Schannel Error, System Event Log 36887

from last 2 weeks all our Win 8 / 8.1 machines started to behave erratically

Below is error message in the EventLog

A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

and most of the applications dont work

iTunes Error - 0x80090326
Evernote Error - Could Not connect to the server
Windows Update - 0x80072EFE

All error point to network, but the network is good and we ruled it out becuase of the following

a packet capture revealed that there is a SSL3_ALERT_UNEXPECTED_MESSAGE / SEC_E_ILLEGAL_MESSAGE due to this the SSL handshake after the TCP Connection becomes fatal

Any help appreciated
SK
principiamanagementAsked:
Who is Participating?
 
paarunCommented:
This seems to be a known problem acknowledged by MS. Please check the article below.

http://www.zdnet.com/article/microsoft-warns-of-problems-with-schannel-security-update/
0
 
principiamanagementAuthor Commented:
yes correct but it was updated by a newer version of the patch https://support.microsoft.com/en-us/kb/2992611

but it really wired that we started having this problem 2 weeks ago on all of our win 8 machine


THanks
SK
0
 
paarunCommented:
Did you update the machines with security patches/hotfix in the past two weeks? MS would be releasing patches tomorrow, suggest you get a test machine and apply all patches to see if it sorts the issue based on which you can take a call for other workstations.
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

 
principiamanagementAuthor Commented:
we have a WSUS and did approved patches in the last 2 week. But thanks for the reminder on Patch Tuesday and seems thats the best shot I have
0
 
principiamanagementAuthor Commented:
Hi Paarun, we had two

    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,

configured on our GPO which was causing this issue. Once we remove those all communications were ok.
0
 
paarunCommented:
That's great. Good to hear you found the issue.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.