Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

A fatal error occurred while creating a TLS client credential. The internal error state is 10013

Recently deployed a Windows 2016 Standard Server, with Active Directory and Exchange 2016.

We have disabled SSL 1.0, 2.0 and 3.0 for both Server and Client, and have disabled TLS 1.0 and TLS 1.1.

We are repeatedly getting the following entry in our system log. What is causing this, and how can I fix it.

enter image description here

like image 716
neildt Avatar asked Nov 02 '18 15:11

neildt


People also ask

What is internal error State 10013?

The internal error state is 10013" occurs when the client and server cannot agree on a mutual cipher to use to establish a secure connection. If you are having connectivity issues with a specific resource or internet site, for example, then you should review your TLS/SSL settings.

What is event ID 36871 schannel?

Event ID: 36871. Event Source: Schannel. Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013. All SCOM Management servers are running on windows server 2019.

What is the internal error State for TLS client credential 10013?

A fatal error occurred while creating a TLS client credential. The - Microsoft Community A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

What is the internal error state of 10013?

A fatal error occurred while creating a TLS client credential. The internal error state is 10013. by Marcus Rath 24. March 2021. If you have disabled the deprecated server and client protocols TLS 1.0 and TLS 1.1 on your Windows Server as further down for security reasons.

How do I find a fatal error in a TLS client?

A fatal error occurred while creating a TLS client credential. Sign in to the Windows Server and start Event Viewer. Navigate to Windows Logs > System. You will see error Event ID 36871. A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

What is the fatal error State for SSL client credential?

A fatal error occurred while creating an SSL client credential. The internal error state is 10013. Forums 4.0 Technet en-US en 1033 Technet.en-US Technet 8592413b-911f-400f-a94e-bd9e619ff91e


1 Answers

Basically we had to enable TLS 1.2 for .NET 4.x. Making this registry changed worked for me, and stopped the event log filling up with the Schannel error.

More information on the answer can be found here

Linked Info Summary

Enable TLS 1.2 at the system (SCHANNEL) level:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

(equivalent keys are probably also available for other TLS versions)

Tell .NET Framework to use the system TLS versions:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001

This may not be desirable for edge cases where .NET Framework 4.x applications need to have different protocols enabled and disabled than the OS does.

like image 135
neildt Avatar answered Oct 18 '22 06:10

neildt