Solved

Schannel error logged every few seconds in SYSTEM log ?

Posted on 2015-01-28
5
5,867 Views
Last Modified: 2015-02-12
People,

I'm having a strange problem that I'm still investigating and don't understand, I have looked through the Event viewer in one of my backup server and it seems that the SChannel error is logged daily every few seconds ?

see the below error:

Log Name:      System
Source:        Schannel
Date:          29/01/2015 10:32:31 AM
Event ID:      36888
Task Category: None
Level:         Error
Keywords:      
User:          SYSTEM
Computer:      BackupServer01.domain.com
Description:
The following fatal alert was generated: 40. The internal error state is 1205.

Log Name:      System
Source:        Schannel
Date:          29/01/2015 10:32:31 AM
Event ID:      36874
Task Category: None
Level:         Error
Keywords:      
User:          SYSTEM
Computer:      BackupServer01.domain.com
Description:
An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Log Name:      System
Source:        Schannel
Date:          29/01/2015 10:32:20 AM
Event ID:      36874
Task Category: None
Level:         Error
Keywords:      
User:          SYSTEM
Computer:      BackupServer01.domain.com
Description:
An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Open in new window


The server is Windows Server 2008R2 SP1 running as physical box HP DL 380p G7

From the backup application perspective, I see there is no error and it functioning as it should, but somehow I still don't understand as to why it is logged continuously every 10-20 seconds.

Any idea please ?
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 78

Assisted Solution

by:arnold
arnold earned 500 total points
ID: 40577974
The error, "An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed."
The ciphers

You've followed the recent suggestions by MS to disable the ssl 3.0 support on your system via "registry edit" of schannel and cipher suit.

The client is still trying to use SSL 3.0 which is what this error says,
The TLS error says the options available on this system do not include the ciphers for TLS that the client has.


Is the log entry from backupserver01 if not, backupserver01 is the one having an issue, check what SChannel settings it has and what ciphers for TLS does it have.
Is it also a windows 2008 or newer server, or older?
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40578530
BackupServer01 is a physical box running Windows Server 2008 R2
0
 
LVL 78

Accepted Solution

by:
arnold earned 500 total points
ID: 40578592
The issue in the two messages deals with mismatch in cryptography (encryption) your schannel setting is to deny SSL 3.0.  Your TLS enabled ciphers are not available on the client system that makes the connection attempts.

Does this system have a CA role installed?
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40578621
No, it only have Backup Exec 2012 and also Veeam backup running.
0
 
LVL 7

Author Closing Comment

by:Senior IT System Engineer
ID: 40607329
Thanks !
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question