Lync 2013 The Windows Schannel Error State Is 1203
Contents |
two pools in two datacenters. The server deployment went without a hitch and we lync schannel 36888 got everything up and running in no time flat. However,
Kb 2464556
we could not sign on with a Lync 2013 client to either pool. The client just complained an tls 1.2 connection request was received from a remote client application but none of the cipher it couldn't log on. Looking at the server event logs, we saw numerous SChannel errors as below: Event ID: 36874 - TLS 1.2 connection request was
Schannel The Following Fatal Alert Was Generated: 10. The Internal Error State Is 1203.
received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed. Event ID: 36888 - A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol schannel 36888 fatal alert 10 internal error state 1203 defined fatal error code is 40. The Windows SChannel error state is 1205. Looking around for solutions on the web, I came across these two apparent gems: http://social.technet.microsoft.com/Forums/lync/en-US/41718327-203f-445f-8657-87b0a8545ead/lync-2013-client-signin-issue-with-lync-2013-server?forum=lyncprofile (Look towards the bottom for the answer) and http://www.logicspot.net/index.php?id=50 If you don't feel like reading the aforementioned links, the answer was to use Regedit to disable TLS 1.2 on the Lync front-ends. This was the solution provided by MS Support. Sure enough, doing that fixed the problem, but as noted in the links above, this broke Windows Update. To get Windows Update to work, you would have to remove the registry entry, restart the server, run Windows Update, re-add the registry entry and reboot the server once more. Since this was a brand-new Lync deployment on brand new Windows 2012 servers, I had a hard time believing this was the only fix for the problem. Since the problem was affecting two independent pools, I figured there must be some common feature s
Start here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about Stack Overflow the company Business Learn more
Event Id 36888 Schannel Fatal Alert 10
about hiring developers or posting ads with us Server Fault Questions Tags Users Badges Unanswered Ask
The Tls Protocol Defined Fatal Error Code Is 10
Question _ Server Fault is a question and answer site for system and network administrators. Join them; it only takes a minute: Sign the tls protocol defined fatal error code is 10. the windows schannel error state is 1203 up Here's how it works: Anybody can ask a question Anybody can answer The best answers are voted up and rise to the top Lync & TLS: Event 36874 - how to handle? up vote 2 down vote favorite http://ucken.blogspot.com/2013/12/schannel-errors-on-lync-server.html 1 Setting up a new Lync 2013 install in the Company Network I got everything nearly working except Client Login. here seems to be a mismatch of capabilities or some Settings in the TLS area - Connection Fails, and I get quite a lot of Schannel Events 36874. EventData is:
products, such as Exchange and Lync you see your evelogs filling up with "Schannel" errors; event id: 36888The following fatal alert was generated: 51. The internal error state is 1306. The event https://vanbrenk.blogspot.com/2014/03/what-are-schannel-errors-and-how-to.html it self doesnt give out a lwhole lot of information but here is an explanation for it from technet: When you enable Schannel event logging on a computer that is running Microsoft Windows NT Server 4.0, Microsoft https://ficility.net/2013/10/21/exchange-2013-exchange-2010-windows-server-2012-schannel-event-id36888-1203-tlsssl-error-the-root-cause/ Windows 2000 Server, Microsoft Windows XP Professional, Microsoft Windows Server 2003, Microsoft Windows Server 2008, or Microsoft Windows Server 2008 R2, detailed information from Schannel events can be written to the Event Viewer logs, in particular the error state System event log. This article describes how to enable and configure Schannel event logging. The internal error state is 1203 - From a support forum: "This event is seen on windows 2008 R2 running IIS. If a user tries to access a web site using HTTP but specifies an SSL port in the URL then this event is logged. This event is expected as the client is trying to use the wrong port error state is or the wrong protocol to access the site The error 1203 indicates invalid ClientHello from the client. This is by design and you can ignore this warning." If your System eventlog is filling up with "Schannel" errors, and you want to stop this behavior, you can do the following. Enable /disable logging Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk. Note This registry key is present already in Windows 2000 and XP Professional. Start Registry Editor. To do this, click Start, click Run, type regedt32, and then click OK. Locate the following key in the registry: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL On the Edit menu, click Add Value, and then add the following registry value: Value Name: EventLogging Data Type: REG_DWORD Note After you add this property, you must give it a value. See the table in the "Logging options" section to obtain the appropriate value for the kind of events that you want to log. Exit Registry Editor. Click Start, click Shut Down, click to select Restart, and then click OK to restart the computer. (Logging does not take effect until after you r