Event ID 36874 : An TLS 1.2 connection request was received from a remote client application,

Question

Hello Team,

We have observed that a lot of events with ID 6874 with the details as the following:
An TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The TLS connection request has failed.

The SSPI client process is SYSTEM (PID: 4).

• <Event xmlns="__http://schemas.microsoft.com/win/2004/08/events/event__">

• <System>

  <Provider Name="Schannel" Guid="{1f678132-5938-4686-9fdc-c8ff68f15c85}" />

  <EventID>36874</EventID>

  <Version>0</Version>

  <Level>2</Level>

  <Task>0</Task>

  <Opcode>0</Opcode>

  <Keywords>0x8000000000000000</Keywords>

  <TimeCreated SystemTime="2025-05-27T08:24:21.8344444Z" />

  <EventRecordID>142225</EventRecordID>

  <Correlation ActivityID="{bdb446e6-ce4b-0002-6d47-b4bd4bcedb01}" />

  <Execution ProcessID="916" ThreadID="5788" />

  <Channel>System</Channel>

  <Computer>Server</Computer>

  <Security UserID="S-1-5-18" />

  </System>

• <EventData>

  <Data Name="CallerProcessId">4</Data>

  <Data Name="CallerProcessImageName">SYSTEM</Data>

  <Data Name="Protocol">TLS 1.2</Data>

  </EventData>

  </Event>

Why this event occure an how ti fix it.

Thanks,

Alaa Elrayes

Answer 1

Hello,

Thank you for posting question on Microsoft Windows forum!

Based on provided Event ID 36874, this event or Schannel error which occurs because the client attempting to connect to your server using TLS 1.2 is offering a list of cipher suites that your server either doesn't support or isn't configured to use. In other words, the client and server cannot agree on a common encryption method to secure their communication, leading to a failed TLS connection request. The followings are a few potential troubleshooting steps to identify the supported cipher suites on both the client and server.

1 Identifying Server Cipher Suites:

• You can view the configured cipher suites on your Windows server using PowerShell:
• Get-TlsCipherSuite
• Using tools like IIS Crypto (a free GUI tool) can easily show and modify the enabled cipher suites, protocols, and hashing algorithms.

2. Identifying Client Cipher Suites:

• To view the configured cipher suites on client. If the client is external. If you control the client, you can use similar methods (e.g., Get-TlsCipherSuite if it's a Windows client).
• For external clients, you might need to use network capture tools like Wireshark on your server to inspect the "Client Hello" packet during the TLS handshake. This packet lists the cipher suites offered by the client.
• Online SSL/TLS test tools (e.g., SSL Labs Server Test) can also show which cipher suites your server is offering to external clients, which can help deduce what clients might be compatible.
• Using tools like IIS Crypto (a free GUI tool) can easily show and modify the enabled cipher suites, protocols, and hashing algorithms.
• For more information about the tool https://www.nartac.com/Products/IISCrypto

You can also refer to below article for more information regarding the Event ID or Schannel error 36874

https://learn.microsoft.com/en-us/archive/blogs/silvana/schannel-errors-on-scom-agent

Hope the above information is helpful!