Submit a ticketCall us

Announcing NCM 7.7
With NCM 7.7, you can examine the rules that make up an access control list for a Cisco ASA device. Then you can apply filters to display only rules that meet the specified criteria, order the rules by line number or by the hit count, and much more.
See new features and improvements.

Home > Success Center > Network Performance Monitor (NPM) > A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 808

A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 808

Created by Malik Haider, last modified by Magdalena.Markova on Sep 21, 2017

Views: 14,398 Votes: 7 Revisions: 29

Updated: August 18, 2017

Overview

The following error appears in events in the SolarWinds server:

A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 808.


Event Details 
Log Name: System
Source: Schannel
Date: 7/20/2016 11:57:27 AM
Event ID: 36888
Task Category: None
Level: Error
Keywords: 
User: SYSTEM
Computer: xxxxxxxxx
Description:
A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 808.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Schannel" Guid="{1F678132-5938-4686-9FDC-C8FF68F15C85}" />
<EventID>36888</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2016-07-20T08:57:27.786361500Z" />
<EventRecordID>18971512</EventRecordID>
<Correlation />
<Execution ProcessID="640" ThreadID="6504" />
<Channel>System</Channel>
<Computer>xxxxxxxxxxxx</Computer>

Environment

  • Orion Core Platform 2014 +
  • NPM 10.x +
  • SAM 6.x +
  • NTA 3.x +
  • SRM 5.x +

Cause 

Microsoft Windows update patch (KB3161606) disabled TLS 1.0. There are lots of issues reported with different products because SolarWinds Orion products require TLS 1.0 to maintain the full functionality of the product.

Related articles

Resolution

Step 1

- Uninstall this Microsoft Windows update patch  (KB3161606).

- This also applies to Microsoft Windows update patch (KB3161608)

Once uninstalled, check your Event Logs and Polling to verify the issue is now resolved. 

Step 2

Legacy Tools such as Report Writer, Trap Viewer and some Major SolarWinds Modules require the TLS 1.0 function in SolarWinds Orion to maintain the full functionality of the product.

  1. Open Regedit and check the below key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
    You will see TLS 1.0\Client\ & TLS 1.0\Server.
  2. In each folder, create the following keys:
    • DWORD DisabledByDefault
    • DWORD Enabled:1

You can do the same trick for TLS 1.1 or 1.2 if the keys are not there

For more information, see TLS/SSL Settings.

Step 3

The ClientMinKeyBitLength DWord registry entry enables you to set the minimum DHE group size in bits that the client will accept from the server. In the following example, a 512-bit group size is accepted. By default, without the ClientMinKeyBitLength DWord registry entry present, Schannel uses a 1,024-bit minimum group size on the client. 

 

To edit this registry entry, complete the following steps:

  1. Click Start > click Run > type Regedit in the text field, and click OK.
  2. Navigate to the following subkey in the registry:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman
  3. On the Edit menu, point to New, and click DWORD Value.
  4. Type ClientMinKeyBitLength for the name of the DWORD, and press Enter.
  5. Right-click ClientMinKeyBitLength, and click Modify.
  6. In the Value data box, enter 00000200 >  click OK.
  7. Exit Registry Editor, and restart the computer.

 

Disclaimer: Please note, any content posted herein is provided as a suggestion or recommendation to you for your internal use. This is not part of the SolarWinds software or documentation that you purchased from SolarWinds, and the information set forth herein may come from third parties. Your organization should internally review and assess to what extent, if any, such custom scripts or recommendations will be incorporated into your environment.  You elect to use third party content at your own risk, and you will be solely responsible for the incorporation of the same, if any.

 

Last modified
07:03, 21 Sep 2017

Tags

Classifications

Public