following fatal alert generated: 10. internal error state 1203.

the details are

- system

  - provider

   [ name]  schannel
   [ guid]  {1f678132-5938-4686-9fdc-c8ff68f15c85}
 
   eventid 36888
 
   version 0
 
   level 2
 
   task 0
 
   opcode 0
 
   keywords 0x8000000000000000
 
  - timecreated

   [ systemtime]  2010-06-18t04:51:41.830028400z
 
   eventrecordid 10087
 
   correlation
 
  - execution

   [ processid]  604
   [ threadid]  3828
 
   channel system
 
   computer <computernameremoved>
 
  - security

   [ userid]  s-1-5-18
 

- eventdata

  alertdesc 10
  errorstate 1203

the reference above isn't specifically clear on changing. value eventlogging

hklm\system\currentcontrolset\control\securityproviders\schannel
value name: eventlogging
value type: reg_dword
value data: 7

the default one, makes schannel bit chatty start with. if can tie event specific site connecting to, want make sure certificate on site appropriate site.

the error 1203 indicates invalid clienthello client - enabling more verbose logging may reveal server responding way , provide additional information. reviewing other cases indicated multiple certificates server authentication on web server generating response on client.



Windows Server  >  Directory Services



Comments

Post a Comment

Popular posts from this blog

CRL Revocation always failed

-
hi all, i try configure radius server nps, somehow certificate authentication client failed with reason: reason = revocation function unable check revocation because revocation server offline. then check certificate client, certutil -f -urlfetch -verify client7.cer, result follow: issuer:     cn=entca     dc=intra     dc=domain     dc=co     dc=sg subject:     cn=computer.intra.domain.co.sg cert serial number: 1c5b00de000000000041 dwflags = ca_verify_flags_allow_untrusted_root (0x1) dwflags = ca_verify_flags_ignore_offline (0x2) dwflags = ca_verify_flags_full_chain_revocation (0x8) dwflags = ca_verify_flags_console_trace (0x20000000) dwflags = ca_verify_flags_dump_chain (0x40000000) chainflags = cert_chain_revocation_check_chain (0x20000000) hcce_local_machine cert_chain_policy_base -------- cert_chain_context -------- chaincontext.dwinfostatus = cert_trust_has_preferred_issuer (0x100) chaincontext.dwerrorstatus = cert_trust_revocation_sta
Read more

Failed to query the results of bpa xpath

-
Image
i have new server installed hyper v, iis , domain services roles on it.  i checking event log , see warning multiple times, idea how rid of it?? failed query results of bpa xpath: microsoft/windows/fileservices:$reports$\*\result.xml:/resultdatabase/result. error: device attached system not functioning., last error: system cannot find path specified.. follow me on twitter <<< levalencia blog <<< hi, similar issue discussed in forum: to rid of warnings: 1. go dashboard 2. click on add roles , features 3. click next "before begin step" 4. select "role based or feature based installation" , click next 5. select given server server pool , click next 6. in server roles step make sure following checked:   file , storage services > file , iscsi services > file server, click next 7.click next through rest of steps , install server role 8. rerun bpa scan described earlier for more information please refer following ms
Read more

0x300000d errors in Microsoft Remote Desktop client

-
we use rd connect home users office. @ server side remote desktop gateway configured on 2008r2 server. experience following:   for years worked fine, starting last year users apple macbook experienced connection errors after new version of microsoft remote desktop in app store , automatic update. after couple of weeks error disappaered when new updates released. since 6 8 weeks problem again. because don’t have macbook cannot reproduce problem.   starting couple of weeks samsung s6 experiencing problems, here version 8.1.37.135 installed, error displayed is: can’t connect tot remote pc because remote desktop gateway server temporaraily unavailable. try connecting later or contact network administrator assistance. error code  0x300000d   because has worked fine years expect issues on client can configuration error on gateway server.   who pin point real cause?   however, testing other rd gateway server works ok settings identically. hi ruud, as works rd
Read more