Link to home
Start Free TrialLog in
Avatar of ManieyaK_
ManieyaK_Flag for United States of America

asked on

Windows Server 2008 R2 Schannel Errors

Our server (running win server 2008 R2) has been plagued with two errors in Event Viewer-->System:
First:
Event 36888, Schannel
"The following fatal alert was generated: 40.  The internal error state is 1205."

Second:
Event 36874, Schannel
"An TLS 1.2 connect request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server.  The SSL connection request has failed."

Not sure what's causing these errors.
Avatar of Scott Silva
Scott Silva
Flag of United States of America image

I believe both are related. Most security guides recommend TLS 1.2 as a minimum, and it seems your system is not set up to provide it. So the errors are from clients requesting TLS1.2 and the system rejecting them...
Avatar of ManieyaK_

ASKER

What's the easiest way to verify this?  Is it a Group Policy?
ASKER CERTIFIED SOLUTION
Avatar of Scott Silva
Scott Silva
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Scott, thank you for your comment.  I'm checking out the tool mentioned above.  Have you used implemented this before?
I used it on all my web serving servers... Much easier than the tangle of registry entries, and easily tuneable to other requirements...
"An TLS 1.2 connect request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server.  The SSL connection request has failed."
Which ciphers do you have enabled for TLS 1.2? Naturally, this is assuming that it is actually enabled.
Thanks for the comments Scott & masnrock.