Error Event Id 36888 Schannel
Contents |
(עברית)المملكة العربية السعودية (العربية)ไทย (ไทย)대한민국 (한국어)中华人民共和国 (中文)台灣 (中文)日本 (日本語) HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums Ask a question Quick access Forums home Browse forums users FAQ Search related threads Remove From fatal alert generated 10 My Forums Answered by: Schannel error, Event ID 36888? - IS event id 36888 schannel error state 1205 there a way to Identify what causes Schannel to log error? Windows Server > Directory Services event id 36888 schannel error state 1203 Question 1 Sign in to vote Hi, I hope this is the correct forum for this problem, I am seeing a few of these errors (error event id 36888 schannel internal error state is 1203 details below) sporadically throughout the system event log on a windows 2008 R2 server. I have seen a number of threads about SChannel errors http://social.technet.microsoft.com/Forums/en-US/w7itprogeneral/thread/b2e0e110-f9ca-4113-8f4d-f20d6b39b8c7 http://social.technet.microsoft.com/Forums/en-US/Forefrontedgegeneral/thread/92c63737-c2a3-41f7-8878-3b0cf5ee95ff/ http://social.technet.microsoft.com/Forums/en-US/windowsserver2008r2general/thread/675864e2-2856-44fa-b3bc-ef275d391d45 http://social.technet.microsoft.com/Forums/en-US/windowsserver2008r2general/thread/4b505150-c709-45a2-b9f3-abc7c9988d6a http://social.technet.microsoft.com/Forums/en-US/Forefrontedgegeneral/thread/80b1ceee-9835-4f78-af0f-5b00a8964f34 However I can find no clear way of trying to find what exactly causing the error. It would appear that the Schannel is logging errors
Event Id 36888 Schannel Windows 2008 R2
but that this errors are being caused by other processes. Now I know that this is obviously SSL/TLS related. So my question/s are this. What exactly is Schannel and what does it do? How do you identify the actual problem.? I list the error details below, the pid refereced in the error is the lssas.exe which I believe deals with authentication. Is there anyway to trace what is actually causing the issue? For reference the PID 604 noted below is lsasss.exe The General error is The following fatal alert was generated: 10. The internal error state is 1203. The Details are - System - Provider [ Name] Schannel [ Guid] {1F678132-5938-4686-9FDC-C8FF68F15C85} EventID 36888 Version 0 Level 2 Task 0 Opcode 0 Keywords 0x8000000000000000 - TimeCreated [ SystemTime] 2010-06-18T04:51:41.830028400Z EventRecordID 10087 Correlation - Executio
be down. Please try the request again. Your cache administrator is webmaster. Generated Tue, 11 Oct 2016 11:37:51 GMT by s_ac15 (squid/3.5.20)
can fix two of those. I ran into this error at a large, highly distributed client site. Because of the nature of the problem (sporadic) it took longer to solve http://blog.ittoby.com/2014/07/why-schannel-eventid-36888-36874-occurs.html than I would have liked. Hopefully this article will save you that time. What Components are Involved? This error involves two sides: a "client" and a server. Client is in quotes because it can be, and often is, an application consuming a web service or similar. On the server side this problem generally occurs on Windows 2008 or newer. The "client" can be any platform. What Errors Again? Generally, but event id not always, these errors are manifested into following events: System Log, Schannel source, EventID 36888 System Log, Schannel source, EventID 36874 These errors can occur on either side, provided obviously that side is Windows. What errors you receive on the other side depend entirely on the platform. What is Happening? At a high level, the client and server are failing to agree on a way to talk to each other securely. event id 36888 To communicate securely, the server and client must agree on a methodology to communicate involving 4 main components. Those are: How to authenticate each other (Key Exchange) How to encrypt data to be exchanged (Encryption Cipher) How to verify the message hasn't been tampered with (Message Authentication Code) How to determine random numbers for seeding keys (Pseudorandom Function) The client and server must agree to the same implementation of each of these items. Bundled together, these are referred to as a cipher suite. The client and server each have preferences as to which portions of the cipher suite hold which priority. Based on this prioritization, a set of supported cipher suites is compiled and proposed at the beginning of any SSL/TLS connection. The client first proposes what it would like, then the server compares the client list to its own list and selects the first matching suite. So therein lies the problem: Your server doesn't like any of the proposals from the client. Why? This is why I decided to write this article. While there are several hits on the internet regarding this problem, I have yet to see one that nails it. Initially (and originally published in this article) I suspected the problem was due to an incorrect cryptographic