locked
Schannel error, Event ID 36888? RRS feed

  • Question

  • User126372993 posted

    Hi,

    I am seeing a few of these errors (error details below) sporadically throughout the system event log on a windows 2008 R2 server. Can anyone explain what and why these errors occur. I have tried using the internet and it appears a few people experience them but I have been unable to decide why it occurs.

    Cheers

    For reference the PID 604 noted below is lsasss.exe

    The General error is
        The following fatal alert was generated: 10. The internal error state is 1203.

    The Details are

    - System

      - Provider

       [ Name]  Schannel
       [ Guid]  {1F678132-5938-4686-9FDC-C8FF68F15C85}
     
       EventID 36888
     
       Version 0
     
       Level 2
     
       Task 0
     
       Opcode 0
     
       Keywords 0x8000000000000000
     
      - TimeCreated

       [ SystemTime]  2010-06-18T04:51:41.830028400Z
     
       EventRecordID 10087
     
       Correlation
     
      - Execution

       [ ProcessID]  604
       [ ThreadID]  3828
     
       Channel System
     
       Computer <ComputernameRemoved>
     
      - Security

       [ UserID]  S-1-5-18
     

    - EventData

      AlertDesc 10
      ErrorState 1203

     

    Friday, June 18, 2010 1:11 AM

Answers

  • User690216013 posted

    lsass.exe and SChannel are authentication/SSL related, so typically AD experts can explain what happens. IIS is not the one service relying on them.

    http://social.technet.microsoft.com/Forums/en/winserverDS/threads

    • Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
    Friday, June 18, 2010 9:34 PM

All replies

  • User690216013 posted

    lsass.exe and SChannel are authentication/SSL related, so typically AD experts can explain what happens. IIS is not the one service relying on them.

    http://social.technet.microsoft.com/Forums/en/winserverDS/threads

    • Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
    Friday, June 18, 2010 9:34 PM
  • User126372993 posted

    Thanks for that, I have posted a question to that forum. See link below.

    http://social.technet.microsoft.com/Forums/en/winserverDS/thread/4c5430f5-43f6-41b4-97d3-03cfb3efa70b

     I will mark as answered, although not truly answered as I posted in the wrong forum. :)

     Again I appreciate the pointer.

    Cheers

     

     

    Monday, June 21, 2010 7:25 PM
  • User-890263193 posted

    I met the same problem on some web servers.

    I found the way to repro the issue: just telnet 443 port of server and type some charactors

    It seems if the the https site get some non-SSL request, schannel will log error (Hope MS engineer give some more info about this)

    So, I currently disabled the schannel logging by setting EventLogging=0, under

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL

    refer:

    http://support.microsoft.com/kb/260729

     

    Thursday, September 23, 2010 2:48 AM