Windows 2012 Event 36887

Windows 2012 R@ Standard

Today started getting Eventid 36887 A fatal alert the TLS protocol defined fatal alert code is 20

Can not find any thing in my searches to resolve this

Any ideas?
LVL 23
Thomas GrassiSystems AdministratorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Leon KammerCommented:
The Server Received a record with an incorrect MAC.

It's possible that the client does not support the TLS version of the Server.
When the client attempts to negotiate a TLS 1.2 connection but the server supports only TLS 1.0 or 1.1, it will not send client certificates to the server.
The only solution I can suggest if this is the case is to reduce the client TLS version to match the server capabilities.
Thomas GrassiSystems AdministratorAuthor Commented:

"The only solution I can suggest if this is the case is to reduce the client TLS version to match the server capabilities."

How do i do that this is new to me.

Or should I turn this off
Leon KammerCommented:
Depends what you are running on the server.
if it's IIS (you should be on 8.5), TLS1.0-1.2 support is enabled out of the box.
If it's RDP, you need to update the client RDP client.
If it's something else, like SMTP calls, FTP, SQL Server et cetera, you'll need to have a look at the TLS configurations available within the application.


Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

Thomas GrassiSystems AdministratorAuthor Commented:

Yes IIS 8.5 will be web server

No sql that runs on my windows 200& server

No rdp used I use vnc to control remotely

Maybe rdp is installed will check

On the road now


Thomas GrassiSystems AdministratorAuthor Commented:

No rdp installed

Now getting same error with a 47 that's the second type

I turned of logging see if that stops the message

Leon KammerCommented:
Hi Tom,

This error is always considered fatal regardless of what logging is in place.

Have a look at the trusted root certification list on the server.
Could be that there are too many entries.
Do you have another web browser installed on the server (firefox, chrome et cetera)?
This can also cause TLS related errors.



Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Thomas GrassiSystems AdministratorAuthor Commented:

Only IE installed I limit the third party programs on my Servers to a minimum.

Will look at the trusted certs  what do you mean by can be too many entries?

What is the limits?
Leon KammerCommented:
Hi Tom,

I am not 100% certain what the maximum is.
Due to changes in Server 2012, you will find a mixture of CAs in the trusted certificate store.

The Windows error log will contain this:
When asking for client authentication, this server sends a list of trusted certificate authorities to the client.
The client uses this list to choose a client certificate that is trusted by the server.
Occasionally, the server trusts so many certificate authorities that the list has grown too long. This list has thus been truncated.
The administrator of this machine should review the certificate authorities trusted for client authentication and remove those that do not really need to be trusted.


Thomas GrassiSystems AdministratorAuthor Commented:

will check this out over the weekend when on site again.


Will post results
Thomas GrassiSystems AdministratorAuthor Commented:

After turning off the logging have not seen this error.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.