question

ZunaidValley-9242 avatar image
0 Votes"
ZunaidValley-9242 asked VickyWang-MFST answered

Windows Server 2012 R2 (Schannel Errors)

Hi

We noticed in the event viewer of the server "system logs" the following error happening repeatedly.

=======================================================================================

Schannel: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.

Event ID : 36887



Any help resolving this issue would be helpful
Thank You and stay safe.
Kind Regards

windows-server-2012windows-server-infrastructure
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LeonLaude avatar image
0 Votes"
LeonLaude answered

Hi @ZunaidValley-9242,

Have a look at the following links for a better understanding of the SCHANNEL error code 70:

Schannel Error Codes for TLS and SSL Alerts
https://docs.microsoft.com/en-us/windows/win32/secauthn/schannel-error-codes-for-tls-and-ssl-alerts

SSL/TLS Alert Protocol and the Alert Codes
https://techcommunity.microsoft.com/t5/iis-support-blog/ssl-tls-alert-protocol-and-the-alert-codes/ba-p/377132

Depending on what role your server has, it may be something related to TLS issues, for example TLS 1.1, you could turn more detailed SCHANNEL event logging to troubleshoot this issue more:
https://docs.microsoft.com/en-gb/archive/blogs/kevinjustin/schannel-event-logging


(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)


Best regards,
Leon

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

VickyWang-MFST avatar image
0 Votes"
VickyWang-MFST answered

Hi,

Thank you for posting in our forum.

Here’s workaround you can try:

Note: You’d better backup the registry before change it/
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL]
"EventLogging"=dword:00000000
Value

Description

0x0000

       Do not log

0x0001

       Log error messages

0x0002

       Log warnings

0x0004

       Log informational and success events

There’s a similar website you can refer:

http://www.eventid.net/display-eventid-36887-source-Schannel-eventno-10676-phase-1.htm

Hope that helps.

Regards,
Vicky

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

VickyWang-MFST avatar image
0 Votes"
VickyWang-MFST answered

Hi,

Welcome to share your current situation if there are any updates.

Please feel free to let us know if you need further assistance.

Best Regards,
Vicky

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

VickyWang-MFST avatar image
0 Votes"
VickyWang-MFST answered

Hi,
Welcome to share your current situation if there are any updates.
Please feel free to let us know if you need further assistance.
Best Regards,
Vicky

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.