SCOM 2019: Event ID 36871 Schannel

kumaravelu 106 Reputation points
2021-04-26T10:24:17.183+00:00

Hello All,

We recently moved to SCOM 2019 since then we have been receiving the below errors in the System event logs on all of the SCOM management servers.

Event ID: 36871
Event Source: Schannel
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

All SCOM Management servers are running on windows server 2019.

kindly assist us on this.

Regards,
Kumar B

Operations Manager
Operations Manager
A family of System Center products that provide infrastructure monitoring, help ensure the predictable performance and availability of vital applications, and offer comprehensive monitoring for datacenters and cloud, both private and public.
1,493 questions
0 comments No comments
{count} votes

5 answers

Sort by: Most helpful
  1. SChalakov 10,391 Reputation points MVP
    2021-04-26T11:01:11.003+00:00

    Hi @kumaravelu ,

    Do you see this event in the System Log? What makes you think that it is related to SCOM? What TLS Version is currentl configured:

    • in SCOM?
    • on your OS?
    • on your SCOM DBs?

    Can you please go over this post and see if this is also helpful:

    A fatal error occurred while creating a TLS client credential. The internal error state is 10013
    https://social.technet.microsoft.com/Forums/en-US/fd626e47-9ee7-41c5-b11a-ae696e3b6b5b/a-fatal-error-occurred-while-creating-a-tls-client-credential-the-internal-error-state-is-10013?forum=ws2016

    A fatal error occurred while creating a TLS client credential. The internal error state is 10013
    https://stackoverflow.com/questions/53121859/a-fatal-error-occurred-while-creating-a-tls-client-credential-the-internal-erro

    Please check those out and I am pretty sure that those will help you.

    ----------

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Regards
    Stoyan Chalakov

    0 comments No comments

  2. Crystal-MSFT 49,426 Reputation points Microsoft Vendor
    2021-04-27T01:51:48.183+00:00

    @kumaravelu , Research and find a similar issue. in that case, these SCHANNEL 36871 events being logged are due to a configuration on the server itself.

    Here is the resolution for that issue for the reference:
    1.Made the necessary modifications from the following
    https://learn.microsoft.com/en-us/dotnet/framework/network-programming/tls
    Transport Layer Security (TLS) best practices with the .NET Framework.

    [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft.NETFramework\v2.0.50727]
    "SystemDefaultTlsVersions"=dword:00000001
    "SchUseStrongCrypto"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft.NETFramework\v4.0.30319]
    "SystemDefaultTlsVersions"=dword:00000001
    "SchUseStrongCrypto"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v2.0.50727]
    "SystemDefaultTlsVersions"=dword:00000001
    "SchUseStrongCrypto"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319]
    "SystemDefaultTlsVersions"=dword:00000001
    "SchUseStrongCrypto"=dword:00000001
    Note: please do a backup before we change any registry key.

    2.After these modifications are made to enable .NET to utilize more secure TLS versions a reboot is required.
    3.After this is accomplished the SCHANNEL events are no more.

    Hope it can help.


    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  3. James Wilmoth 21 Reputation points
    2021-07-30T12:46:05.207+00:00

    @Crystal-MSFT I think the forum post removed the "\" between Microsoft and .NETFramework. It did just now for me when I attempted to point it out.

    0 comments No comments

  4. Bob Cornelissen 251 Reputation points MVP
    2022-09-09T07:04:57.923+00:00

    It is good to try and remove the usage of older TLS protocols. I see a reply from Gerben here about removing SSH3, which is the protocol from before TLS 1.0.

    Have a look at Kevins post about TLS 1.2 here: https://kevinholman.com/2018/05/06/implementing-tls-1-2-enforcement-with-scom/

    and here is a page from the Msft docs site from a later date: https://learn.microsoft.com/en-us/system-center/scom/plan-security-tls12-config?view=sc-om-2022

    These types or errors can be very frustrating.


  5. TS Chan 0 Reputation points
    2024-07-19T02:31:31.7033333+00:00

    Dear MS support,

    I have similar problem. My platform is " MS Windows Server 2019 Standard" . I have just installed MS patches of 2024 Apr- Jun.

    After restarting server, In event viewer (system tab), I found many error "Schannel ... 36871". The details messages are : "a fatal error occurred while creating a TLS client credentials. The internal error state is 10010."

    The error occurred repeatedly in event viewer even I have uninstalled the MS patch (2024 Apr - Jun) and I have added the registry mentioned here. Would any experts help me?

    Many thanks

    Gordon

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.