Schannel error messages are common and can have many different causes. Here is a rather specific error message that occurred on a Windows Server 2022 after the operating system underwent standard hardening. After disabling outdated cipher suites and SSL / TLS protocols, the following error message appeared very frequently in the system event log:
Source: Schannel
Event ID: 36871
A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
The SSPI client process is svchost[wlidsvc] (PID: 4828).
The solution to this problem was quite simple, because the error message already points in the right direction. The error message indicates that the problematic service is "wlidsvc", which is started by "svchost" (see screenshot of the error message). WLIDSVC is part of the "Microsoft Account Sign-In Assistant" service and enables logon with Microsoft accounts. However, this service is not required on Windows servers and can therefore be deactivated:
The "Microsoft Account Sign-In Assistant" service is set to the "Manual" start type by default and starts cyclically. Whenever the service is started, the above error messages appear in Eventlog. With Windows Server 2016 it was still OK to deactivate the service, so I assume that this is also the case with Windows Server 2022. See here for more information:
After the service was deactivated, the error messages no longer occurred.
Here you can find the Microsoft Security Baselines for Windows Server 2022 and Edge:
There will be a separate article on the topic of "Hardening Windows Server 2022" here.
Moin Frank,
ich bin etwas neugierig geworden. :D Was machst du genau alles bei „nachdem das Betriebssystem der standardmäßigen Härtung unterzogen wurde“.
VG
Hallo, der Fehler kommt unter Windows Server 2022 nach jedem Neustart wieder, obwohl der Dienst deaktiviert wurde.