Submit a ticketCall us

Looking to compare latest NPM features with previous versions of NPM?
The NPM new feature summary offers a comparison of new features and improvements offered with this release.

 

Home > Success Center > Network Performance Monitor (NPM) > A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 808

A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 808

Created by Malik Haider, last modified by Jane Baylon on Feb 09, 2017

Views: 6,227 Votes: 6 Revisions: 20

Updated

Overview

The following error appears in events in the SolarWinds server:

A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 808.

 

Log Name: System
Source: Schannel
Date: 7/20/2016 11:57:27 AM
Event ID: 36888
Task Category: None
Level: Error
Keywords: 
User: SYSTEM
Computer: xxxxxxxxx
Description:
A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 808.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Schannel" Guid="{1F678132-5938-4686-9FDC-C8FF68F15C85}" />
<EventID>36888</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2016-07-20T08:57:27.786361500Z" />
<EventRecordID>18971512</EventRecordID>
<Correlation />
<Execution ProcessID="640" ThreadID="6504" />
<Channel>System</Channel>
<Computer>xxxxxxxxxxxx</Compu

Environment

Orion 2014.1.x and UP

Cause 

Due to Windows Update Microsoft Windows update patch (KB3161606).

There are lots of issues being reported on with different products. This patch changed the TLS 1.0 to disable state. You must enable TLS 1.0 on SolarWinds Orion. This requires TLS 1.0 to be enabled to maintain full functionality of the product.

KB3161606 Reported to Break Hyper-V

Integration Services update required 2012R2 host and VM

Don’t Deploy KB3161606 To Hyper-V Hosts, VMs, or SOFS

June 2016 update rollup (KB3161606) for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2

Resolution

Uninstall this Microsoft Windows update patch  (KB3161606).

 

Also applies to Microsoft Windows update patch (KB3161608)

 

Once Done check your issue and polling this should resolve your issue. 

 

~~~~~~

Please Note : Enable TLS 1.0 function in SolarWinds Orion to maintain the full functionality of the product.
Check there: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols

You will see TLS 1.0\Client\ & TLS 1.0\Server.

In each folder create those two key:

DWORD DisabledByDefault DWORD Enabled:1

You can do the same trick for TLS 1.1 or 1.2 if the keys are not there

See reference here - TLS/SSL Settings.

~~~~~~

 

Also applies to Microsoft Windows update patch (KB3061518)

 

The ClientMinKeyBitLength DWord registry entry enables you to set the minimum DHE group size in bits that the client will accept from the server. In the following example, a 512-bit group size is accepted. By default, without the ClientMinKeyBitLength DWord registry entry present, Schannel uses a 1,024-bit minimum group size on the client. 

To edit this registry entry, follow these steps:
Click Start, click Run, type regedit in the Open box, and then click OK.
Locate and then click the following subkey in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman
On the Edit menu, point to New, and then click DWORD Value.
Type ClientMinKeyBitLength for the name of the DWORD, and then press Enter.
Right-click ClientMinKeyBitLength, and then click Modify.
In the Value data box, type 00000200, and then click OK.
Exit Registry Editor, and then restart the computer.

 

~~~~~~

 

 

Last modified
15:20, 9 Feb 2017

Tags

Classifications

Public