Ryfujk

Where is the fallacy here?

Can you 'upgrade' leather armor to studded leather armor without purchasing the new armor directly?

What am I? I am in theaters and computer programs

Must a tritone substitution use a dominant seventh chord?

Did 5.25" floppies undergo a change in magnetic coating?

Pure Functions: Does "No Side Effects" Imply "Always Same Output, Given Same Input"?

Multiplication via squaring and addition

I encountered my boss during an on-site interview at another company. Should I bring it up when seeing him next time?

What to do when being responsible for data protection in your lab, yet advice is ignored?

How to count occurrences of Friday 13th

Why do members of Congress in committee hearings ask witnesses the same question multiple times?

Has the Isbell–Freyd criterion ever been used to check that a category is concretisable?

Why does Starman/Roadster have radial acceleration?

How to avoid being sexist when trying to employ someone to function in a very sexist environment?

Which aircraft had such a luxurious-looking navigator's station?

How would we write a misogynistic character without offending people?

Pronunciation of powers

Can you use a beast's innate abilities while polymorphed?

How to deny access to SQL Server to certain login over SSMS, but allow over .Net SqlClient Data Provider

Skis versus snow shoes - when to choose which for travelling the backcountry?

You'll find me clean when something is full

Non-Italian European mafias in USA?

When was drinking water recognized as crucial in marathon running?

I am on the US no-fly list. What can I do in order to be allowed on flights which go through US airspace?

Schannel 36874 errors on Windows Server 2016

Why does Window's SSL Cipher-Suite get restricted under certain SSL certificates?How to identify SSL Cipher Suite (IDEA-CBC-MD5) issue?None of the cipher suites supported by the client application are supported by the serverSChannel SSL 3.0 error - OWA - Windows Server 2008 R2The client and server cannot communicate, because they do not possess a common algorithm on Windows Server Web 2008Schannel Error - RandomRemoving vulnerable cipher on Windows 10 breaks outgoing RDPWindows Sever 2016 - certificate cannot be verifiedSSLSTREAM - An TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the serverAn unknown connection request was received from a remote client application, but none of the cipher … The SSL connection request has failed

0

I have been looking at this error all day and am really scratching my head now. We have a Windows Server 2016 Std that runs a .NET webservice. This in turn connects to our database server, same OS, in the same estate i.e. behind the same firewall. I should state before anything else that both servers have TLS1.2 ONLY enabled, and running a Qualys Labs test confirms SSL3 is not switched on.

What appears to be happening is that requests are coming through and are encountering ssl/tls issues as below which I have retrieved from the application log files:

The request was aborted: Could not create SSL/TLS secure channel.

Then between 59-61 seconds later, we get the sql error:

A network-related or instance-specific error occurred while
establishing a connection to SQL Server. The server was not found or
was not accessible.

i.e. these errors are occurring in pairs. It seems to have been happening for several months, but has become apparent now as we investigated another issue.

The .net application is now using the correct hostname for the db server as previously it was using a name that didn't exist but was in the local hosts file but this hasn't resolved things (I thought perhaps the hostname not matching what is on our wildcard certificate could cause issues). This application was coded by some CRM developers but unfortunately they are being quite uncooperative.

The windows event log (System) is full of Schannel 36874 errors which seem to correlate with the errors mentioned above:

An SSL 3.0 connection request was received from a remote client
application, but none of the cipher suites supported by the client
application are supported by the server. The TLS connection request
has failed.

As I have said I really don't know where to go next with this issue. I have seen some posts stating these errors in the event log can be suppressed but only if they aren't causing an issue, however I'd like to get to the bottom of things before I start doing that.

I have installed Wireshark on the server in question and have filtered for 443 traffic, however I'm not sure how to interrogate Wireshark's logs or if this is even possible.

Any help would be appreciated. I guess I really need to find out who/what the 'remote client' is in the event logs, does anyone have any pointers?

Many thanks

ssl asp.net windows-server-2016

share|improve this question

asked 6 hours ago

ajgukajguk

1

New contributor

ajguk is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

0

I have been looking at this error all day and am really scratching my head now. We have a Windows Server 2016 Std that runs a .NET webservice. This in turn connects to our database server, same OS, in the same estate i.e. behind the same firewall. I should state before anything else that both servers have TLS1.2 ONLY enabled, and running a Qualys Labs test confirms SSL3 is not switched on.

What appears to be happening is that requests are coming through and are encountering ssl/tls issues as below which I have retrieved from the application log files:

The request was aborted: Could not create SSL/TLS secure channel.

Then between 59-61 seconds later, we get the sql error:

A network-related or instance-specific error occurred while
establishing a connection to SQL Server. The server was not found or
was not accessible.

i.e. these errors are occurring in pairs. It seems to have been happening for several months, but has become apparent now as we investigated another issue.

The .net application is now using the correct hostname for the db server as previously it was using a name that didn't exist but was in the local hosts file but this hasn't resolved things (I thought perhaps the hostname not matching what is on our wildcard certificate could cause issues). This application was coded by some CRM developers but unfortunately they are being quite uncooperative.

The windows event log (System) is full of Schannel 36874 errors which seem to correlate with the errors mentioned above:

An SSL 3.0 connection request was received from a remote client
application, but none of the cipher suites supported by the client
application are supported by the server. The TLS connection request
has failed.

As I have said I really don't know where to go next with this issue. I have seen some posts stating these errors in the event log can be suppressed but only if they aren't causing an issue, however I'd like to get to the bottom of things before I start doing that.

I have installed Wireshark on the server in question and have filtered for 443 traffic, however I'm not sure how to interrogate Wireshark's logs or if this is even possible.

Any help would be appreciated. I guess I really need to find out who/what the 'remote client' is in the event logs, does anyone have any pointers?

Many thanks

ssl asp.net windows-server-2016

share|improve this question

asked 6 hours ago

ajgukajguk

1

New contributor

ajguk is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

I have been looking at this error all day and am really scratching my head now. We have a Windows Server 2016 Std that runs a .NET webservice. This in turn connects to our database server, same OS, in the same estate i.e. behind the same firewall. I should state before anything else that both servers have TLS1.2 ONLY enabled, and running a Qualys Labs test confirms SSL3 is not switched on.

What appears to be happening is that requests are coming through and are encountering ssl/tls issues as below which I have retrieved from the application log files:

The request was aborted: Could not create SSL/TLS secure channel.

Then between 59-61 seconds later, we get the sql error:

A network-related or instance-specific error occurred while
establishing a connection to SQL Server. The server was not found or
was not accessible.

i.e. these errors are occurring in pairs. It seems to have been happening for several months, but has become apparent now as we investigated another issue.

The .net application is now using the correct hostname for the db server as previously it was using a name that didn't exist but was in the local hosts file but this hasn't resolved things (I thought perhaps the hostname not matching what is on our wildcard certificate could cause issues). This application was coded by some CRM developers but unfortunately they are being quite uncooperative.

The windows event log (System) is full of Schannel 36874 errors which seem to correlate with the errors mentioned above:

An SSL 3.0 connection request was received from a remote client
application, but none of the cipher suites supported by the client
application are supported by the server. The TLS connection request
has failed.

As I have said I really don't know where to go next with this issue. I have seen some posts stating these errors in the event log can be suppressed but only if they aren't causing an issue, however I'd like to get to the bottom of things before I start doing that.

I have installed Wireshark on the server in question and have filtered for 443 traffic, however I'm not sure how to interrogate Wireshark's logs or if this is even possible.

Any help would be appreciated. I guess I really need to find out who/what the 'remote client' is in the event logs, does anyone have any pointers?

Many thanks

ssl asp.net windows-server-2016

share|improve this question

asked 6 hours ago

ajgukajguk

1

New contributor

ajguk is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this question

asked 6 hours ago

ajgukajguk

1

New contributor

ajguk is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this question

asked 6 hours ago

ajgukajguk

1

New contributor

ajguk is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

asked 6 hours ago

ajgukajguk

1

New contributor

ajguk is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

asked 6 hours ago

ajgukajguk

1

1 Answer
1

active

oldest

votes

0

This appears to be an issue with the server CIPHER suites that client is asking for before the handshake. Can you give us more information as to how the client side is establishing the connection? If you have access to a command line SSL client, you can initiate the handshake yourself and attempt to trip the error.

I would suggest just making sure the App Developer standardizes the handshake to use TLS 1.2 for the most compatible setting and TLS 1.3 if you can control the cipher suites server side.

share|improve this answer

answered 6 hours ago

David O.David O.

1

New contributor

David O. is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

ajguk is a new contributor. Be nice, and check out our Code of Conduct.

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f956733%2fschannel-36874-errors-on-windows-server-2016%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

0

This appears to be an issue with the server CIPHER suites that client is asking for before the handshake. Can you give us more information as to how the client side is establishing the connection? If you have access to a command line SSL client, you can initiate the handshake yourself and attempt to trip the error.

I would suggest just making sure the App Developer standardizes the handshake to use TLS 1.2 for the most compatible setting and TLS 1.3 if you can control the cipher suites server side.

share|improve this answer

answered 6 hours ago

David O.David O.

1

New contributor

David O. is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

0

This appears to be an issue with the server CIPHER suites that client is asking for before the handshake. Can you give us more information as to how the client side is establishing the connection? If you have access to a command line SSL client, you can initiate the handshake yourself and attempt to trip the error.

I would suggest just making sure the App Developer standardizes the handshake to use TLS 1.2 for the most compatible setting and TLS 1.3 if you can control the cipher suites server side.

share|improve this answer

answered 6 hours ago

David O.David O.

1

New contributor

David O. is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

This appears to be an issue with the server CIPHER suites that client is asking for before the handshake. Can you give us more information as to how the client side is establishing the connection? If you have access to a command line SSL client, you can initiate the handshake yourself and attempt to trip the error.

I would suggest just making sure the App Developer standardizes the handshake to use TLS 1.2 for the most compatible setting and TLS 1.3 if you can control the cipher suites server side.

share|improve this answer

answered 6 hours ago

David O.David O.

1

New contributor

David O. is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this answer

answered 6 hours ago

David O.David O.

1

New contributor

David O. is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

answered 6 hours ago

David O.David O.

1

New contributor

David O. is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

answered 6 hours ago

David O.David O.

1