ManieyaK_
asked on
Windows Server 2008 R2 Schannel Errors
Our server (running win server 2008 R2) has been plagued with two errors in Event Viewer-->System:
First:
Event 36888, Schannel
"The following fatal alert was generated: 40. The internal error state is 1205."
Second:
Event 36874, Schannel
"An TLS 1.2 connect request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed."
Not sure what's causing these errors.
First:
Event 36888, Schannel
"The following fatal alert was generated: 40. The internal error state is 1205."
Second:
Event 36874, Schannel
"An TLS 1.2 connect request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed."
Not sure what's causing these errors.
I believe both are related. Most security guides recommend TLS 1.2 as a minimum, and it seems your system is not set up to provide it. So the errors are from clients requesting TLS1.2 and the system rejecting them...
ASKER
What's the easiest way to verify this? Is it a Group Policy?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Scott, thank you for your comment. I'm checking out the tool mentioned above. Have you used implemented this before?
I used it on all my web serving servers... Much easier than the tangle of registry entries, and easily tuneable to other requirements...
"An TLS 1.2 connect request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed."Which ciphers do you have enabled for TLS 1.2? Naturally, this is assuming that it is actually enabled.
ASKER
Thanks for the comments Scott & masnrock.