I am seeing a few of these errors (error details below) sporadically throughout the system event log on a windows 2008 R2 server. Can anyone explain what and why these errors occur. I have tried using the internet and it appears a few people experience them
but I have been unable to decide why it occurs.
Cheers
For reference the PID 604 noted below is lsasss.exe
The General error is
The following fatal alert was generated: 10. The internal error state is 1203.
wamprat
4 Posts
Schannel error, Event ID 36888?
Jun 18, 2010 05:11 AM|LINK
Hi,
I am seeing a few of these errors (error details below) sporadically throughout the system event log on a windows 2008 R2 server. Can anyone explain what and why these errors occur. I have tried using the internet and it appears a few people experience them but I have been unable to decide why it occurs.
Cheers
For reference the PID 604 noted below is lsasss.exe
The General error is
The following fatal alert was generated: 10. The internal error state is 1203.
The Details are
- System
- Provider
[ Name] Schannel
[ Guid] {1F678132-5938-4686-9FDC-C8FF68F15C85}
EventID 36888
Version 0
Level 2
Task 0
Opcode 0
Keywords 0x8000000000000000
- TimeCreated
[ SystemTime] 2010-06-18T04:51:41.830028400Z
EventRecordID 10087
Correlation
- Execution
[ ProcessID] 604
[ ThreadID] 3828
Channel System
Computer <ComputernameRemoved>
- Security
[ UserID] S-1-5-18
- EventData
AlertDesc 10
ErrorState 1203
IIS7 HTTPS SSL IIS7.5
lextm
4562 Posts
Re: Schannel error, Event ID 36888?
Jun 19, 2010 01:34 AM|LINK
lsass.exe and SChannel are authentication/SSL related, so typically AD experts can explain what happens. IIS is not the one service relying on them.
http://social.technet.microsoft.com/Forums/en/winserverDS/threads
http://lextm.com
---------------------------
This posting is provided "AS IS" with no warranties, and confers no rights.
wamprat
4 Posts
Re: Schannel error, Event ID 36888?
Jun 21, 2010 11:25 PM|LINK
Thanks for that, I have posted a question to that forum. See link below.
http://social.technet.microsoft.com/Forums/en/winserverDS/thread/4c5430f5-43f6-41b4-97d3-03cfb3efa70b
I will mark as answered, although not truly answered as I posted in the wrong forum. :)
Again I appreciate the pointer.
Cheers
Finy
2 Posts
Re: Schannel error, Event ID 36888?
Sep 23, 2010 06:48 AM|LINK
I met the same problem on some web servers.
I found the way to repro the issue: just telnet 443 port of server and type some charactors
It seems if the the https site get some non-SSL request, schannel will log error (Hope MS engineer give some more info about this)
So, I currently disabled the schannel logging by setting EventLogging=0, under
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL
refer:
http://support.microsoft.com/kb/260729