none
schannel 36888: The following fatal alert was generated: 10. The internal error state is 10.

    Question

  • Hi Folks,

    I see lots of discussion of this event log entry, but I am in the very fortunate position that I know exactly what is causing it; I just don't know why or what to do about it.

    I have a brand new Windows 7 workstation that is a member of a Windows Server 2008r2 Domain.  On that workstation, I installed Outlook and configured a e-mail account to use IMAP.  The IMAP server is a Cyrus server running on Fedora 12 outside my subnet.  I have a Fedora 17 notebook that runs evolution and can transact mail with the Cyrus mail server just fine.  Since I have a working client on my notebook, I know exactly the correct settings and I have configured Outlook with those settings.  The high points are: inbound and outbound each require TLS.

    EVERY time I push <F9> on the Windows Workstation (Outlook Send and Receive), Windows logs the above mentioned event.  lsass.exe is the complaining process.

    So, I surmise that Windows 7 is trying to establish a secure channel (S-Channel!!!) to the Cyrus mail server.  O.K., now, how do I diagnose this?  Why is it failing and what do I do to fix it?  What is "Fatal Alert 10" and what is "Internal Error State 10"?

    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Schannel" Guid="{1F678132-5938-4686-9FDC-C8FF68F15C85}" /> 
        <EventID>36888</EventID> 
        <Version>0</Version> 
        <Level>2</Level> 
        <Task>0</Task> 
        <Opcode>0</Opcode> 
        <Keywords>0x8000000000000000</Keywords> 
        <Security UserID="S-1-5-18" /> 
      </System>
      <EventData>
        <Data Name="AlertDesc">10</Data> 
        <Data Name="ErrorState">10</Data> 
      </EventData>
    </Event>

    Thanks for the help,

    Chris.


    • Edited by cjm51213 Saturday, September 08, 2012 10:09 PM
    Saturday, September 08, 2012 10:08 PM

All replies

  • Hi,

    I would suggest you to simply disable SCHANNEL logging.

    In the search run box type regedit and navigate to the following key:

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL

    Change the EventLogging value from 1 to 0 (that's a zero).

    For your information:

    http://support.microsoft.com/kb/260729

    Before modify the registry keys, please take a backup of the key. For more information about how to back up and restore the registry, please click the following link to view the article:

    Back up the registry

    http://windows.microsoft.com/en-us/windows7/Back-up-the-registry


    Tracy Cai

    TechNet Community Support

    Monday, September 10, 2012 8:24 AM
    Moderator
  • Hi Tracy,

    I don't want to silence the alarm; I need to put out the fire.  Outlook does not work and this is why Outlook is failing to connect to a specific IMAP server.  As I asked in my original post:

    So, I surmise that Windows 7 is trying to establish a secure channel (S-Channel!!!) to the Cyrus mail server.  O.K., now, how do I diagnose this?  Why is it failing and what do I do to fix it?  What is "Fatal Alert 10" and what is "Internal Error State 10"?


    Thanks for the help,

    Chris.

    Monday, September 10, 2012 10:42 AM
  • Hi,

    For the outlook issue, , I would redirect you to post this issue on Microsoft Office forum for further help.

    The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding.


    Tracy Cai

    TechNet Community Support

    Tuesday, September 11, 2012 6:40 AM
    Moderator
  • Hi Tracy,

    I don't have an "Outlook Issue", I have an "SChannel Issue" which effects Outlook.  SChannel is part of Windows 7 Security, NOT Outlook.  There is absolutely nothing I can do in Outlook that will change this.  It is a very simple question.  Event logs are documented completely somewhere, and I need to know where, so I can find out:

    So, I surmise that Windows 7 is trying to establish a secure channel (S-Channel!!!) to the Cyrus mail server. O.K., now, how do I diagnose this? Why is it failing and what do I do to fix it? What is "Fatal Alert 10" and what is "Internal Error State 10"?

    Thanks for the help,

    Chris.

    Tuesday, September 11, 2012 11:37 AM
  • Hi,

    Basically, Schannel internal error state 10 indicates that TLS alertunexpected_message” has been sent. This means that your machine received an unrecognized TLS message type, or a message in the incorrect order. The cause is likely to be communication with a server that has an incorrect TLS implementation. Currently, the four message types that we support are Handshake, ChangeCipherSpec, Alert, and ApplicationData, the only four defined in the TLS RFCs (defined in appendix A.1 of the TLS 1.2 RFC). In other words, we were passed an SSL/TLS message that wasn’t of four accepted SSL/TLS Content Types. What this indicates is that some application that uses Schannel is passing non-SSL/TLS data to InitializeSecurityContext or AcceptSecurityContext.

    You may look at the network traces and check the application which running on this computer and using SSL/TLS. If you have found out it, update the application and check the result.

    For more information on this alert, see section 7.2.2 of the TLS 1.0 RFC (http://www.ietf.org/rfc/rfc2246.txt) or the TLS 1.2 RFC (http://www.ietf.org/rfc/rfc5246.txt).

    Also, I found this post which may helpful for you.

    http://social.msdn.microsoft.com/Forums/en-US/netfxnetcom/thread/aec1df53-bd6e-4bb4-afdb-11cc94150b0a/


    Tracy Cai

    TechNet Community Support

    • Marked as answer by Sabrina Shen Thursday, September 27, 2012 8:08 AM
    • Unmarked as answer by cjm51213 Thursday, September 27, 2012 1:24 PM
    Wednesday, September 12, 2012 6:45 AM
    Moderator
  • Hi Tracy,

    I don't have an "Outlook Issue", I have an "SChannel Issue" which effects Outlook.  SChannel is part of Windows 7 Security, NOT Outlook.  There is absolutely nothing I can do in Outlook that will change this.  It is a very simple question.  Event logs are documented completely somewhere, and I need to know where, so I can find out:

    So, I surmise that Windows 7 is trying to establish a secure channel (S-Channel!!!) to the Cyrus mail server. O.K., now, how do I diagnose this? Why is it failing and what do I do to fix it? What is "Fatal Alert 10" and what is "Internal Error State 10"?

    Thanks for the help,

    Chris.

    I know this is really old, but I just spent the last day and a half looking for a solution to this so maybe this will help future me or someone else if they stumble across it...

    My scenario: Trying to set up Outlook 2010 using Outlook Anywhere to a hosted Exchange service in the cloud.  The setup would accept all info and then fail when authenticating the user and would continually prompt for user/pass.

    After finally seeing this event in the log, I checked in Add/Remove Programs and saw some stupid web browser 'security toolbar'.  I uninstalled it and instantly, outlook started working properly and allowed the account set up.

    Summary:  Search for toolbars, malware or maybe even AV software that may be inspecting SChannel TLS traffic, causing issues with the system.

    Hope this helps someone...

    Saturday, February 01, 2014 11:47 PM