Share via

TLS 1.2 error, Schannel Event ID 36874 and 36888

Alec Denholm 11 Reputation points
2021-02-16T20:21:20.297+00:00

I'm seeing the following pair of errors in eventvwr on Windows Server 2008 R2:

"An TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.", source is Schannel, Event ID is 36874.

"The following fatal alert was generated: 40. The internal error state is 1205.", source is Schannel, Event ID is 36888, however I know this error is basically just saying the TLS handshake failed which is what the previous error is saying too.

I can make this error occur intentionally by using sslscan, for example if I run sslscan.exe --tls12 --verbose [myserver].com:443, I see a list of accepted ciphers followed by this error: SSL_get_error(ssl, cipherStatus) said: 5

Each time I run this I get two pairs of errors in the eventvwr, but I don't know why or which ciphers are at issue. It says the SSL certificate is weakly encrypted, which I can fix, although I don't know if that's related to the TLS errors or not.

I've seen other similar questions whose response is usually "disable schannel logging in the registry to hide the error", but that's not a fix, so I'm reluctant to do that.

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,366 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jenny Yan-MSFT 9,326 Reputation points
    2021-02-17T06:37:27.147+00:00

    Hi,
    Here are two articles which might give you some clues and suggestions like the issue was related to certificates type that the server side supported.
    SChannel Errors on SCOM Agent
    https://learn.microsoft.com/en-us/archive/blogs/silvana/schannel-errors-on-scom-agent
    Why Schannel EventID 36888 / 36874 Occurs and How to Fix It
    https://blog.ittoby.com/2014/07/why-schannel-eventid-36888-36874-occurs.html

    Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.

    ----------

    Hope this helps and please help to accept as Answer if the response is useful.

    Thanks,
    Jenny

    1 person found this answer helpful.
    0 comments
  2. Manuel 0 Reputation points
    2023-06-24T16:05:19.5733333+00:00

    TLS 1.2 is not enabled or present at all in Windows 2008 R2 Server. You need to enable it. Check here... 3 methods to enable it are described

    https://thesecmaster.com/how-to-enable-tls-1-2-and-tls-1-3-on-windows-server/

    0 comments