getting Schannel 36874 errors on my CAS/HT servers
-
Tuesday, March 29, 2011 6:45 PM
See below.. everything seems to be working fine but we get these a couple of times a day at random times.
Schannel 36888 - " The following fatal alert was generated: 40. The internal error state is 107."
Schannel 36874 - " An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed."
Answers
-
Monday, April 04, 2011 7:02 AMModerator
To workaround this issue, we can set the event logging value to 0 under:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL
Thanks,
Simon
- Marked As Answer by Serena LiMicrosoft Contingent Staff, Moderator Tuesday, April 19, 2011 8:11 AM
-
Tuesday, May 24, 2011 6:43 PM
To workaround this issue, we can set the event logging value to 0 under:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL
Thanks,
Simon
This simply turns off the error reporting. The events you are seeing are a result of an incompatible browser trying to open OWA or something along those lines. I haven't quite figured out what the problem is yet but it has something to do with an SSL 3.0 request coming into the server but it doesn't know how to handle it. Under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols, I see SSL 2.0 but no SSL 3.0 listed. Not sure if this is the problem but that's where I'm heading to troubleshoot.Just so you know, I'm trying to open OWA from my new Acer tablet using the stock browser...it just keeps prompting me to enter credentials then eventually my account gets locked out.
Further investigation I found the following article. I will restart afterhours and see if it fixes this.http://www.techieshelp.com/how-to-enable-ssl-3-0-server-2008-sbs-2008/
- Marked As Answer by Sam Booka Wednesday, May 25, 2011 5:57 PM
All Replies
-
Tuesday, March 29, 2011 6:51 PM
Do you have this turned on
http://technet.microsoft.com/en-us/library/dd197492%28WS.10%29.aspx
-
Wednesday, March 30, 2011 3:10 PMOur servers are receiving the same errors and the registry key from the article was set to 1.
-
Wednesday, March 30, 2011 7:38 PM
We are set to 1 as well.
To disable this it should be set to 0?
should we be concerned about this?
Thanks
Drew
-
Wednesday, March 30, 2011 7:49 PMare you using self signed cert or third party cer on your server?
-
Wednesday, March 30, 2011 10:13 PM3rd party SAN cert.
-
Wednesday, March 30, 2011 11:00 PM
You would see these errors if you have TMG server for reverse publishing and are doing HTTP inspection.
-
Thursday, March 31, 2011 3:39 AM
I dont think we are..
We dont have a TMG server and I am not even sure what reverse publishing is :)
-
Monday, April 04, 2011 7:02 AMModerator
To workaround this issue, we can set the event logging value to 0 under:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL
Thanks,
Simon
- Marked As Answer by Serena LiMicrosoft Contingent Staff, Moderator Tuesday, April 19, 2011 8:11 AM
-
Monday, April 18, 2011 7:12 PM
Simon_Wu,
So what you're saying is that this error means nothing and that we should just disable the logging of said events?
-
Tuesday, April 19, 2011 8:11 AMModerator
If everything works properly and you do not want to see this error ID in Applocaiton log, you can workaround to disable it.
Thanks,
Simon
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. -
Tuesday, May 24, 2011 6:43 PM
To workaround this issue, we can set the event logging value to 0 under:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL
Thanks,
Simon
This simply turns off the error reporting. The events you are seeing are a result of an incompatible browser trying to open OWA or something along those lines. I haven't quite figured out what the problem is yet but it has something to do with an SSL 3.0 request coming into the server but it doesn't know how to handle it. Under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols, I see SSL 2.0 but no SSL 3.0 listed. Not sure if this is the problem but that's where I'm heading to troubleshoot.Just so you know, I'm trying to open OWA from my new Acer tablet using the stock browser...it just keeps prompting me to enter credentials then eventually my account gets locked out.
Further investigation I found the following article. I will restart afterhours and see if it fixes this.http://www.techieshelp.com/how-to-enable-ssl-3-0-server-2008-sbs-2008/
- Marked As Answer by Sam Booka Wednesday, May 25, 2011 5:57 PM
.png){kind=spacer}
