SyntaxFix

[windows] A fatal error occurred while creating a TLS client credential. The internal error state is 10013

Recently deployed a Windows 2016 Standard Server, with Active Directory and Exchange 2016.

We have disabled SSL 1.0, 2.0 and 3.0 for both Server and Client, and have disabled TLS 1.0 and TLS 1.1.

We are repeatedly getting the following entry in our system log. What is causing this, and how can I fix it.

enter image description here

This question is related to windows ssl tls1.2 windows-server-2016 exchange-server-2016

The answer is

Basically we had to enable TLS 1.2 for .NET 4.x. Making this registry changed worked for me, and stopped the event log filling up with the Schannel error.

More information on the answer can be found here

Linked Info Summary

Enable TLS 1.2 at the system (SCHANNEL) level:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

(equivalent keys are probably also available for other TLS versions)

Tell .NET Framework to use the system TLS versions:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001

This may not be desirable for edge cases where .NET Framework 4.x applications need to have different protocols enabled and disabled than the OS does.

After making no changes to a production server we began receiving this error. After trying several different things and thinking that perhaps there were DNS issues, restarting IIS fixed the issue (restarting only the site did not fix the issue). It likely won't work for everyone but if we tried that first it would have saved a lot of time.

I found this here: https://port135.com/schannel-the-internal-error-state-is-10013-solved/

"Correct file permissions Correct the permissions on the c:\ProgramData\Microsoft\Crypto\RSA\MachineKeys folder:

Everyone Access: Special Applies to 'This folder only' Network Service Access: Read & Execute Applies to 'This folder, subfolders and files' Administrators Access: Full Control Applies to 'This folder, subfolder and files' System Access: Full control Applies to 'This folder, subfolder and Files' IUSR Access: Full Control Applies to 'This folder, subfolder and files' The internal error state is 10013 After these changes, restart the server. The 10013 errors should disappear."

Source: Stackoverflow.com

Examples related to windows

"Permission Denied" trying to run Python on Windows 10 A fatal error occurred while creating a TLS client credential. The internal error state is 10013 How to install OpenJDK 11 on Windows? I can't install pyaudio on Windows? How to solve "error: Microsoft Visual C++ 14.0 is required."? git clone: Authentication failed for <URL> How to avoid the "Windows Defender SmartScreen prevented an unrecognized app from starting warning" XCOPY: Overwrite all without prompt in BATCH Laravel 5 show ErrorException file_put_contents failed to open stream: No such file or directory how to open Jupyter notebook in chrome on windows Tensorflow import error: No module named 'tensorflow'

Examples related to ssl

Requests (Caused by SSLError("Can't connect to HTTPS URL because the SSL module is not available.") Error in PyCharm requesting website A fatal error occurred while creating a TLS client credential. The internal error state is 10013 curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number How to install OpenSSL in windows 10? ssl.SSLError: tlsv1 alert protocol version Invalid self signed SSL cert - "Subject Alternative Name Missing" "SSL certificate verify failed" using pip to install packages ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:749) Powershell Invoke-WebRequest Fails with SSL/TLS Secure Channel "ssl module in Python is not available" when installing package with pip3

Examples related to tls1.2

A fatal error occurred while creating a TLS client credential. The internal error state is 10013 Update .NET web service to use TLS 1.2 How to enable TLS 1.2 in Java 7 TLS 1.2 in .NET Framework 4.0 How to use TLS 1.2 in Java 6 NSURLSession/NSURLConnection HTTP load failed on iOS 9

Examples related to windows-server-2016

A fatal error occurred while creating a TLS client credential. The internal error state is 10013

Examples related to exchange-server-2016

A fatal error occurred while creating a TLS client credential. The internal error state is 10013

Tags

Criteriaquery Object-sharing Spl Destroy Rhodes Ora-01438 Kpi Dotnetnuke-5 Catalina Elementname Path-separator Pg-dump Duration Boost-build Xmlmapper Dynamic-class Dumpbin Dbmigrate Onkillfocus Wallpaper Summary File-comparison Ab-initio Android-screen Error-suppression Nhibernate-mapping Ushort Window.onunload Nslayoutmanager Named-pipes Watchdog Log-viewer Joomla1.5 Abmultivalue Arraycollection Apache-modules Brio Touches Generic-list Contains Flickrj Web-platform-installer Refresher Rst2html.py Atlas Diaspora Modem Tpagecontrol Dividebyzeroexception Empty-class Activation-record Application-state Tokyo-cabinet Browser-width Nvarchar Partial-methods Gcc-warning Attached-properties Temp Catch-block Location-href External-tables Uwsgi Implicit-surface Yagni Distributed Shared-nothing Abstract-methods Html-escape Fulfillment Symbolicatecrash Textrenderer Prediction Fieldlist Tobago Shiva3d Force.com Fdb Sdk3.0 Logical-tree Phaselistener Lgpl Clienthttprequest Ruby-on-rails-2 Powershell-sdk Redeploy Cascadingdropdown Ksoap Sctp Emoticons Wunderground Extends Expression Rdflib Static-members Jersey Console-output Fsockopen Trouble-tickets Constraintexception