question

kumaravelu-1265 avatar image
0 Votes"
kumaravelu-1265 asked GerbenTiele-6622 commented

SCOM 2019: Event ID 36871 Schannel

Hello All,

We recently moved to SCOM 2019 since then we have been receiving the below errors in the System event logs on all of the SCOM management servers.

Event ID: 36871
Event Source: Schannel
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

All SCOM Management servers are running on windows server 2019.

kindly assist us on this.

Regards,
Kumar B

msc-operations-manager
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

StoyanChalakov avatar image
0 Votes"
StoyanChalakov answered

Hi @kumaravelu-1265,

Do you see this event in the System Log? What makes you think that it is related to SCOM? What TLS Version is currentl configured:

  • in SCOM?

  • on your OS?

  • on your SCOM DBs?

Can you please go over this post and see if this is also helpful:

A fatal error occurred while creating a TLS client credential. The internal error state is 10013
https://social.technet.microsoft.com/Forums/en-US/fd626e47-9ee7-41c5-b11a-ae696e3b6b5b/a-fatal-error-occurred-while-creating-a-tls-client-credential-the-internal-error-state-is-10013?forum=ws2016

A fatal error occurred while creating a TLS client credential. The internal error state is 10013
https://stackoverflow.com/questions/53121859/a-fatal-error-occurred-while-creating-a-tls-client-credential-the-internal-erro

Please check those out and I am pretty sure that those will help you.



(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards
Stoyan Chalakov


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Crystal-MSFT avatar image
0 Votes"
Crystal-MSFT answered GerbenTiele-6622 commented

@kumaravelu-1265, Research and find a similar issue. in that case, these SCHANNEL 36871 events being logged are due to a configuration on the server itself.

Here is the resolution for that issue for the reference:
1.Made the necessary modifications from the following
https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls
Transport Layer Security (TLS) best practices with the .NET Framework.

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001
Note: please do a backup before we change any registry key.

2.After these modifications are made to enable .NET to utilize more secure TLS versions a reboot is required.
3.After this is accomplished the SCHANNEL events are no more.

Hope it can help.


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@kumaravelu-1265, How are things going? Was our issue resolved? If there's any update, feel free to let us know.

Thanks and have a nice day!

0 Votes 0 ·

This doesn't work. On all my Server 2016 machines the SCHANNEL 36871 keep spamming and various parts of Remote Desktop are broken.

0 Votes 0 ·
jamesatbiztech avatar image
0 Votes"
jamesatbiztech answered jamesatbiztech edited

@Crystal-MSFT I think the forum post removed the "\" between Microsoft and .NETFramework. It did just now for me when I attempted to point it out.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.