After Disabling TLS 1.0, 1.1 and SSL - Event ID 36871 Schannel

T

Tee-Eff

Hi

I am on a security hardening mission at the moment for our network and am currently disabling TLS 1.0/1.1/SSL wherever possible.

I have used IISCrypto to get Cipher/Protocols settings how I want them and then checked all the referenced Registry keys to build a group policy. This works well.

Additionally I have added “SystemDefaultTlsVersions” and “SchUseStrongCrypto” Dword 1 values to the registry for .NetFramework as per https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls

What I have noticed once the above is applied, Severs2012R2 shows the following event after a reboot and subsequent RDP connection:

Event ID 36871 Schannel
A fatal error occurred while creating an SSL client credential. The internal error state is 10013.

Enabling Schannel logging doesn’t give any additional information on the error. The error only appears twice (at the same time) immediately after connecting via RDP and I can’t see any other issues with the OS/applications.

The client PC connecting via RDP is Windows 10 1803 with matching TLS settings (only TLS 1.2 enabled)
I have tested the following and it does appear to work:

Grant “Network Services” (Read/execute), System (Full), IUSR (Full) permissions to:
“C:\ProgramData\Microsoft\Crypto\RSA \MachineKeys”

Internet Explorer 11 – SChannel – The internal error state is 10013

What exactly is happening here and is it recommended to the do the above “fix”? Seems a bit hacky

Continue reading...
 

Similar threads

S
Replies
0
Views
161
SpikeS007
S
J
Replies
0
Views
701
JasonKowalczyk
J
P
Replies
0
Views
320
Pho745
P
M
Replies
0
Views
1K
myuan1031
M
Back
Top Bottom