Issue Reported:
RDP to Windows 2008 server fails after entering username and password
Observation:
- System event log have an entry for Event ID:36874, Source: Schannel
"An TLS 1.0 connection request was received from a remote client application, but none
of the cipher suites supported by the client application are supported by the server. The
SSL connection request has failed"
You may also see Event ID:36888, Source: Schannel
"The following fatal alert was generated: 40. The internal error state is 1205"
- Changes made under SCHANNEL subkeys in OS registry take effect without reboot
Cause:
If SHA registry sub key is set to disabled, the changes take effect immediately without OS reboot and it blocks the RDP on Windows 2008 servers.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\SHA]
"Enabled"=dword:00000000
The changes take effect immediately because of new Cryptography API in Windows 2008.
Resolution:
1. Delete DWORD values under SHA registry key
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\SHA]
"Enabled"=dword:00000000
Or
2. Rename SCHANNEL Key and reboot Server
Reference Articles:
Disclaimer:Please use your discretion in analyzing event logs and applying changes to your systems. The events may vary depending upon case to case. Writer is not responsible for any issues.
No comments:
Post a Comment