Link to home
Create AccountLog in
Avatar of Tessando
TessandoFlag for United States of America

asked on

Help Tracking Down The Culprit Causing Schannel Errors in Windows Event Viewer Schannel Error 36874

I am setting up a new Windows Server 2019 machine with IIS & .NET applications. The Event Viewer is getting hammered with with Schannel Errors (36874):


An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The TLS connection request has failed.

Open in new window


I am accessing this via RDP, if that's helpful. 


Here is my question: 


How can I tell what Remote Client Application or Program (in the form of the Connection) is attempting to connect via TLS 1.0?


Is there a tool in SysInternals the might be helpful?


Thanks!


....

Avatar of Andrew Porter
Andrew Porter
Flag of United States of America image

I would say your best bet here (if you can't identify the offending TLS 1.0 from the event logs, is to do a sniff port and use wireshark to identify the TLS 1.0 source application/device.

Avatar of Tessando

ASKER

The RDP comment might be misleading - I can login fine and the Event Viewer errors are generated due to websites. Sometimes it's difficult to determine what to include and that not to include when writing these up.


To Andrew's point, I did determine via the Event Viewer that the User is S-1-5-18 (or NT Authority/System).


I've made several Registry Changes already, enabling and disabling TLS at various combinations based off the Server that I'm migrating from. 


I'm accessing sites that are "hard-coded" to the HOSTS file, so I don't think it's an external application. Would that make a difference in tracking down why this is showing up in the Event Viewer?


Thanks for your guidance. 

ASKER CERTIFIED SOLUTION
Avatar of Tessando
Tessando
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer