Event ID: 36888 The following fatal alert was generated: 10. The internal error state is 10

windows-event-log schannel
59,665

I wouldn't disable logging those, but I would not be concerned about them. I believe this page should give more information: https://msdn.microsoft.com/en-us/library/windows/desktop/dd721886%28v=vs.85%29.aspx.

Apparently this is connected to SSLv3, so maybe it's related to older clients connecting, or network issues between the clients and the RDP server.

You could try to investigate who actually logs on during those times and attempt to correlate the schannel error with a successful or failed logon.

Share:
59,665

Related videos on Youtube

DanielJay
Author by

DanielJay

Updated on September 18, 2022

Comments

  • DanielJay
    DanielJay almost 2 years

    We are experiencing the following schannel errors most frequently on our Remote Desktop Terminal Servers. 

    Log Name:      System
Source:        Schannel
Date:          11/18/2015 1:04:56 PM
Event ID:      36888
Task Category: None
Level:         Error
Keywords:      
User:          SYSTEM
Computer:      RD2.{removed}.com
Description:
The following fatal alert was generated: 10. The internal error state is 10.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Schannel" Guid="{1F678132-5938-4686-9FDC-C8FF68F15C85}" />
    <EventID>36888</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2015-11-18T18:04:56.498068400Z" />
    <EventRecordID>1969389</EventRecordID>
    <Correlation />
    <Execution ProcessID="572" ThreadID="48732" />
    <Channel>System</Channel>
    <Computer>RD2.{removed}.com</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="AlertDesc">10</Data>
    <Data Name="ErrorState">10</Data>
  </EventData>
</Event>

    Occasionally we will get this on our Exchange server or an IIS server, however it is mostly from our Remote Desktop Terminal Servers that are running 2008 R2 64bit. As you can see by the following graph that we get spikes such as this semi frequently. This graph is of 1 terminal server for the past 12 hours which gave us 407 errors. schannel error graph

    Any suggestions on how to find out what is causing these issues? Should we just disable schannel debugging?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Can't connect to the SSL server that use only ephemeral ciphersuites (The Local Security Authority cannot be contacted)
windows event log forwarding permission
Event Log: atapi - the device did not respond within the timeout period - Freeze
Using the CheckEventLog module of NSClient++, how do I properly filter in two different eventTypes?
Event ID 17890 (A significant part... paged out.) with SQL Server 2008
Permissions needed to read event log messages remotely?
Cannot login SQL Server after changing machine name
Server Hanging - Server Event Viewer
Windows cannot access the file gpt.ini for GPO error
Server 2008 R2, Exchange 2010, WMI error event 10