Several users are reporting that their Event Viewer is filled with Schannel errors with the same error message: The following fatal alert was generated 10: The internal error state is 10. This particular error is mainly encountered in Windows Server versions.
Note: Schannel is one of the Security Support Providers. All Windows operating system versions are designed to implement the TLS/SSL protocols with a dynamic-link library (DDL) called Schannel – this is supplied with the operating system. Schannel errors are quite common and are considered more of a security feature than a failure.
What is causing the ‘following fatal alert was generated 10: The internal error state is 10′ error?
We investigated this particular error by looking at various user reports and the methods that they used to get the issue resolved. As it turns out, there are several scenarios that will end up triggering this particular error log:
- Lots of non-SSL requests are flooding the IIS (Internet Information Services) HTTPS – It’s very likely that the error appears because the system is dealing with a lot of non-SSL requests, which forces Schannel to log them as errors.
- The errors are triggered by SSLv3 communications – This is known to occur when cold clients are trying to connect to the network or when there are network issues between the clients and the RDP server.
- Failed connection through port 3389 – This type of failure is correlated with reset TCP connections. It might occur when someone is attempting to connect and log in through port 3389 and fails the system security.
- One or more certificates are expired – If you’re encountering this issue on a server that acts purely as a Domain controller, it’s possible that you’re seeing this error because you need to update your security certificates.
- Security toolbar is inspecting Schannel’s TLS traffic – This scenario is known to occur with certain security toolbars, anti-malware programs, and several AV suites. If this is the case, the errors should be considered transient.
- User tries to access a web site using HTTP using an SSL port – If the client is trying to use the wrong port or the wrong protocol to access a site, an event of this kind is logged.
If you’re struggling to resolve this particular issue and prevent your event viewer from being filled with Schannel, this article will provide you with a collection of troubleshooting steps. Below you have several methods that other users in a similar situation have used to get the issue resolved.
For the best results, follow the methods below in order that they are presented until you encounter a fix that is effective in your particular scenario.
Method 1: Uninstalling programs that might be triggering the error
Several users that have been encountering this issue while trying to set up Outlook using Outlook Anywhere, have reported that for them, the issue was caused by a ‘security toolbar’. As it turns out, these things might be inspecting Schannel’s TLS traffic, which mind end up triggering the ‘The following fatal alert was generated 10: The internal error state is 10′.
If you think this scenario is applicable to your current situation, you might be able to resolve the issue by uninstalling the 3rd party security software / AV toolbar via Add/Remove Programs. Here’s a quick guide on how to do this:
- Press Windows key + R to open up a Run dialog box. Then, type “appwiz.cpl” and press Enter to open up the Programs and Features window.
- Inside Programs and Features, look for the security toolbar that you suspect is inspecting the Schannel TLS traffic and uninstall it by right-clicking on it and choosing Uninstall.
- Follow the on-screen prompts to complete the uninstallation. Once the process is complete, restart your computer and see if the issue has been resolved at the next startup.
If you’re still seeing the same ‘The following fatal alert was generated 10: The internal error state is 10′ Schannel errors, move down to the next method below.
Method 2: Allowing Local Activation Security Check Exemptions (if applicable)
Some users reported that they managed to resolve the issue after enabling a certain policy using the Group Policy Editor. But keep in mind that this method will not be applicable if you’re trying to replicate the steps on a Windows version that doesn’t include the Group Policy Editor.
Note: You can follow this article (here) to install the Group Policy Editor on Windows 10 home versions.
When you are ready to use the Group Policy Editor, follow the steps below:
- Press Windows key + R to open up a Run dialog box. Then, type “gpedit.msc” and press Enter to open up the Group Policy Editor.
- Inside the Group Policy Editor, use the right-hand menu to navigate to the following location:
Computer Configuration > Administrative Templates > System > Distributed COM > Application Compatibility
- Then, set the state of the “Allow local activation security check exemptions” to Enabled.
- Close the Group Policy Editor and restart your computer. At the next startup, see if the issue has been resolved by opening the Event Viewer.
If you’re still seeing ‘The following fatal alert was generated 10: The internal error state is 10′ Schannel-originating errors, move down to the next method below.
Method 3: Disabling Schannel event logging
On older Windows version, the value for Schannel event logging is 0x0000, which means that no Schannel events are logged. However, on newer Windows versions, the operating system will automatically log every Schannel event unless specifically told not to do so.
Several users encountering the ‘The following fatal alert was generated 10: The internal error state is 10’ error have reported that the issue was resolved entirely after they navigated to the Registry associated with Schannel and set its value so that event logging is disabled.
Warning: This method should only be followed if you are confident that the errors are transient (this is often the case with Schannel errors). Keep in mind that the method below will not treat the cause of the issue. It will simply instruct your system to stop logging the errors in the Event Viewer.
If you want to prevent your system from logging Schannel errors, you’ll need to disable Schannel logging via the Registry Editor. Here’s a quick guide on how to do this:
- Press Windows key + R to open up a Run dialog box. Then, type “regedit” and press Enter to open Registry Editor.
- Inside the Registry Editor, use the left-hand menu to navigate to the following location:
- Once you get there, move over to the right-hand menu and double-click on EventLogging.
Note: If you don’t have an EventLogging value, go to the Edit tab and choose New > DWORD (32- bit) Value. Then, name it EventLogging and hit enter to save the newly created value.
- Next, set the Value data of the EventLogging DWORD to 0 or 0x0000 (this means that the errors will no longer be logged in). Then, make sure that the Base is set to Hexadecimal and click Ok to save the changes you’ve just made.
- Clore Registry Editor and restart your computer. Starting with the next computer startup, you should no longer notice ‘The following fatal alert was generated 10: The internal error state is 10′ errors piling up in your Event Viewer.