Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Sunday, May 10, 2015 2:52 PM
Hi
My IIS server (Windows server 2012) event log is full with schannel errors, most of the time it is 2 errors 40 & 46
Here is example:
1. A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 46.
2. A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 1205.
Since in error details there is no other information about error I don't know where is the problem. Is someone "probing" my https server and if that is true, how can I find out client IP which is generating this errors.
Thanks
All replies (2)
Monday, May 11, 2015 5:09 AM âś…Answered
Hi,
Maybe you have higher cryptographic standard to encrypt the certificate. For more information, please refer to the document:
http://blogs.technet.com/b/silvana/archive/2014/03/14/schannel-errors-on-scom-agent.aspx
In addition, about the client ip, I suggest that you can try to check http.sys log or IIS log.
Monday, May 11, 2015 7:30 AM
It looks like SHA512 is enabled on my system.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\SSL\00010003:
RSA/SHA512
ECDSA/SHA512
RSA/SHA256
RSA/SHA384
RSA/SHA1
ECDSA/SHA256
ECDSA/SHA384
ECDSA/SHA1
DSA/SHA1
Since there is 25 SSL certificates active on this IIS server it's problematic to search each *.log file
It would be nice if microsoft add more usefull info in event log, at least PID that is responsable for this error. IIS Site ID info in event log would be great.