Schannel errors in eventvwr... RRS feed

  • Question

  • I have a fresh R2 install that hosts several websites.  I am getting an error that google doesn't know much about.  The error is generated by Schannel Event ID 36888:

    The following fatal alert was generated: 10. The internal error state is 1203.
    In the details I can see that the PID belongs to lsass.exe.  I used to get this error along with an error about a cipher suite not being available to a client.  But I fixed that by adding the cipher suites present on my non-R2 server to my new R2 server... http://msdn.microsoft.com/en-us/library/bb870930(VS.85).aspx.  Does anyone know how to fix this error?

    Friday, March 26, 2010 1:40 PM

All replies

  • Hi


    If are using any physical servers, make sure that all the drives and firmware’s are upgraded.


    Especially network drives…


    Then after upgrading let us know the updates…



    Rajesh J S
    Friday, March 26, 2010 3:20 PM
  • We're getting the same error on 3 exchange servers.

    All brand new, full up-to-date.

    Doesn't appear to be affecting anything.

    Sunday, March 28, 2010 1:16 AM
  • Mine is a Dell blade which has 4 NICs.  I am only using two of the NICs which are both Intel.  On my old server I was using the other two NICs which are Broadcom.  I wonder if that has something to do with it.  

    The Intel NIC I have is listed on this: http://www.intel.com/support/network/sb/cs-028867.htm.  Looks like Intel doesn't support 2008 with this NIC!?!?!?!  

    Sunday, March 28, 2010 5:51 AM
  • In my case it's Windows 7 Ultimate 64bit with an updated firmware on CAC reader SCR331.  As I remote to many Army sites I need this to work.  I have installed 64bit ActiveClient 6.2 and downloaded the root certs from AKO and installed.  This all used to work fine in my 32bit XP box.  It appears that although the CAC card certs are installed in Windows they are not being read.

    Here is the error from Events Viewer.

    - Provider
          [ Name] Schannel
          [ Guid] {1F678132-5938-4686-9FDC-C8FF68F15C85}
      EventID 36888
      Version 0
      Level 2
      Task 0
      Opcode 0
      Keywords 0x8000000000000000
    - TimeCreated
          [ SystemTime] 2010-03-28T18:29:15.619464700Z
      EventRecordID 6945
    - Execution
          [ ProcessID] 544
          [ ThreadID] 4288
      Channel System
      Computer computer name removed
    - Security
          [ UserID] S-1-5-18
    - EventData

        AlertDesc 70
        ErrorState 105
    HTTP Error is 430.7

    The page requires a client certificate

    The page you are attempting to access requires your browser to have a Secure Sockets Layer (SSL) client certificate that the Web server will recognize. The client certificate is used for identifying you as a valid user of the resource.

    Exchange 2003 Admin
    Sunday, March 28, 2010 10:02 PM
  • Hi,

    Based on the ErrorState 105 and the HTTP error, it seems that the Require option of the "Client certificates" feature is selected on IIS but there is no valid certificate installed on the client computer.

    Please refer to the following articles to troubleshoot the issue:

    Error message when you try to run a Web application that is hosted on a server that is running IIS 7.0: "HTTP Error 403.7 - Forbidden"

    PRB: Error Message: 403.7 Forbidden: Client Certificate Required


    This posting is provided "AS IS" with no warranties, and confers no rights.
    Thursday, April 1, 2010 4:07 AM
  • Your answer doesn't address my issue at all.  I have unmarked it as the answer so others can hopefully give suggestions.
    Tuesday, April 6, 2010 4:14 AM
  • I agree the answer is not acceptable. I also have this issue with two on my clustered web servers. Both servers are Windows Server 2008 R2 VM's running on Windows Server 2008 R2 host machines. I get hundreds of these errors in my event logs everyday. Any help with this would be appreciated.
    Wednesday, May 5, 2010 11:11 PM
  • I have the same issue on a Server 2008 R2 Enterprise with Exchange 2010 installed. At Night when no clients logged in to the domain the error disappears. But during the day, with 4 clients connected, I get at least 200 of this errors.


    Sometimes, but not always, the error appears also when a user log in to OWA.   The NIC is a “Broadcom NetXtreme-Gigabit-Ethernet” adapter with the drivers from Microsoft (version from 26th April 2009). When I have time today I will install another NIC to test if it is an issue with the hardware.

    Friday, May 7, 2010 6:28 AM
  • I have a similar setup as both of you.  The problem I'm experiencing is on a server with 4 NICs.  Two of the NICs are Intel PRO/1000 MB Dual Port Server Connection which are disabled in Windows (I haven't disabled in the BIOS yet) and two are Broadcom BCM5708S NetXtreme II GigE.  The Intel NICs have Driver Version and is Provided/Signed by Microsoft.  I've looked on the Intel site and it turns out there is no driver available for this NIC in 2008 R2 (not even 2008).  I originally thought this was my issue so I switched over to the Broadcom NICs and disabled the Intel NICs.  This didn't work either.  The Broadcom NICs are using the latest driver Provided by Broadcom Corporation (12.17.2009) Version and Signed by Microsoft. Like PenguinDreams, I'm running NLB on the Broadcom NICs with another server (of which is getting the same errors).  Like both of you I'm getting hundreds per day.  Hopefully MSFT will step in here to give us some useful troubleshooting steps.
    Friday, May 7, 2010 11:30 AM
  • I am haviung this same issue. I am running on VMWare ESX server with single NIC's. The error started up after I installed FAST Search for SharePoint 2010 (which is when the IIS role was setup).
    Monday, May 10, 2010 5:07 PM
  • What kind of NIC is it?  2008 R2 like the rest of us?
    Monday, May 10, 2010 5:11 PM
  • It is listed as a "Intel(R) PRO/1000 MT Network Connection", but its a pseudo NIC since its a VM.

    Yes, 2008 R2. Freshly built within the last two weeks.

    Monday, May 10, 2010 5:15 PM