Event ID 36888

KB ID 0000634 

Problem

This was driving me nuts on my Windows 7 x64 Laptop.

Log Name: System
Source: Schannel
Event ID: 36888
Task Category: None
Level: Error
User: SYSTEM
Description:
The following fatal alert was generated: 10. The internal error state is 10.

I was getting a dozen of these an hour!

Solution

This error is caused (from what I can gather) by an error in certificate negotiation, your machine is trying to initiate communications with another machine/server using a certificate and TLS and the process is producing this error TLS1_ALERT_UNEXPECTED_MESSAGE (10).

1. If your browser is the cause of the problem, then simply open Internet Options > Advanced > Untick all the TLS options > Apply.

2. However this DID NOT WORK for me, so something is programmatically chatting from my laptop using TLS. The bottom line is, this problem is probably not even on your machine, so I’m simply going to disable SCHANNEL logging.

Note: If your Error does NOT say “The following fatal alert was generated: 10. The internal error state is 10“. then I would suggest NOT doing this.

3. In the search run box type regedit and navigate to the following key;

[box]
HKEY_LOCAL_MACHINE > System > CurrentControlSet > Control > SecurityProviders > SCHANNEL
[/box]

Change the EventLogging value from 1 to 0 (that’s a zero).

Related Articles, References, Credits, or External Links

NA

Error – Remove DirectAccess configuration settings from localhost before removing the Remote Access role.

KB ID 0000844 

Problem

When attempting to remove the Direct Access role from a Windows 2012 Server, you see the following;

The validation process found problems on the server from which you want to remove features. The selected features cannot be removed from the selected server. Click OK to select different features.

DirectAccess is configured on {host-name}. Remove DirectAccess configuration settings form {host-name} before removing the emote Access role.

Or via PowerShell;

Remove-WindowsFeature : A prerequisite check for the RemoteAccess feature failed.

1. DirectAccess is configured on localhost. Remove DirectAccess configuration settings from localhost before removing the Remote Access role

Solution

1. This is because this server is still getting its settings for Direct Access via GPO, to get round the problem (quickly). Windows Key+R > Regedit {enter} > Navigate to;

[box]
HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Services > RaMgmtSvc > Config[/box]

Locate and delete the ‘ServerGPO’ object.

2. Then retry to remove the Direct Access role.

3. DONT FORGET: If you are removing Direct access, there will still be group policy objects that will also need deleting.

 

Related Articles, References, Credits, or External Links

NA