How to Configure and Collect Schannel and CAPI2 Logs
CAPI2 log is a diagnostic log in Windows that tracks cryptographic operations. It track events related to certificate validation, key exchange. It also record how Windows and applications use cryptographic algorithms for securing data. This is crucial for diagnosing issues with SSL/TLS, digital signatures, and other encryption-related processes. CAPI2 logs are particularly useful for diagnose security-related problems in Windows systems. When troubleshooting issues related to cryptographic operations in Windows, it may be necessary to enable and collect logs for both Schannel and CAPI2. This article will help you to configure and collect these logs for diagnostic purposes.A fatal error occurred when attempting to access the SSL server credential private key: 0x8009030d
First published on MSDN on Apr 28, 2017 Recently, I have assisted a Premier customer who installed a new certificate on Windows Server 2008 R2 but was unable to bind the certificate to the Website hosted on IIS.
Event ID 36871 error keeps logging in a repeating pattern
Hello, I accidentally came across the following error in Event Viewer: "A fatal error occurred while creating a TLS client credential. The internal error state is 10013." Source: Schannel Event ID: 36871 Process ID points to LSASS I filtered out the results to only reveal errors of the same source (Schannel), and the earliest record registered was nearly a month ago. However the first time it logged multiple entries during a single session and then never showed up again for about a month. The first entries also had a partially different message "The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The TLS connection request has failed. The attached data contains the server certificate." and a different event ID: 36882 More than 20 days later, the current error ID 36871 logged a single entry once and didn't show up again until a couple of days ago. Over the past two days it has been logging too many times (typically 8 entries per hour) and it repeats precisely in the same pattern. Today I'm starting to notice it's logging even more entries compared to yesterday, but also in a consistent pattern. I tried looking online for an explanation and a solution but everything I found was way beyond my limited technical understanding. All I could grasp (potentially) that it has to do with establishing secure connections with the server (I don't know which server are they talking about), with some pages mentioning something about .NET framework. Please note: I'm having this issue on a personal (unmanaged) laptop running Windows 10 Home (21H1), and typically connected to my home WiFi network. I would really appreciate if someone can help me with the following questions: For an average user (like myself), should I even worry about this error being logged on my laptop? Can I safely ignore it? (considering that I haven't noticed any performance issues or other problems, besides the error itself being logged) I recently installed the latest https://support.microsoft.com/en-us/topic/june-21-2021-kb5003537-cumulative-update-preview-for-net-framework-3-5-and-4-8-for-windows-10-version-2004-windows-server-version-2004-windows-10-version-20h2-and-windows-server-version-20h2-and-windows-version-21h1-49ea0d2c-9328-4b01-a81e-1dc0b8d53548 Could it possibly be the one to blame for this type of error? I also tried checking all the other updates and changes I have done on my computer over the past month, but couldn't really find anything that particularly coincide with the error being logged in that pattern. I tried connecting my laptop to a mobile hotspot around the time when the error logs (according to the timely pattern I spotted). The error didn't log while being connected to that hotspot, but it appeared again shortly after I connected back to WiFi. Could that possibly mean the error has to do with the WiFi connection or my ISP rather than anything on the laptop iteself? Please help Update: I tried connecting my laptop to the same hotspot a bit longer, and after an hour the same error logged, but so far it only generated one entry.Logging SChannel to include remote endpoint name
Hi, question regarding Windows Server SChannel Behaviour. When we are getting any SChannel error messages, we are not able to trace, what is actually trying to connect and causing the error. Is there any way to include in SChannel errors information regarding endpoint failing to negotiate the TLS connection? Thanks in advance, Arek
