How to Fix SChannel Error 36887 (Fatal Alert 42)?

A lot of Windows users are reporting that they’re suddenly encountering a lot of different Schannel Error entries inside Event Viewer with the 36887 ID. The error message accompanied by the error code is ‘A fatal alert was received from a remote endpoint. Fatal Alert 42’.

SChannel is essentially a set of security protocols that facilitate the implementation of encrypted identity authentication and secure communications between the involved parties.

As it turns out, several different causes might end up triggering the SChannel Error 36887:

Creating the EventLogging Registry key

As it turns out, the SChannel Error 36887 (Fatal Alert 42) can occur because your system doesn’t have a dedicated registry key where it can dump events of this kind.

If this scenario is applicable, you should be able to fix this issue by using Registry Editor to create the EventLogging key inside SecurityProviders/Schannel. This operation was confirmed to be successful by a lot of affected users that were encountering this issue on Windows Server versions.

Here’s a quick step by step guide on applying this fix on every recent Windows server version:

1. Press Windows key + R to open up a Run dialog box. Next, type ‘regedit’ and press Enter to open up the Registry Editor. When prompted by the UAC (User Account Control), click Yes to grant administrative privileges.

   

2. Once you’re inside the utility, use the left-hand menu to navigate to the following location:

   HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL

   Note: You can either get there manually or you can paste the location directly into the navigation bar and press Enter to get there instantly.

3. After you get to this location, move over to the right-hand section and check if you have an EventLogging key.
   Note: If you already have this key, skip the following steps and move directly to the next potential fix below.
4. In case the EventLogging key is indeed missing, right-click on an empty space and select NEW > Dword (32-bit) value to create a new key. Next, name the newly created value to EventLogging.

   

5. Once the key has been successfully created, double-click on it and set the Value Data to 1 and the Base to Hexadecimal. Next, click Ok to save the changes.

   

6. Reboot your computer and see if the problem is fixed once the next system startup is completed.

In case you’re still encountering constant SChannel Error 36887 Event Viewer entries with the same error or this scenario was not applicable, move down to the next potential fix below.

Uninstall Microsoft Windows Patch (KB3161606)

As it turns out, one of the most common causes that will end up causing the Schannel 36887 error is a Microsoft Windows update patch KB3161606 that ends up disabling TLS 1.0. This technology is a now-deprecated predecessor to Secure Sockets Layer (SSL), but some applications might still use it.

Depending on the applications that you use, there are a lot of applications that might be affected by this – basically, any product that requires TLS 1.0 to maintain the full functionality of the product.

If you find yourself in this scenario and you’re looking for a way to revert to the old behavior and re-enable TLS 1.0, you will need to revert the update that made this machine change.

To do this, you will need to revert the KB3161606 Windows Update and prevent it from ever being installed on your machine again. Here’s a quick step by step guide on doing so:

Note: These steps will assume that the problematic update only got installed recently, and you have a viable System Restore point to work with.

1. Open up a Run dialog box by pressing Windows key + R. Next, type ‘rstrui’ inside the text box and press Enter to open up the System Restore utility.

   

2. Once you’re inside the System Restore utility, click on Next at the very first prompt, then check the box next to Show more restore points to see a full list of available system restore points.
3. After you do this, select a restore snapshot that is dated right before the problematic Windows Update was installed and you started seeing frequent Schannel 36887 Errors.
   

   

4. Once you get this far, you are ready to use this utility – All you have to do now is click on Next, then Finish to complete the operation. Your computer will then restart and every change made since then (including the installation of the KB3161606 error will be reverted.
5. At the next system startup, you will need to ensure that the update doesn’t get installed once again. If you leave it like this, Windows will automatically reinstall the update that ends up disabling TLS 1.0 encryption. To ensure that doesn’t happen, you will need to hide that particular update.
6. To hide the update, you will need to download and install the official Microsoft Show or Hide troubleshooter package from this link (here).
7. After you download the executable, double-click on it to open the utility and click on Advanced to enable Apply repairs Automatically before clicking Next to continue.

   

8. Once you get to the next screen, wait patiently until the initial scan is finished, then click on Hide Updates.

   

9. After you do this, check the box associated with the KB3161606 update, then click on Next to advance to the final screen below.

   

10. Wait patiently until the procedure is complete, then reboot your computer to make the change permanent.
11. Once the next startup is complete, you can open the Event Viewer and check for any new instances of the SChannel Error 36887. In case you were encountering these errors due to TLS 1.0 Encryption, new entries of the same errors should no longer appear.

In case this method is not applicable or you followed the instructions and you still get the same constant SChannel Error 36887 in Event viewer, move down to the next potential fix below.

Uninstalling ESET Antivirus

As it turns out, ESET Antivirus Endpoint protection is not a big fan of the now deprecated TLS 1.0 Encryption. If you have any programs that still use this old technology, you will need to uninstall ESET to fix the issue  (disabling the real-time protection will not work since this block is enforced at a firewall level.

Some users that were also dealing with persistent Event viewers related to Shannel have confirmed that no new errors of this kind were ever reported once they’ve removed the AV from their system.

This is not the most elegant solution, but it’s a quick fix in case you can afford to switch over to Windows Defender or another 3rd party equivalent. Here’s a quick guide on uninstalling Eset Antivirus:

1. Press Windows key + R to open up a Run dialog box. Next, type ‘appwiz.cpl’ and press Enter to open up the Programs and Features window.

   

2. Once you’re inside the Programs and Features menu, scroll down through the list of installed applications and locate the entry associated with Eset antivirus.
3. When you see it, right-click on it and choose Uninstall from the context menu to begin the installation process.

   

4. At the uninstallation screen, follow the on-screen instructions to complete the process, then restart your computer and see if the problem is fixed at the next startup sequence.

In case you’re still seeing frequent SChannel Error 36887 entries in Event viewer, move down to the next potential fix below.

Running SFC and DISM scans

Under certain circumstances, you can expect to see this error due to some type of system file corruption that ends up affecting your machine ability to handle TSL encryption. In this case, you will need to run a couple of utilities equipped to find and fix instances of corrupted system files.

Fortunately, every recent Windows version is equipped with two built-in tools capable of helping you do this: System File Checker (SFC) and Deployment and Image Servicing and Deployment (DISM).

Both utilities will ultimately help you clean your system for system file corruption, but they operate differently – DISM relies on a Windows Update subcomponent to download healthy copies for the files that need to be replaced while SFC retrieves healthy files from an archive that is stored locally.

Our recommendation is to run both utilities in quick succession to improve your chances of fixing the issue. Start with a simple SFC scan and once the operation is complete, restart your computer and start a DISM scan.

Note: Keep in mind that before running DISM, you will need to ensure that your Internet connection is stable.

After both scans have been successfully performed, reboot your computer and see if you’re still seeing the same constant SChannel Error 36887 (Fatal Alert 42) errors in Event viewer.

In case the same problem is still occurring, move down to the next method below.

Disabling the use of TLS Options

In case you notice that these Schannel errors are somehow triggered by your web surfing (whenever you visit certain websites), it’s very likely that the error gets triggered when you visit sites that don’t use TLS encryption.

In this case, you can ensure that the same errors aren’t thrown ever again by this scenario by disabling the Use TLS option inside your Internet Options menu. This is not ideal since it might leave your system vulnerable to certain browser hijackers, but it serves as a reliable temporary fix.

Here’s a quick guide on disabling the use of TLS Options via the Internet Options menu:

1. Press Windows key + R to open up a Run dialog box. Next, type ‘intetcpl.cpl’ inside the text box and press Enter to open up the Internet Options screen.

   

2. Once you’re inside the Internet Properties screen, click on the Advanced tab and then scroll down to the Security entry inside the Settings menu.
3. Next, uncheck every box that starts with Use TLS and click Apply to save the changes.

   

4. After you save the changes, restart your machine and see if the problem is fixed at the next computer startup.

In case you’re still stuck with the same SChannel Error 36887 (Fatal Alert 42) error, move down to the next potential fix below.

Installing the Latest version of CCleaner (if applicable)

As it turns out, this problem can also be caused by an older version of a 3rd party cleaning app called CCleaner from Piriform. This particular problem is only reported to occur with version 5.06.

If this scenario is applicable and you have CCleaner installed on your computer, you should be able to fix the issue by uninstalling the current CCleaner version and then reinstalling the latest. This operation was confirmed to work by several affected users that we’re encountering the SChannel Error 36887 (Fatal Alert 42) error.

If this applies to you too, follow the instructions below to uninstall current CCleaner and reinstall the latest version:

1. Press Windows key + R to open up a Run dialog box. Next, type ‘appwiz.cpl’ and press Enter to open up the Programs and Files menu.

   

2. Once you’re inside the Programs and Features menu, scroll down through the list of installed programs and locate CCleaner. When you see it, right-click on it and choose Uninstall from the newly appeared context menu.

   

3. Next, follow the on-screen instructions to complete the uninstallation, then restart your computer.
4. At the next computer startup, visit this link (here) and wait for the download to complete.

   

5. Once the download is complete, open the installation executable that you just downloaded and follow the on-screen prompts to complete the installation of the newest version>

   

6. After installing the newest version, reboot your computer and see if you spot any new instances of the SChannel Error 36887 inside Event Viewer after the next startup is complete.