Solved

Schannel error logged every few seconds in SYSTEM log ?

Posted on 2015-01-28
5
3,376 Views
Last Modified: 2015-02-12
People,

I'm having a strange problem that I'm still investigating and don't understand, I have looked through the Event viewer in one of my backup server and it seems that the SChannel error is logged daily every few seconds ?

see the below error:

Log Name:      System
Source:        Schannel
Date:          29/01/2015 10:32:31 AM
Event ID:      36888
Task Category: None
Level:         Error
Keywords:      
User:          SYSTEM
Computer:      BackupServer01.domain.com
Description:
The following fatal alert was generated: 40. The internal error state is 1205.

Log Name:      System
Source:        Schannel
Date:          29/01/2015 10:32:31 AM
Event ID:      36874
Task Category: None
Level:         Error
Keywords:      
User:          SYSTEM
Computer:      BackupServer01.domain.com
Description:
An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Log Name:      System
Source:        Schannel
Date:          29/01/2015 10:32:20 AM
Event ID:      36874
Task Category: None
Level:         Error
Keywords:      
User:          SYSTEM
Computer:      BackupServer01.domain.com
Description:
An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Open in new window


The server is Windows Server 2008R2 SP1 running as physical box HP DL 380p G7

From the backup application perspective, I see there is no error and it functioning as it should, but somehow I still don't understand as to why it is logged continuously every 10-20 seconds.

Any idea please ?
0
Comment
  • 3
  • 2
5 Comments
 
LVL 76

Assisted Solution

by:arnold
arnold earned 500 total points
ID: 40577974
The error, "An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed."
The ciphers

You've followed the recent suggestions by MS to disable the ssl 3.0 support on your system via "registry edit" of schannel and cipher suit.

The client is still trying to use SSL 3.0 which is what this error says,
The TLS error says the options available on this system do not include the ciphers for TLS that the client has.


Is the log entry from backupserver01 if not, backupserver01 is the one having an issue, check what SChannel settings it has and what ciphers for TLS does it have.
Is it also a windows 2008 or newer server, or older?
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40578530
BackupServer01 is a physical box running Windows Server 2008 R2
0
 
LVL 76

Accepted Solution

by:
arnold earned 500 total points
ID: 40578592
The issue in the two messages deals with mismatch in cryptography (encryption) your schannel setting is to deny SSL 3.0.  Your TLS enabled ciphers are not available on the client system that makes the connection attempts.

Does this system have a CA role installed?
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40578621
No, it only have Backup Exec 2012 and also Veeam backup running.
0
 
LVL 7

Author Closing Comment

by:Senior IT System Engineer
ID: 40607329
Thanks !
0

Join & Write a Comment

OfficeMate Freezes on login or does not load after login credentials are input.
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup". After a while, you have entered a loop for Auto repair which does not fix anything and you will be in a  panic as all your work w…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now