SChannel errors after enabling SSL on a Windows Server 2012 R2 The 2019 Stack Overflow Developer Survey Results Are In Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern) Come Celebrate our 10 Year Anniversary!Why does Window's SSL Cipher-Suite get restricted under certain SSL certificates?What is the minimum version of RDP supported by Server 2012 RDS?SChannel SSL 3.0 error - OWA - Windows Server 2008 R2TLS 1.0 handshake fails in Windows Server 2012 R2Schannel Error - RandomWindows server 2012 IIS 8 php data post upload failure to mysqlIIS 8.5 server not accepting a TLS 1.0 connection from Windows Server 2003Use of SSL in ADFSWhat are the security risks of selecting “allow local activation security check exemptions”?Schannel 36874 errors on Windows Server 2016
How to copy the contents of all files with a certain name into a new file?
Finding the path in a graph from A to B then back to A with a minimum of shared edges
Can a 1st-level character have an ability score above 18?
Working through the single responsibility principle (SRP) in Python when calls are expensive
Arduino Pro Micro - switch off LEDs
ELI5: Why do they say that Israel would have been the fourth country to land a spacecraft on the Moon and why do they call it low cost?
Why does the Event Horizon Telescope (EHT) not include telescopes from Africa, Asia or Australia?
How should I replace vector<uint8_t>::const_iterator in an API?
How to split my screen on my Macbook Air?
How is simplicity better than precision and clarity in prose?
High Q peak in frequency response means what in time domain?
What is this lever in Argentinian toilets?
Why can't devices on different VLANs, but on the same subnet, communicate?
Is above average number of years spent on PhD considered a red flag in future academia or industry positions?
Can the DM override racial traits?
Make it rain characters
How are presidential pardons supposed to be used?
Would an alien lifeform be able to achieve space travel if lacking in vision?
Python - Fishing Simulator
How did passengers keep warm on sail ships?
Did the UK government pay "millions and millions of dollars" to try to snag Julian Assange?
The following signatures were invalid: EXPKEYSIG 1397BC53640DB551
Take groceries in checked luggage
How to pronounce 1ターン?
SChannel errors after enabling SSL on a Windows Server 2012 R2
The 2019 Stack Overflow Developer Survey Results Are In
Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)
Come Celebrate our 10 Year Anniversary!Why does Window's SSL Cipher-Suite get restricted under certain SSL certificates?What is the minimum version of RDP supported by Server 2012 RDS?SChannel SSL 3.0 error - OWA - Windows Server 2008 R2TLS 1.0 handshake fails in Windows Server 2012 R2Schannel Error - RandomWindows server 2012 IIS 8 php data post upload failure to mysqlIIS 8.5 server not accepting a TLS 1.0 connection from Windows Server 2003Use of SSL in ADFSWhat are the security risks of selecting “allow local activation security check exemptions”?Schannel 36874 errors on Windows Server 2016
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
I have a Windows Server 2012 R2 instance on Azure. For a new website I have ordered a certificate by GlobalSign. After getting the certificates from them I have completed the certificate request in IIS and installed the root certifcate.
I moved the website to a new instance, so I have exported the certificate with its private key and imported it on the new instance.
That was my installation and it seemed to work pretty well.
Now I am getting a lot SChannel errors. They are:
A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 1205.
A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 20. The Windows SChannel error state is 960.
An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
It's the first time that I use SSL and to be honest, I have no idea what I am doing. For me it looks fine when I request the website (http://laola.biz).
I have already used the SSL Check by GlobalSign which gives me Grade C. https://sslcheck.globalsign.com/en_US/sslcheck?host=laola.biz#191.233.85.240-cert-ssl
Here a list of the certificates from mmc (my website is laola.biz):
Intermediate
Root
Personal
Any ideas what I could have done wrong here?
ssl windows-server-2012 schannel
asked Apr 24 '15 at 8:14
tobi.attobi.at
108115
add a comment |
I have a Windows Server 2012 R2 instance on Azure. For a new website I have ordered a certificate by GlobalSign. After getting the certificates from them I have completed the certificate request in IIS and installed the root certifcate.
I moved the website to a new instance, so I have exported the certificate with its private key and imported it on the new instance.
That was my installation and it seemed to work pretty well.
Now I am getting a lot SChannel errors. They are:
A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 1205.
A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 20. The Windows SChannel error state is 960.
An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
It's the first time that I use SSL and to be honest, I have no idea what I am doing. For me it looks fine when I request the website (http://laola.biz).
I have already used the SSL Check by GlobalSign which gives me Grade C. https://sslcheck.globalsign.com/en_US/sslcheck?host=laola.biz#191.233.85.240-cert-ssl
Here a list of the certificates from mmc (my website is laola.biz):
Intermediate
Root
Personal
Any ideas what I could have done wrong here?
ssl windows-server-2012 schannel
asked Apr 24 '15 at 8:14
tobi.attobi.at
108115
1
I found the solution to my problem. I'm not sure if it may be related to yours. My IIS was using the certificate, so the initial GET request to the server worked fine. After, when I wanted to do a POST and the application had to sign something with the certificate, it was failing to get the certificate due to the application not having permissions to the certificate in the OS store. Hope this helps.
– Origin
May 29 '15 at 15:57
For the error: "Error Event ID 36888: "The following fatal alert was generated: 20. The internal error state is 960" You can check the resolution in the link below: blogs.technet.microsoft.com/keithab/2016/11/11/… and/or port135.com/2018/11/20/windows-schannel-error-state-is-960
– user513485
Mar 8 at 12:43
add a comment |
I have a Windows Server 2012 R2 instance on Azure. For a new website I have ordered a certificate by GlobalSign. After getting the certificates from them I have completed the certificate request in IIS and installed the root certifcate.
I moved the website to a new instance, so I have exported the certificate with its private key and imported it on the new instance.
That was my installation and it seemed to work pretty well.
Now I am getting a lot SChannel errors. They are:
A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 1205.
A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 20. The Windows SChannel error state is 960.
An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
It's the first time that I use SSL and to be honest, I have no idea what I am doing. For me it looks fine when I request the website (http://laola.biz).
I have already used the SSL Check by GlobalSign which gives me Grade C. https://sslcheck.globalsign.com/en_US/sslcheck?host=laola.biz#191.233.85.240-cert-ssl
Here a list of the certificates from mmc (my website is laola.biz):
Intermediate
Root
Personal
Any ideas what I could have done wrong here?
ssl windows-server-2012 schannel
asked Apr 24 '15 at 8:14
tobi.attobi.at
108115
I have a Windows Server 2012 R2 instance on Azure. For a new website I have ordered a certificate by GlobalSign. After getting the certificates from them I have completed the certificate request in IIS and installed the root certifcate.
I moved the website to a new instance, so I have exported the certificate with its private key and imported it on the new instance.
That was my installation and it seemed to work pretty well.
Now I am getting a lot SChannel errors. They are:
A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 1205.
A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 20. The Windows SChannel error state is 960.
An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
It's the first time that I use SSL and to be honest, I have no idea what I am doing. For me it looks fine when I request the website (http://laola.biz).
I have already used the SSL Check by GlobalSign which gives me Grade C. https://sslcheck.globalsign.com/en_US/sslcheck?host=laola.biz#191.233.85.240-cert-ssl
Here a list of the certificates from mmc (my website is laola.biz):
Intermediate
Root
Personal
Any ideas what I could have done wrong here?
ssl windows-server-2012 schannel
ssl windows-server-2012 schannel
asked Apr 24 '15 at 8:14
tobi.attobi.at
108115
asked Apr 24 '15 at 8:14
tobi.attobi.at
108115
asked Apr 24 '15 at 8:14
tobi.attobi.at
108115
asked Apr 24 '15 at 8:14
tobi.attobi.at
108115
asked Apr 24 '15 at 8:14
tobi.attobi.at
108115
108115
1
I found the solution to my problem. I'm not sure if it may be related to yours. My IIS was using the certificate, so the initial GET request to the server worked fine. After, when I wanted to do a POST and the application had to sign something with the certificate, it was failing to get the certificate due to the application not having permissions to the certificate in the OS store. Hope this helps.
– Origin
May 29 '15 at 15:57
For the error: "Error Event ID 36888: "The following fatal alert was generated: 20. The internal error state is 960" You can check the resolution in the link below: blogs.technet.microsoft.com/keithab/2016/11/11/… and/or port135.com/2018/11/20/windows-schannel-error-state-is-960
– user513485
Mar 8 at 12:43
add a comment |
1
I found the solution to my problem. I'm not sure if it may be related to yours. My IIS was using the certificate, so the initial GET request to the server worked fine. After, when I wanted to do a POST and the application had to sign something with the certificate, it was failing to get the certificate due to the application not having permissions to the certificate in the OS store. Hope this helps.
– Origin
May 29 '15 at 15:57
For the error: "Error Event ID 36888: "The following fatal alert was generated: 20. The internal error state is 960" You can check the resolution in the link below: blogs.technet.microsoft.com/keithab/2016/11/11/… and/or port135.com/2018/11/20/windows-schannel-error-state-is-960
– user513485
Mar 8 at 12:43
1
1
I found the solution to my problem. I'm not sure if it may be related to yours. My IIS was using the certificate, so the initial GET request to the server worked fine. After, when I wanted to do a POST and the application had to sign something with the certificate, it was failing to get the certificate due to the application not having permissions to the certificate in the OS store. Hope this helps.
– Origin
May 29 '15 at 15:57
I found the solution to my problem. I'm not sure if it may be related to yours. My IIS was using the certificate, so the initial GET request to the server worked fine. After, when I wanted to do a POST and the application had to sign something with the certificate, it was failing to get the certificate due to the application not having permissions to the certificate in the OS store. Hope this helps.
– Origin
May 29 '15 at 15:57
For the error: "Error Event ID 36888: "The following fatal alert was generated: 20. The internal error state is 960" You can check the resolution in the link below: blogs.technet.microsoft.com/keithab/2016/11/11/… and/or port135.com/2018/11/20/windows-schannel-error-state-is-960
– user513485
Mar 8 at 12:43
For the error: "Error Event ID 36888: "The following fatal alert was generated: 20. The internal error state is 960" You can check the resolution in the link below: blogs.technet.microsoft.com/keithab/2016/11/11/… and/or port135.com/2018/11/20/windows-schannel-error-state-is-960
– user513485
Mar 8 at 12:43
add a comment |
1 Answer
1
active
oldest
votes
As different people (well meaning and otherwise) attempt to access your site from various devices running various browsers on various operating systems, depending on the protocol they choose to secure that communication, you will end up seen messages by the schannel source.
The following blog should help you understand some of the messages you see in your logs. http://blogs.msdn.com/b/kaushal/archive/2012/10/06/ssl-tls-alert-protocol-amp-the-alert-codes.aspx
The grade you got there is a little concerning. You wouldn't have SSL3 enabled if you published the site to Azure Websites directly.
You can disable SSL3 using guidance here
http://blogs.msdn.com/b/kaushal/archive/2014/10/22/poodle-vulnerability-padding-oracle-on-downgraded-legacy-encryption.aspx
If you can move the site from a VM to an Azure Website itself that would be better. It will save you having to patch and secure the VM(s) used to host the web site. You instead rely on Azure PaaS to provide the platform to host the website. You take care of the web site code while Azure secures and maintains the IIS/platform.
The upcoming changes to the platform from TLS perspective are reflected in https://testsslclient.trafficmanager.net/. You can test this to see the grading your website can get if you were to migrate the site to an Azure website directly.
answered Jun 6 '15 at 21:04
maweerasmaweeras
2,62621323
adding a link to a video which shows end to end azure web sites creation with source control and continuous deployment. channel9.msdn.com/Shows/Azure-Friday/…
– maweeras
Jun 7 '15 at 10:00
Hi. Thanks for the links. Although the move to Azure Websites is not a solution. You just can't say I should move to a different server/architecture, because I've got a problem with the other one. I do have my reasons to use a VM.
– tobi.at
Jun 14 '15 at 9:11
That's why I said "if you can...". I didn't say solve it by moving to Azure web sites. In this case you need to investigate each schannel error and see if its a cause for concern. If you don't know enough about TLS/SSL errors, then you may consider opening a case with Microsoft.
– maweeras
Jun 15 '15 at 8:12
The URL for testsslclient.trafficmanager.net no longer works
– JoshBerke
Jul 28 '16 at 14:35
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f685245%2fschannel-errors-after-enabling-ssl-on-a-windows-server-2012-r2%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
As different people (well meaning and otherwise) attempt to access your site from various devices running various browsers on various operating systems, depending on the protocol they choose to secure that communication, you will end up seen messages by the schannel source.
The following blog should help you understand some of the messages you see in your logs. http://blogs.msdn.com/b/kaushal/archive/2012/10/06/ssl-tls-alert-protocol-amp-the-alert-codes.aspx
The grade you got there is a little concerning. You wouldn't have SSL3 enabled if you published the site to Azure Websites directly.
You can disable SSL3 using guidance here
http://blogs.msdn.com/b/kaushal/archive/2014/10/22/poodle-vulnerability-padding-oracle-on-downgraded-legacy-encryption.aspx
If you can move the site from a VM to an Azure Website itself that would be better. It will save you having to patch and secure the VM(s) used to host the web site. You instead rely on Azure PaaS to provide the platform to host the website. You take care of the web site code while Azure secures and maintains the IIS/platform.
The upcoming changes to the platform from TLS perspective are reflected in https://testsslclient.trafficmanager.net/. You can test this to see the grading your website can get if you were to migrate the site to an Azure website directly.
answered Jun 6 '15 at 21:04
maweerasmaweeras
2,62621323
adding a link to a video which shows end to end azure web sites creation with source control and continuous deployment. channel9.msdn.com/Shows/Azure-Friday/…
– maweeras
Jun 7 '15 at 10:00
Hi. Thanks for the links. Although the move to Azure Websites is not a solution. You just can't say I should move to a different server/architecture, because I've got a problem with the other one. I do have my reasons to use a VM.
– tobi.at
Jun 14 '15 at 9:11
That's why I said "if you can...". I didn't say solve it by moving to Azure web sites. In this case you need to investigate each schannel error and see if its a cause for concern. If you don't know enough about TLS/SSL errors, then you may consider opening a case with Microsoft.
– maweeras
Jun 15 '15 at 8:12
The URL for testsslclient.trafficmanager.net no longer works
– JoshBerke
Jul 28 '16 at 14:35
add a comment |
As different people (well meaning and otherwise) attempt to access your site from various devices running various browsers on various operating systems, depending on the protocol they choose to secure that communication, you will end up seen messages by the schannel source.
The following blog should help you understand some of the messages you see in your logs. http://blogs.msdn.com/b/kaushal/archive/2012/10/06/ssl-tls-alert-protocol-amp-the-alert-codes.aspx
The grade you got there is a little concerning. You wouldn't have SSL3 enabled if you published the site to Azure Websites directly.
You can disable SSL3 using guidance here
http://blogs.msdn.com/b/kaushal/archive/2014/10/22/poodle-vulnerability-padding-oracle-on-downgraded-legacy-encryption.aspx
If you can move the site from a VM to an Azure Website itself that would be better. It will save you having to patch and secure the VM(s) used to host the web site. You instead rely on Azure PaaS to provide the platform to host the website. You take care of the web site code while Azure secures and maintains the IIS/platform.
The upcoming changes to the platform from TLS perspective are reflected in https://testsslclient.trafficmanager.net/. You can test this to see the grading your website can get if you were to migrate the site to an Azure website directly.
answered Jun 6 '15 at 21:04
maweerasmaweeras
2,62621323
adding a link to a video which shows end to end azure web sites creation with source control and continuous deployment. channel9.msdn.com/Shows/Azure-Friday/…
– maweeras
Jun 7 '15 at 10:00
Hi. Thanks for the links. Although the move to Azure Websites is not a solution. You just can't say I should move to a different server/architecture, because I've got a problem with the other one. I do have my reasons to use a VM.
– tobi.at
Jun 14 '15 at 9:11
That's why I said "if you can...". I didn't say solve it by moving to Azure web sites. In this case you need to investigate each schannel error and see if its a cause for concern. If you don't know enough about TLS/SSL errors, then you may consider opening a case with Microsoft.
– maweeras
Jun 15 '15 at 8:12
The URL for testsslclient.trafficmanager.net no longer works
– JoshBerke
Jul 28 '16 at 14:35
add a comment |
As different people (well meaning and otherwise) attempt to access your site from various devices running various browsers on various operating systems, depending on the protocol they choose to secure that communication, you will end up seen messages by the schannel source.
The following blog should help you understand some of the messages you see in your logs. http://blogs.msdn.com/b/kaushal/archive/2012/10/06/ssl-tls-alert-protocol-amp-the-alert-codes.aspx
The grade you got there is a little concerning. You wouldn't have SSL3 enabled if you published the site to Azure Websites directly.
You can disable SSL3 using guidance here
http://blogs.msdn.com/b/kaushal/archive/2014/10/22/poodle-vulnerability-padding-oracle-on-downgraded-legacy-encryption.aspx
If you can move the site from a VM to an Azure Website itself that would be better. It will save you having to patch and secure the VM(s) used to host the web site. You instead rely on Azure PaaS to provide the platform to host the website. You take care of the web site code while Azure secures and maintains the IIS/platform.
The upcoming changes to the platform from TLS perspective are reflected in https://testsslclient.trafficmanager.net/. You can test this to see the grading your website can get if you were to migrate the site to an Azure website directly.
answered Jun 6 '15 at 21:04
maweerasmaweeras
2,62621323
As different people (well meaning and otherwise) attempt to access your site from various devices running various browsers on various operating systems, depending on the protocol they choose to secure that communication, you will end up seen messages by the schannel source.
The following blog should help you understand some of the messages you see in your logs. http://blogs.msdn.com/b/kaushal/archive/2012/10/06/ssl-tls-alert-protocol-amp-the-alert-codes.aspx
The grade you got there is a little concerning. You wouldn't have SSL3 enabled if you published the site to Azure Websites directly.
You can disable SSL3 using guidance here
http://blogs.msdn.com/b/kaushal/archive/2014/10/22/poodle-vulnerability-padding-oracle-on-downgraded-legacy-encryption.aspx
If you can move the site from a VM to an Azure Website itself that would be better. It will save you having to patch and secure the VM(s) used to host the web site. You instead rely on Azure PaaS to provide the platform to host the website. You take care of the web site code while Azure secures and maintains the IIS/platform.
The upcoming changes to the platform from TLS perspective are reflected in https://testsslclient.trafficmanager.net/. You can test this to see the grading your website can get if you were to migrate the site to an Azure website directly.
answered Jun 6 '15 at 21:04
maweerasmaweeras
2,62621323
answered Jun 6 '15 at 21:04
maweerasmaweeras
2,62621323
answered Jun 6 '15 at 21:04
maweerasmaweeras
2,62621323
answered Jun 6 '15 at 21:04
maweerasmaweeras
2,62621323
2,62621323
adding a link to a video which shows end to end azure web sites creation with source control and continuous deployment. channel9.msdn.com/Shows/Azure-Friday/…
– maweeras
Jun 7 '15 at 10:00
Hi. Thanks for the links. Although the move to Azure Websites is not a solution. You just can't say I should move to a different server/architecture, because I've got a problem with the other one. I do have my reasons to use a VM.
– tobi.at
Jun 14 '15 at 9:11
That's why I said "if you can...". I didn't say solve it by moving to Azure web sites. In this case you need to investigate each schannel error and see if its a cause for concern. If you don't know enough about TLS/SSL errors, then you may consider opening a case with Microsoft.
– maweeras
Jun 15 '15 at 8:12
The URL for testsslclient.trafficmanager.net no longer works
– JoshBerke
Jul 28 '16 at 14:35
add a comment |
adding a link to a video which shows end to end azure web sites creation with source control and continuous deployment. channel9.msdn.com/Shows/Azure-Friday/…
– maweeras
Jun 7 '15 at 10:00
Hi. Thanks for the links. Although the move to Azure Websites is not a solution. You just can't say I should move to a different server/architecture, because I've got a problem with the other one. I do have my reasons to use a VM.
– tobi.at
Jun 14 '15 at 9:11
That's why I said "if you can...". I didn't say solve it by moving to Azure web sites. In this case you need to investigate each schannel error and see if its a cause for concern. If you don't know enough about TLS/SSL errors, then you may consider opening a case with Microsoft.
– maweeras
Jun 15 '15 at 8:12
The URL for testsslclient.trafficmanager.net no longer works
– JoshBerke
Jul 28 '16 at 14:35
adding a link to a video which shows end to end azure web sites creation with source control and continuous deployment. channel9.msdn.com/Shows/Azure-Friday/…
– maweeras
Jun 7 '15 at 10:00
adding a link to a video which shows end to end azure web sites creation with source control and continuous deployment. channel9.msdn.com/Shows/Azure-Friday/…
– maweeras
Jun 7 '15 at 10:00
Hi. Thanks for the links. Although the move to Azure Websites is not a solution. You just can't say I should move to a different server/architecture, because I've got a problem with the other one. I do have my reasons to use a VM.
– tobi.at
Jun 14 '15 at 9:11
Hi. Thanks for the links. Although the move to Azure Websites is not a solution. You just can't say I should move to a different server/architecture, because I've got a problem with the other one. I do have my reasons to use a VM.
– tobi.at
Jun 14 '15 at 9:11
That's why I said "if you can...". I didn't say solve it by moving to Azure web sites. In this case you need to investigate each schannel error and see if its a cause for concern. If you don't know enough about TLS/SSL errors, then you may consider opening a case with Microsoft.
– maweeras
Jun 15 '15 at 8:12
That's why I said "if you can...". I didn't say solve it by moving to Azure web sites. In this case you need to investigate each schannel error and see if its a cause for concern. If you don't know enough about TLS/SSL errors, then you may consider opening a case with Microsoft.
– maweeras
Jun 15 '15 at 8:12
The URL for testsslclient.trafficmanager.net no longer works
– JoshBerke
Jul 28 '16 at 14:35
The URL for testsslclient.trafficmanager.net no longer works
– JoshBerke
Jul 28 '16 at 14:35
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f685245%2fschannel-errors-after-enabling-ssl-on-a-windows-server-2012-r2%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
I found the solution to my problem. I'm not sure if it may be related to yours. My IIS was using the certificate, so the initial GET request to the server worked fine. After, when I wanted to do a POST and the application had to sign something with the certificate, it was failing to get the certificate due to the application not having permissions to the certificate in the OS store. Hope this helps.
– Origin
May 29 '15 at 15:57
For the error: "Error Event ID 36888: "The following fatal alert was generated: 20. The internal error state is 960" You can check the resolution in the link below: blogs.technet.microsoft.com/keithab/2016/11/11/… and/or port135.com/2018/11/20/windows-schannel-error-state-is-960
– user513485
Mar 8 at 12:43