Another patch-induced bug: Transport Layer Security fails with error 0x8009030f

Topic

New Reply

Microsoft has acknowledged a problem with the latest patches for Win7, 8.1, Server 2008,  2008 R2, 2012, 2012 R2 and Server 2016 – Monthly Rollups, Se
[See the full post at: Another patch-induced bug: Transport Layer Security fails with error 0x8009030f]

7 users thanked author for this post.

Myst, Chessie, SueW, jburk07, GreatAndPowerfulTech, Microfix, AJNorth

Reply | Quote

Replies

According to the article, as long as both systems are up to date you won’t encounter this issue.  Systems that haven’t been updated since 2015 are all that’s affected, and if you’re still using a machine in that sate, well you’ve got a bigger problem than this.

4 users thanked author for this post.

Myst, Chessie, OscarCP, AJNorth

Reply | Quote

I monitor 2 systems that generate a similar error on average about once every 2 weeks, but sometimes in clusters of 4-6 in a few minutes.  Both systems are up to date and they are not connected other than to the internet using conventional routers.

The Event Viewer error message is:  Schannel 36887:  A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

One system is Win7 Home which was installed in 2011.  The other is Win8.1 Home which was installed in mid-2017.

I have not yet tracked down the reason and Dr Google is distinctly unhelpful.  I will add this to my notes and keep an eye on both systems!  One day….

1 user thanked author for this post.

jburk07

Reply | Quote

I’ve seen that error for years on every server I manage. As far as I tell it’s just a generic SSL error that doesn’t mean much. If everything you do works normally I would forget about it.

1 user thanked author for this post.

jburk07

Reply | Quote

Thanks!

Reply | Quote

I wonder if this has anything to do with TLS 1.0 and 1.1 reaching EOL at the end of the year? Microsoft has been working for a while now on dropping support for those protocols and will be doing so with legacy email apps.

Red Ruffnsore

Reply | Quote

Is this error associated with KB4520005, cumulative roll up for October W8.1 systems?

Reply | Quote

the KB article states that KB4519976, Win 7 roll up  is one of the affected updates.  Does that mean that the Master Patch list will be updated to reflect this latest Microsoft conundrum?  I am just wondering if we should just skip this roll up and wait till the November roll up hits?  Any one else have an opinion?

Reply | Quote

It’s a security feature restriction, not a bug

Reply | Quote

techweenie wrote:

Systems that haven’t been updated since 2015 are all that’s affected,

Actually some systems only got that update much later and OpenSSL 1.0.2 branch maintenance release t (less than 2 months old) still doesn’t have it.

So there’s a risk, yes… particularly with embedded devices and other IoT and such.

abbodi86 wrote:

It’s a security feature restriction, not a bug

Exactly. Worst case, have to drop some of the better ciphers and use less secure alternatives in SSL/TLS. Could be a lot of adjustment work if you’re affected.

Reply | Quote

Is this related to IE or Edge?

If not, what does TLS have to do with the OS?

Reply | Quote

anonymous wrote:

Is this related to IE or Edge?

They’re two entries on the very large list of things that use it…

anonymous wrote:

If not, what does TLS have to do with the OS?

You mean, other than the part where the OS comes with an implementation of it, for applications and such to use?

Reply | Quote

The KB article is updated with more details, and now lists all Windows versions as affected

Reply | Quote