none
After Disabling TLS 1.0, 1.1 and SSL - Event ID 36871 Schannel RRS feed

  • Question

  • Hi

    I am on a security hardening mission at the moment for our network and am currently disabling TLS 1.0/1.1/SSL wherever possible.

    I have used IISCrypto to get Cipher/Protocols settings how I want them and then checked all the referenced Registry keys to build a group policy. This works well.

    Additionally I have added “SystemDefaultTlsVersions” and “SchUseStrongCrypto” Dword 1 values to the registry for .NetFramework as per https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls

    What I have noticed once the above is applied, Severs2012R2 shows the following event after a reboot and subsequent RDP connection:

    Event ID 36871 Schannel
    A fatal error occurred while creating an SSL client credential. The internal error state is 10013.

    Enabling Schannel logging doesn’t give any additional information on the error. The error only appears twice (at the same time) immediately after connecting via RDP and I can’t see any other issues with the OS/applications.

    The client PC connecting via RDP is Windows 10 1803 with matching TLS settings (only TLS 1.2 enabled)
    I have tested the following and it does appear to work:

    Grant “Network Services” (Read/execute), System (Full), IUSR (Full) permissions to:
    “C:\ProgramData\Microsoft\Crypto\RSA \MachineKeys”

    https://heelpbook.altervista.org/2019/internet-explorer-11-schannel-the-internal-error-state-is-10013/

    What exactly is happening here and is it recommended to the do the above “fix”? Seems a bit hacky


    • Edited by Tee-Eff Thursday, April 11, 2019 1:24 PM
    Thursday, April 11, 2019 1:23 PM