We have a Server 2008R2 VMware image that is experiencing connectivity issues. It is a domain member, print server and routing and remote access server.
Recently We have been having issues with the machine disconnecting RDP sessions and intermittently refusing to handle print jobs for desktops (as though the print spooler can't reach the server) which causes the desktops to "hang" waiting for printers.
At all times the VM is ping-able, as are it's counterparts on the same network. All relevant firewalls are off.
We are seeing hundreds of the bellow error in the event logs and I'm unable to find any solid single source that would cause these issues.
Any hints or thoughts?
Thanks.
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Schannel" Guid="{1F678132-5938-4686-9FDC-C8FF68F15C85}" />
<EventID>36888</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2010-08-17T15:49:13.243716700Z" />
<EventRecordID>28198</EventRecordID>
<Correlation />
<Execution ProcessID="476" ThreadID="4692" />
<Channel>System</Channel>
<Computer>SRV1.corp.foo.com</Computer>
<Security UserID="S-1-5-18" />
</System>
- <EventData>
<Data Name="AlertDesc">10</Data>
<Data Name="ErrorState">1203</Data>
</EventData>
</Event>
Best Answer
The AlertDesc field contains the TLS Alert value that was generated, which per the RFC is unexpected_message.
This is most common when someone sends plaintext packet to SSL/TLS server endpoint. You can capture some network traffic to confirm/deny this.