Schannel: Fatal Alert Received

What it Schannel?

It is Microsoft's API for secure channel (encryption) communications. It's is similar to an SSL/TLS implementation for Windows.

Errors

"The following fatal alert was received"

This is not usually a critical error. It indicates some failure to establish a secure (i.e. encrypted) connection. The error number is indicative of the cause of the error, though there is usually no way to fix it.

Event ID 36887 (eventid.net)

TLS1_ALERT_CLOSE_NOTIFY (0)
TLS1_ALERT_UNEXPECTED_MESSAGE (10)
TLS1_ALERT_BAD_RECORD_MAC (20)
TLS1_ALERT_DECRYPTION_FAILED (21)
TLS1_ALERT_RECORD_OVERFLOW (22)
TLS1_ALERT_DECOMPRESSION_FAIL (30)
TLS1_ALERT_HANDSHAKE_FAILURE (40)
TLS1_ALERT_BAD_CERTIFICATE (42)
TLS1_ALERT_UNSUPPORTED_CERT (43)
TLS1_ALERT_CERTIFICATE_REVOKED (44)
TLS1_ALERT_CERTIFICATE_EXPIRED (45)
TLS1_ALERT_CERTIFICATE_UNKNOWN (46)
TLS1_ALERT_ILLEGAL_PARAMETER (47)
TLS1_ALERT_UNKNOWN_CA (48)
TLS1_ALERT_ACCESS_DENIED (49)
TLS1_ALERT_DECODE_ERROR (50)
TLS1_ALERT_DECRYPT_ERROR (51)
TLS1_ALERT_EXPORT_RESTRICTION (60)
TLS1_ALERT_PROTOCOL_VERSION (70)
TLS1_ALERT_INSUFFIENT_SECURITY (71)
TLS1_ALERT_INTERNAL_ERROR (80)
TLS1_ALERT_USER_CANCELED (90)
TLS1_ALERT_NO_RENEGOTIATION (100)
TLS1_ALERT_UNSUPPORTED_EXT (110)

It can happen, for example, if you attempt to connect to an HTTP server (not providing HTTPS) using HTTPS.

It is also possible to configure Schannel logging so that these events do not get put into the Application event log.

REG DELETE "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL" /v "EventLogging

Resources

Back to top