Submit a ticketCall us

Training ClassSign up for Network Performance Monitor (NPM) and Scalability instructor-led classes

Attend our instructor-led classes, provided by SolarWinds® Academy, to discuss the more advanced monitoring mechanisms available in NPM as well as how to tune your equipment to optimize its polling capabilities. NPM classes offered:
NPM Custom Monitoring and Polling
Orion Platform Scalability

Reserve your seat.

Home > Success Center > Network Performance Monitor (NPM) > NPM - Knowledgebase Articles > A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 808

A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 808

Updated: November 6, 2018

Overview

The following error appears in events in the SolarWinds server:

A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 808.


Event Details 
Log Name: System
Source: Schannel
Date: 7/20/2016 11:57:27 AM
Event ID: 36888
Task Category: None
Level: Error
Keywords: 
User: SYSTEM
Computer: xxxxxxxxx
Description:
A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 808.

Environment

Cause 

Microsoft Windows update patch (KB3161606) disabled TLS 1.0. There are lots of issues reported with different products because some SolarWinds Orion product versions require TLS 1.0 to maintain the full functionality of the product.

See TLS compatibility with Orion Platform products to find out whether your Orion Platform products require TLS 1.0, 1.1, or 1.2.

Related articles

Resolution

Step 1

- Uninstall this Microsoft Windows update patch  (KB3161606).

- This also applies to Microsoft Windows update patch (KB3161608)

Once uninstalled, check your Event Logs and Polling to verify the issue is now resolved. 

Step 2

Legacy Tools such as Report Writer, Trap Viewer and some Major SolarWinds Modules require the TLS 1.0 function in SolarWinds Orion to maintain the full functionality of the product.

  1. Open Regedit and check the below key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
    You will see TLS 1.0\Client\ & TLS 1.0\Server.
  2. In each folder, create the following keys:
    • DWORD DisabledByDefault: 0
    • DWORD Enabled: 1

You can do the same trick for TLS 1.1 or 1.2 if the keys are not there

For more information, see TLS/SSL Settings (© Microsoft 2018, available at https://docs.microsoft.com/en-us/pre...86418(v=ws.11), obtained on November 6, 2018).

.

Step 3

The ClientMinKeyBitLength DWord registry entry enables you to set the minimum DHE group size in bits that the client will accept from the server. In the following example, a 512-bit group size is accepted. By default, without the ClientMinKeyBitLength DWord registry entry present, Schannel uses a 1,024-bit minimum group size on the client. 

 

To edit this registry entry, complete the following steps:

  1. Click Start > click Run > type Regedit in the text field, and click OK.
  2. Navigate to the following subkey in the registry:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman
  3. On the Edit menu, point to New, and click DWORD Value.
  4. Type ClientMinKeyBitLength for the name of the DWORD, and press Enter.
  5. Right-click ClientMinKeyBitLength, and click Modify.
  6. In the Value data box, enter 00000200 >  click OK.
  7. Exit Registry Editor, and restart the computer.

 

Alternative solution

You can also apply Best Practices template using IIS Crypto tool from Nartac Software which is available below:

https://www.nartac.com/Products/IISCrypto (© 2018 Nartac Software, available at https://www.nartac.com/Products/IISCrypto, obtained on November 6, 2018)

 

Disclaimer: Please note, any content posted herein is provided as a suggestion or recommendation to you for your internal use. This is not part of the SolarWinds software or documentation that you purchased from SolarWinds, and the information set forth herein may come from third parties. Your organization should internally review and assess to what extent, if any, such custom scripts or recommendations will be incorporated into your environment.  You elect to use third party content at your own risk, and you will be solely responsible for the incorporation of the same, if any.

 

Last modified

Tags

Classifications

Public