Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

To downgrade the human mind is bad theology. -- C. K. Chesterton

computers / alt.windows7.general / SChannel Errors

SubjectAuthor
* SChannel ErrorsJava Jive
`* Re: SChannel ErrorsJava Jive
 `* Re: SChannel ErrorsPaul
  `* Re: SChannel ErrorsJava Jive
   +- Re: SChannel ErrorsPaul
   `* Re: SChannel ErrorsJava Jive
    `* Re: SChannel ErrorsJava Jive
     `- Re: SChannel ErrorsJava Jive

1
SChannel Errors

<uesb0s$20cd6$1@dont-email.me>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=7081&group=alt.windows7.general#7081

  copy link   Newsgroups: alt.windows7.general
Path: i2pn2.org!i2pn.org!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: jav...@evij.com.invalid (Java Jive)
Newsgroups: alt.windows7.general
Subject: SChannel Errors
Date: Mon, 25 Sep 2023 17:03:36 +0100
Organization: A noiseless patient Spider
Lines: 109
Message-ID: <uesb0s$20cd6$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Mon, 25 Sep 2023 16:03:40 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="3e864042ae9bad4aa0c917798d6244e5";
logging-data="2109862"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19cbb/arTS8Atd+869rVDRAyyYuOoo2bJs="
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:68.0) Gecko/20100101
Thunderbird/68.4.2
Cancel-Lock: sha1:ynz9UCdTwWvbtpVeNIX/LgCw3/g=
X-Mozilla-News-Host: news://news.eternal-september.org:119
Content-Language: en-GB
 by: Java Jive - Mon, 25 Sep 2023 16:03 UTC

In Sept 2021 a user posted here about some SChannel messages appearing
in his System Event log every 6 hours. Between Paul, myself, and
himself, we eventually nailed it to a rogue piece of software/malware
which he uninstalled and so cured the problem. The following
documentation was crucial in determining that, then as now, it was an
outgoing, rather than an incoming, attempt which failed:

TechNet documentation:

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn786445(v=ws.11)

Schannel Events

Event ID 36887: A Fatal Alert Was Received

The TLS alert sub-protocol uses messages to indicate a change in status
or an error condition to the peer. There are a wide variety of alerts to
notify the peer of both normal and error conditions. Alerts are commonly
sent when the connection is closed, a message which is not valid is
received, a message cannot be decrypted, or the user cancels the
operation. The IETF specification, RFC 4346 [Link is ...

http://www.ietf.org/rfc/rfc4346.txt

....], contains descriptions of the closure alerts and error alerts.

This alert message indicates this computer received a TLS or SSL fatal
alert message from the server it was communicating or negotiating with.
The error indicates a state in the communication process, not
necessarily a problem with the application. However, the cause could be
how the application, such as a web browser, handled the communication.

The desktop app, using SCHANNEL_ALERT_TOKEN, generates a SSL or TLS
alert to be sent to the target of a call to either the
InitializeSecurityContext (Schannel) function or the
AcceptSecurityContext (Schannel) function. The two alert types are
warning and fatal. With a fatal error, the connection is closed immediately.
Event Details
Product Windows Operating
ID 36887
Source Schannel
Version 6.1

6.2
Symbolic Name SSLEVENT_RECEIVE_FATAL_ALERT

Now I'm getting pretty much the same thing, and, very much as
previously, the problem is trying to determine the target of the
attempted outgoing connection. I've enabled syslogging on my QNAP
server and configured my router, which is running ...

OpenWRT OpenWrt 18.06.4 r7808-ef686b7292 / LuCI openwrt-18.06 branch
(git-19.186.54187-cbc000b) (so quite an old version)

.... to send its logs there, and they are being received and visible on
the QNAP, but there was no seemingly useful information the last time
the sequence happened, details of which are appended.

It seems I need to enable more detailed logging on the router. Can
anyone suggest a reasonable compromise between getting enough
information to identify the attempted target of the failed communication
while not bringing the router, a BTHH5a, to its knees by overloading it
with the need to log absolutely everything that is happening, and give
me instructions on how to set the required configuration?

Details (dates converted to iso):

PCs System Event log:

2023-09-25 11:21:34 Service Control Manager 7036 The Software
Protection service entered the running state

2023-09-25 11:21:35 Schannel 36867 Creating an SSL client credential

2023-09-25 11:22:07 Schannel 36887* The following fatal alert was
received: 70.
[Repeated twice more]

2023-09-25 11:25:59 Schannel 36867 Creating an SSL client credential

2023-09-25 11:26:00 Schannel 36880 An SSL client handshake completed
successfully [...]

2023-09-25 11:27:01 Service Control Manager 7036 The Software
Protection service entered the stopped state.

Server's syslog from the router around the same time:

2023-09-25 11:21:25 daemon Notice <router name> hostapd
wlan1:AP-STA-POLL-OK <MAC of bedroom client bridge router>

2023-09-25 11:21:30 daemon Info <router name> dnsmasq-dhcp 2933
DHCPINFORM(br-lan) <problem PC IP> <problem PC MAC>

2023-09-25 11:21:30 daemon Info <router name> dnsmasq-dhcp 2933
DHCPACK(br-lan) <problem PC IP> <problem PC MAC> <problem PC hostname>

2023-09-25 11:26:27 daemon Notice <router name> hostapd
wlan1:AP-STA-POLL-OK <MAC of bedroom client bridge router>

--

Fake news kills!

I may be contacted via the contact address given on my website:
www.macfh.co.uk

Re: SChannel Errors

<uf0t1j$3142g$1@dont-email.me>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=7088&group=alt.windows7.general#7088

  copy link   Newsgroups: alt.windows7.general
Path: i2pn2.org!i2pn.org!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: jav...@evij.com.invalid (Java Jive)
Newsgroups: alt.windows7.general
Subject: Re: SChannel Errors
Date: Wed, 27 Sep 2023 10:35:42 +0100
Organization: A noiseless patient Spider
Lines: 244
Message-ID: <uf0t1j$3142g$1@dont-email.me>
References: <uesb0s$20cd6$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Wed, 27 Sep 2023 09:35:47 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="ac8d850aee74d09b6f7b5adc9e864c5b";
logging-data="3182672"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+bMM4kXFLDZ0zAcrGsWK0f3gkwc3znlzk="
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:68.0) Gecko/20100101
Thunderbird/68.4.2
Cancel-Lock: sha1:RqCO5tYW8OnZdhQ54l9qK8VA+/4=
X-Mozilla-News-Host: news://news.eternal-september.org
Content-Language: en-GB
In-Reply-To: <uesb0s$20cd6$1@dont-email.me>
 by: Java Jive - Wed, 27 Sep 2023 09:35 UTC

On 25/09/2023 17:03, Java Jive wrote:
>
> [snip]

As per previous explanation, getting daily SChannel errors on attempted
outbound connections, apparently by the Software Protection Service
within about 10 minutes or so of switching on the affected PC.
Temporarily for this morning I set the router to log all dns queries and
send them to an external syslog server. Appended are this morning's
results. Can anyone help me make sense of them? I'm beginning to think
it's not something that needs worrying about, but it would be nice to be
sure.

PCs System Event log:

2023-09-27 09:10:29 Service Control Manager 7036 The Software
Protection service entered the running state

2023-09-27 09:11:04 Schannel 36867 Creating an SSL client credential

2023-09-27 09:11:04 Schannel 36887* The following fatal alert was
received: 70.
[Repeated twice more]

2023-09-27 09:15:06 Schannel 36867 Creating an SSL client credential

2023-09-27 09:15:06 Schannel 36880 An SSL client handshake completed
successfully [...]

2023-09-27 09:15:57 Service Control Manager 7036 The Software
Protection service entered the stopped state.

* This event number is for an outgoing failure to connect on SChannel,
as per the documentation previously linked.

Router Syslog output from before until after the above:

<30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2145 [Problem PC IP6 Address]/55907 reply
e83157.dscb.akamaiedge.net is 2a02:26f0:b7::17c8:9350
<30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2146 [Problem PC IP6 Address]/53806 query[A]
crl.verisign.com from [Problem PC IP6 Address]
<30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2146 [Problem PC IP6 Address]/53806 forwarded
crl.verisign.com to [4G USB Mobile Dongle IP4 Address]
<30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2146 [Problem PC IP6 Address]/53806 reply
crl.verisign.com is <CNAME>
<30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2146 [Problem PC IP6 Address]/53806 reply
crl-symcprod.digicert.com is <CNAME>
<30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2146 [Problem PC IP6 Address]/53806 reply
crl.edge.digicert.com is <CNAME>
<30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2146 [Problem PC IP6 Address]/53806 reply
fp2e7a.wpc.2be4.phicdn.net is <CNAME>
<30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2146 [Problem PC IP6 Address]/53806 reply
fp2e7a.wpc.phicdn.net is 192.229.221.95
<30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2147 [Problem PC IP6 Address]/55895 query[AAAA]
crl.verisign.com from [Problem PC IP6 Address]
<30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2147 [Problem PC IP6 Address]/55895 forwarded
crl.verisign.com to [4G USB Mobile Dongle IP4 Address]
<30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2147 [Problem PC IP6 Address]/55895 reply
crl.verisign.com is <CNAME>
<30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2147 [Problem PC IP6 Address]/55895 reply
crl-symcprod.digicert.com is <CNAME>
<30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2147 [Problem PC IP6 Address]/55895 reply
crl.edge.digicert.com is <CNAME>
<30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2147 [Problem PC IP6 Address]/55895 reply
fp2e7a.wpc.2be4.phicdn.net is <CNAME>
<30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2147 [Problem PC IP6 Address]/55895 reply
fp2e7a.wpc.phicdn.net is 64:ff9b::c0e5:dd5f
<30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2148 [Problem PC IP6 Address]/59498 query[A]
crl.verisign.com from [Problem PC IP6 Address]
<30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2148 [Problem PC IP6 Address]/59498 forwarded
crl.verisign.com to [4G USB Mobile Dongle IP4 Address]
<28>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: nameserver [4G USB Mobile Dongle IP4 Address] refused to
do a recursive query
<30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2148 [Problem PC IP6 Address]/59498 reply
crl.verisign.com is 192.229.221.95
<30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2149 [Problem PC IP6 Address]/50563 query[AAAA]
crl.verisign.com from [Problem PC IP6 Address]
<30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2149 [Problem PC IP6 Address]/50563 forwarded
crl.verisign.com to [4G USB Mobile Dongle IP4 Address]
<28>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: nameserver [4G USB Mobile Dongle IP4 Address] refused to
do a recursive query
<30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2149 [Problem PC IP6 Address]/50563 reply
crl.verisign.com is 64:ff9b::c0e5:dd5f
<30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2150 [Problem PC IP6 Address]/63429 query[A]
www.microsoft.com from [Problem PC IP6 Address]
<30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2150 [Problem PC IP6 Address]/63429 forwarded
www.microsoft.com to [4G USB Mobile Dongle IP4 Address]
<30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2150 [Problem PC IP6 Address]/63429 reply
www.microsoft.com is <CNAME>
<30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2150 [Problem PC IP6 Address]/63429 reply
www.microsoft.com-c-3.edgekey.net is <CNAME>
<30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2150 [Problem PC IP6 Address]/63429 reply
www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net is <CNAME>
<30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2150 [Problem PC IP6 Address]/63429 reply
e13678.dscb.akamaiedge.net is 92.123.241.137
<30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2151 [Problem PC IP6 Address]/59863 query[AAAA]
www.microsoft.com from [Problem PC IP6 Address]
<30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2151 [Problem PC IP6 Address]/59863 cached
www.microsoft.com is <CNAME>
<30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2151 [Problem PC IP6 Address]/59863 cached
www.microsoft.com-c-3.edgekey.net is <CNAME>
<30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2151 [Problem PC IP6 Address]/59863 cached
www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net is <CNAME>
<30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2151 [Problem PC IP6 Address]/59863 forwarded
www.microsoft.com to [4G USB Mobile Dongle IP4 Address]
<30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2151 [Problem PC IP6 Address]/59863 reply
www.microsoft.com is <CNAME>
<30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2151 [Problem PC IP6 Address]/59863 reply
www.microsoft.com-c-3.edgekey.net is <CNAME>
<30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2151 [Problem PC IP6 Address]/59863 reply
www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net is <CNAME>
<30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2151 [Problem PC IP6 Address]/59863 reply
e13678.dscb.akamaiedge.net is 2a02:26f0:da:895::356e
<30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2151 [Problem PC IP6 Address]/59863 reply
e13678.dscb.akamaiedge.net is 2a02:26f0:da:884::356e
<30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2151 [Problem PC IP6 Address]/59863 reply
e13678.dscb.akamaiedge.net is 2a02:26f0:da:893::356e
<30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2151 [Problem PC IP6 Address]/59863 reply
e13678.dscb.akamaiedge.net is 2a02:26f0:da:885::356e
<30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2151 [Problem PC IP6 Address]/59863 reply
e13678.dscb.akamaiedge.net is 2a02:26f0:da:890::356e
<30>1 2023-09-27T09:11:08+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2152 [Problem PC IP6 Address]/63697 query[A]
go.microsoft.com from [Problem PC IP6 Address]
<30>1 2023-09-27T09:11:08+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2152 [Problem PC IP6 Address]/63697 forwarded
go.microsoft.com to [4G USB Mobile Dongle IP4 Address]
<30>1 2023-09-27T09:11:08+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2152 [Problem PC IP6 Address]/63697 reply
go.microsoft.com is <CNAME>
<30>1 2023-09-27T09:11:08+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2152 [Problem PC IP6 Address]/63697 reply
go.microsoft.com.edgekey.net is <CNAME>
<30>1 2023-09-27T09:11:08+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2152 [Problem PC IP6 Address]/63697 reply
e11290.dspg.akamaiedge.net is 184.31.226.104
<30>1 2023-09-27T09:11:08+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2153 [Problem PC IP6 Address]/51318 query[AAAA]
go.microsoft.com from [Problem PC IP6 Address]
<30>1 2023-09-27T09:11:08+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2153 [Problem PC IP6 Address]/51318 cached
go.microsoft.com is <CNAME>
<30>1 2023-09-27T09:11:08+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2153 [Problem PC IP6 Address]/51318 cached
go.microsoft.com.edgekey.net is <CNAME>
<30>1 2023-09-27T09:11:08+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2153 [Problem PC IP6 Address]/51318 forwarded
go.microsoft.com to [4G USB Mobile Dongle IP4 Address]
<30>1 2023-09-27T09:11:08+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2153 [Problem PC IP6 Address]/51318 reply
go.microsoft.com is <CNAME>
<30>1 2023-09-27T09:11:08+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2153 [Problem PC IP6 Address]/51318 reply
go.microsoft.com.edgekey.net is <CNAME>
<30>1 2023-09-27T09:11:08+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2153 [Problem PC IP6 Address]/51318 reply
e11290.dspg.akamaiedge.net is 2a02:26f0:b7:3a7::2c1a
<30>1 2023-09-27T09:11:08+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2153 [Problem PC IP6 Address]/51318 reply
e11290.dspg.akamaiedge.net is 2a02:26f0:b7:38a::2c1a
<30>1 2023-09-27T09:11:11+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2154 [Problem PC IP6 Address]/56771 query[A]
download.windowsupdate.com from [Problem PC IP6 Address]
<30>1 2023-09-27T09:11:11+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2154 [Problem PC IP6 Address]/56771 forwarded
download.windowsupdate.com to [4G USB Mobile Dongle IP4 Address]
<30>1 2023-09-27T09:11:11+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2154 [Problem PC IP6 Address]/56771 reply
download.windowsupdate.com is <CNAME>
<30>1 2023-09-27T09:11:11+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2154 [Problem PC IP6 Address]/56771 reply
wu-fg-shim.trafficmanager.net is <CNAME>
<30>1 2023-09-27T09:11:11+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2154 [Problem PC IP6 Address]/56771 reply
cds.d2s7q6s2.hwcdn.net is 209.197.3.8
<30>1 2023-09-27T09:11:11+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2155 [Problem PC IP6 Address]/51542 query[AAAA]
download.windowsupdate.com from [Problem PC IP6 Address]
<30>1 2023-09-27T09:11:11+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2155 [Problem PC IP6 Address]/51542 cached
download.windowsupdate.com is <CNAME>
<30>1 2023-09-27T09:11:11+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2155 [Problem PC IP6 Address]/51542 cached
wu-fg-shim.trafficmanager.net is <CNAME>
<30>1 2023-09-27T09:11:11+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2155 [Problem PC IP6 Address]/51542 forwarded
download.windowsupdate.com to [4G USB Mobile Dongle IP4 Address]
<30>1 2023-09-27T09:11:11+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2155 [Problem PC IP6 Address]/51542 reply
download.windowsupdate.com is <CNAME>
<30>1 2023-09-27T09:11:11+01:00 [Router hostname] dnsmasq 7405 - -
dnsmasq[7405]: 2155 [Problem PC IP6 Address]/51542 reply
wu-fg-shim.trafficmanager.net is <CNAME>


Click here to read the complete article
Re: SChannel Errors

<uf215s$38oef$1@dont-email.me>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=7089&group=alt.windows7.general#7089

  copy link   Newsgroups: alt.windows7.general
Path: i2pn2.org!i2pn.org!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: nos...@needed.invalid (Paul)
Newsgroups: alt.windows7.general
Subject: Re: SChannel Errors
Date: Wed, 27 Sep 2023 15:52:27 -0400
Organization: A noiseless patient Spider
Lines: 179
Message-ID: <uf215s$38oef$1@dont-email.me>
References: <uesb0s$20cd6$1@dont-email.me> <uf0t1j$3142g$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Injection-Date: Wed, 27 Sep 2023 19:52:28 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="5ee6a96cb9242c16a7797f44e271f2bf";
logging-data="3432911"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/w+BD1QkD5LMLgZj5g9yszWArL5as0xMI="
User-Agent: Ratcatcher/2.0.0.25 (Windows/20130802)
Cancel-Lock: sha1:KHrWJn99/7yTxTVGxsQbDMKuzz0=
In-Reply-To: <uf0t1j$3142g$1@dont-email.me>
Content-Language: en-US
 by: Paul - Wed, 27 Sep 2023 19:52 UTC

On 9/27/2023 5:35 AM, Java Jive wrote:
> On 25/09/2023 17:03, Java Jive wrote:
>>
>> [snip]
>
> As per previous explanation, getting daily SChannel errors on attempted outbound connections, apparently by the Software Protection Service within about 10 minutes or so of switching on the affected PC. Temporarily for this morning I set the router to log all dns queries and send them to an external syslog server.  Appended are this morning's results.  Can anyone help me make sense of them?  I'm beginning to think it's not something that needs worrying about, but it would be nice to be sure.
>
>
> PCs System Event log:
>
> 2023-09-27 09:10:29  Service Control Manager  7036  The Software
> Protection service entered the running state
>
> 2023-09-27 09:11:04  Schannel  36867  Creating an SSL client credential
>
> 2023-09-27 09:11:04  Schannel  36887* The following fatal alert was
> received: 70.
> [Repeated twice more]
>
> 2023-09-27 09:15:06  Schannel  36867  Creating an SSL client credential
>
> 2023-09-27 09:15:06  Schannel  36880  An SSL client handshake completed
> successfully [...]
>
> 2023-09-27 09:15:57  Service Control Manager  7036  The Software
> Protection service entered the stopped state.
>
> * This event number is for an outgoing failure to connect on SChannel, as per the documentation previously linked.
>
>
> Router Syslog output from before until after the above:
>
> <30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2145 [Problem PC IP6 Address]/55907 reply e83157.dscb.akamaiedge.net is 2a02:26f0:b7::17c8:9350
> <30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2146 [Problem PC IP6 Address]/53806 query[A] crl.verisign.com from [Problem PC IP6 Address]
> <30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2146 [Problem PC IP6 Address]/53806 forwarded crl.verisign.com to [4G USB Mobile Dongle IP4 Address]
> <30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2146 [Problem PC IP6 Address]/53806 reply crl.verisign.com is <CNAME>
> <30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2146 [Problem PC IP6 Address]/53806 reply crl-symcprod.digicert.com is <CNAME>
> <30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2146 [Problem PC IP6 Address]/53806 reply crl.edge.digicert.com is <CNAME>
> <30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2146 [Problem PC IP6 Address]/53806 reply fp2e7a.wpc.2be4.phicdn.net is <CNAME>
> <30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2146 [Problem PC IP6 Address]/53806 reply fp2e7a.wpc.phicdn.net is 192.229.221.95
> <30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2147 [Problem PC IP6 Address]/55895 query[AAAA] crl.verisign.com from [Problem PC IP6 Address]
> <30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2147 [Problem PC IP6 Address]/55895 forwarded crl.verisign.com to [4G USB Mobile Dongle IP4 Address]
> <30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2147 [Problem PC IP6 Address]/55895 reply crl.verisign.com is <CNAME>
> <30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2147 [Problem PC IP6 Address]/55895 reply crl-symcprod.digicert.com is <CNAME>
> <30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2147 [Problem PC IP6 Address]/55895 reply crl.edge.digicert.com is <CNAME>
> <30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2147 [Problem PC IP6 Address]/55895 reply fp2e7a.wpc.2be4.phicdn.net is <CNAME>
> <30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2147 [Problem PC IP6 Address]/55895 reply fp2e7a.wpc.phicdn.net is 64:ff9b::c0e5:dd5f
> <30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2148 [Problem PC IP6 Address]/59498 query[A] crl.verisign.com from [Problem PC IP6 Address]
> <30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2148 [Problem PC IP6 Address]/59498 forwarded crl.verisign.com to [4G USB Mobile Dongle IP4 Address]
> <28>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: nameserver [4G USB Mobile Dongle IP4 Address] refused to do a recursive query
> <30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2148 [Problem PC IP6 Address]/59498 reply crl.verisign.com is 192.229.221.95
> <30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2149 [Problem PC IP6 Address]/50563 query[AAAA] crl.verisign.com from [Problem PC IP6 Address]
> <30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2149 [Problem PC IP6 Address]/50563 forwarded crl.verisign.com to [4G USB Mobile Dongle IP4 Address]
> <28>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: nameserver [4G USB Mobile Dongle IP4 Address] refused to do a recursive query
> <30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2149 [Problem PC IP6 Address]/50563 reply crl.verisign.com is 64:ff9b::c0e5:dd5f
> <30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2150 [Problem PC IP6 Address]/63429 query[A] www.microsoft.com from [Problem PC IP6 Address]
> <30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2150 [Problem PC IP6 Address]/63429 forwarded www.microsoft.com to [4G USB Mobile Dongle IP4 Address]
> <30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2150 [Problem PC IP6 Address]/63429 reply www.microsoft.com is <CNAME>
> <30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2150 [Problem PC IP6 Address]/63429 reply www.microsoft.com-c-3.edgekey.net is <CNAME>
> <30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2150 [Problem PC IP6 Address]/63429 reply www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net is <CNAME>
> <30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2150 [Problem PC IP6 Address]/63429 reply e13678.dscb.akamaiedge.net is 92.123.241.137
> <30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2151 [Problem PC IP6 Address]/59863 query[AAAA] www.microsoft.com from [Problem PC IP6 Address]
> <30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2151 [Problem PC IP6 Address]/59863 cached www.microsoft.com is <CNAME>
> <30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2151 [Problem PC IP6 Address]/59863 cached www.microsoft.com-c-3.edgekey.net is <CNAME>
> <30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2151 [Problem PC IP6 Address]/59863 cached www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net is <CNAME>
> <30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2151 [Problem PC IP6 Address]/59863 forwarded www.microsoft.com to [4G USB Mobile Dongle IP4 Address]
> <30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2151 [Problem PC IP6 Address]/59863 reply www.microsoft.com is <CNAME>
> <30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2151 [Problem PC IP6 Address]/59863 reply www.microsoft.com-c-3.edgekey.net is <CNAME>
> <30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2151 [Problem PC IP6 Address]/59863 reply www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net is <CNAME>
> <30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2151 [Problem PC IP6 Address]/59863 reply e13678.dscb.akamaiedge.net is 2a02:26f0:da:895::356e
> <30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2151 [Problem PC IP6 Address]/59863 reply e13678.dscb.akamaiedge.net is 2a02:26f0:da:884::356e
> <30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2151 [Problem PC IP6 Address]/59863 reply e13678.dscb.akamaiedge.net is 2a02:26f0:da:893::356e
> <30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2151 [Problem PC IP6 Address]/59863 reply e13678.dscb.akamaiedge.net is 2a02:26f0:da:885::356e
> <30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2151 [Problem PC IP6 Address]/59863 reply e13678.dscb.akamaiedge.net is 2a02:26f0:da:890::356e
> <30>1 2023-09-27T09:11:08+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2152 [Problem PC IP6 Address]/63697 query[A] go.microsoft.com from [Problem PC IP6 Address]
> <30>1 2023-09-27T09:11:08+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2152 [Problem PC IP6 Address]/63697 forwarded go.microsoft.com to [4G USB Mobile Dongle IP4 Address]
> <30>1 2023-09-27T09:11:08+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2152 [Problem PC IP6 Address]/63697 reply go.microsoft.com is <CNAME>
> <30>1 2023-09-27T09:11:08+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2152 [Problem PC IP6 Address]/63697 reply go.microsoft.com.edgekey.net is <CNAME>
> <30>1 2023-09-27T09:11:08+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2152 [Problem PC IP6 Address]/63697 reply e11290.dspg.akamaiedge.net is 184.31.226.104
> <30>1 2023-09-27T09:11:08+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2153 [Problem PC IP6 Address]/51318 query[AAAA] go.microsoft.com from [Problem PC IP6 Address]
> <30>1 2023-09-27T09:11:08+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2153 [Problem PC IP6 Address]/51318 cached go.microsoft.com is <CNAME>
> <30>1 2023-09-27T09:11:08+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2153 [Problem PC IP6 Address]/51318 cached go.microsoft.com.edgekey.net is <CNAME>
> <30>1 2023-09-27T09:11:08+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2153 [Problem PC IP6 Address]/51318 forwarded go.microsoft.com to [4G USB Mobile Dongle IP4 Address]
> <30>1 2023-09-27T09:11:08+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2153 [Problem PC IP6 Address]/51318 reply go.microsoft.com is <CNAME>
> <30>1 2023-09-27T09:11:08+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2153 [Problem PC IP6 Address]/51318 reply go.microsoft.com.edgekey.net is <CNAME>
> <30>1 2023-09-27T09:11:08+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2153 [Problem PC IP6 Address]/51318 reply e11290.dspg.akamaiedge.net is 2a02:26f0:b7:3a7::2c1a
> <30>1 2023-09-27T09:11:08+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2153 [Problem PC IP6 Address]/51318 reply e11290.dspg.akamaiedge.net is 2a02:26f0:b7:38a::2c1a
> <30>1 2023-09-27T09:11:11+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2154 [Problem PC IP6 Address]/56771 query[A] download.windowsupdate.com from [Problem PC IP6 Address]
> <30>1 2023-09-27T09:11:11+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2154 [Problem PC IP6 Address]/56771 forwarded download.windowsupdate.com to [4G USB Mobile Dongle IP4 Address]
> <30>1 2023-09-27T09:11:11+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2154 [Problem PC IP6 Address]/56771 reply download.windowsupdate.com is <CNAME>
> <30>1 2023-09-27T09:11:11+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2154 [Problem PC IP6 Address]/56771 reply wu-fg-shim.trafficmanager.net is <CNAME>
> <30>1 2023-09-27T09:11:11+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2154 [Problem PC IP6 Address]/56771 reply cds.d2s7q6s2.hwcdn.net is 209.197.3.8
> <30>1 2023-09-27T09:11:11+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2155 [Problem PC IP6 Address]/51542 query[AAAA] download.windowsupdate.com from [Problem PC IP6 Address]
> <30>1 2023-09-27T09:11:11+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2155 [Problem PC IP6 Address]/51542 cached download.windowsupdate.com is <CNAME>
> <30>1 2023-09-27T09:11:11+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2155 [Problem PC IP6 Address]/51542 cached wu-fg-shim.trafficmanager.net is <CNAME>
> <30>1 2023-09-27T09:11:11+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2155 [Problem PC IP6 Address]/51542 forwarded download.windowsupdate.com to [4G USB Mobile Dongle IP4 Address]
> <30>1 2023-09-27T09:11:11+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2155 [Problem PC IP6 Address]/51542 reply download.windowsupdate.com is <CNAME>
> <30>1 2023-09-27T09:11:11+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2155 [Problem PC IP6 Address]/51542 reply wu-fg-shim.trafficmanager.net is <CNAME>
>


Click here to read the complete article
Re: SChannel Errors

<uf3l3j$3l3md$1@dont-email.me>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=7090&group=alt.windows7.general#7090

  copy link   Newsgroups: alt.windows7.general
Path: i2pn2.org!i2pn.org!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: jav...@evij.com.invalid (Java Jive)
Newsgroups: alt.windows7.general
Subject: Re: SChannel Errors
Date: Thu, 28 Sep 2023 11:38:36 +0100
Organization: A noiseless patient Spider
Lines: 127
Message-ID: <uf3l3j$3l3md$1@dont-email.me>
References: <uesb0s$20cd6$1@dont-email.me> <uf0t1j$3142g$1@dont-email.me>
<uf215s$38oef$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Thu, 28 Sep 2023 10:38:44 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="effddd5f8a8e5744857a1d145edef526";
logging-data="3837645"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+jHAIJ8cS2VvnZjkzZwWMU4gdUis4Raow="
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:68.0) Gecko/20100101
Thunderbird/68.4.2
Cancel-Lock: sha1:7jQJRt4y+FBchLe6K7A0n8OiAp4=
Content-Language: en-GB
In-Reply-To: <uf215s$38oef$1@dont-email.me>
 by: Java Jive - Thu, 28 Sep 2023 10:38 UTC

On 27/09/2023 20:52, Paul wrote:
>
> On 9/27/2023 5:35 AM, Java Jive wrote:
>>
>> On 25/09/2023 17:03, Java Jive wrote:
>>>
>>> [snip]
>>
>> As per previous explanation, getting daily SChannel errors on attempted outbound connections, apparently by the Software Protection Service within about 10 minutes or so of switching on the affected PC. Temporarily for this morning I set the router to log all dns queries and send them to an external syslog server.  Appended are this morning's results.  Can anyone help me make sense of them?  I'm beginning to think it's not something that needs worrying about, but it would be nice to be sure.

[Logs snipped, they can still be seen in my last post above]

> This gives access to the SSL/TLS protocol versions. Some browsers,
> for example, may consult these "system-like" settings for inspiration.
> And since "somebody" is using the SChannel (when many browsers have
> their own SSL/TLS and certs onboard), the odds are high that this
> dialog controls whatever is making these SChannel calls.
>
> Start : Run : inetcpl.cpl Advanced tab, scroll to end
>
> [Picture]
>
> https://i.postimg.cc/bJSrB2Tw/win11-untouched-inetcpl-cpl-settings.gif
>
> The two ends, try to negotiate the highest TLS/SSL version, as well
> as negotiate the best crypto method. Normally, on an OS, you can
> "disable" insecure versions of SSL/TLS, and that's what the
> dialog in the picture is doing. It is selecting 1.2 and 1.3 as options.
> Vanilla SSL 3.0 went out the window long ago, so it is not to be ticked.
>
> Occasionally, the negotiation ends up with no viable choices shared
> by the two ends. That's where the "70" error comes from. Protocol mismatch.

Thanks for that suggestion, Paul. Last night, upon reading the above, I
went into Internet CP and was surprised to find both TLS1.0 and TLS1.1
were enabled. As an experiment, I disabled TLS1.0, but the SChannel
errors repeated this morning, so today I disabled TLS1.1 also, but we'll
have to wait until tomorrow morning to see if the error repeats itself,
because it doesn't seem to happen if I hibernate the PC again during the
day.

> You can see in your router log, a lot of certificate activity, as
> the first part of the job is verifying the "trust" in the thing we
> are connecting to, before connecting to it.
>
> There might be three separate transactions in the log, with some
> time between them.
>
> Windows Update, when it "computes" the updates, that takes (best-case)
> around three minutes of computing. When WU is broken, it can take... forever.
> Basically, the WU metadata does not scale well, and the more updates
> shipped, the worse things get. So that could account for a 3 minute delay
> between one activity and another.
>
> If some crack-head at Microsoft, has disabled enough of the SSL/TLS suite,
> it's possible your machine can not meet the "high" setting they are
> using on their end. I've read of cases where private people have
> dialed the suite to TLS 1.3 and only a couple of the very best
> crypto methods, and... nobody can connect to their site. All that
> is really required, is to disable things like 40-bit this or that.
> It doesn't require "paranoid" settings, unless your objective is
> to "break something".
>
> If Windows 7 is patched up to date, the optional (out-of-band) ones
> are installed (there's no way to track these), then you don't have
> a lot of reasons to leave Windows Update in "Auto" mode. WU has
> settings from 0..4 and 0 shuts it off or so. Presumably some
> control panel, has the GUI method for setting this. (There might be
> a Windows Update in the Control Panels.)
>
> Now, what I can't tell you, is I've heard that WU does a computation
> about once an hour, to determine if updates are necessary. Does
> turning off Windows Update stop that activity ? You would hope so,
> but this is Microsoft we're talking about here.
>
> What you could be seeing, could be related to Windows Update.
> And this is not a SHA1 versus SHA2 issue (WU switched to SHA2 when
> verifying downloaded packages). But I don't think you are really
> receiving packages, and you probably installed the SHA2 updates
> long ago. (WU had packages it installed, to bump WU from SHA1 to SHA2
> operation. SHA2=SHA256.)

I had also been wondering vaguely about Windows Update. It had occurred
to me that now Windows 7 is no longer being supplied with updates -
these days I only receive security updates and possibly occasional
offers of hardware updates, but as I usually hide the latter on the
grounds that OEM drivers are usually better, I can't remember when the
last hardware update offer occurred - it had occurred to me that maybe
WU looks for several different categories of updates, and that the
SChannel errors were the result of the W7 variety failing because
support has been discontinued. However, although I can't check ATM
because my main PC is OOO (yet another example of a laptop requiring
near complete dismantling just to change the bloody fan, only to find I
had the wrong one), I don't think it was showing any SChannel errors
before I dismantled it.

If the SChannel errors still occur tomorrow after disabling TLS1.1, I'll
try temporarily disabling WU.

> Summary: 1) Check unetcpl.cpl settings.
> 2) Determine whether problem correlates with Windows Update activity.
>
> I don't have particularly strong feelings about the
> "cleanup in aisle 3" aspect of this. Maybe it's not worth
> fixing. Or, maybe it really is worth investigating, if you
> can't get it to stop.
>
> Since it *is* SChannel, who the hell is doing that ???
> Are you telling me, WU is using Internet Explorer or so ?
> What crusty piece of crap is enlisted for this activity ?
> That's mind-boggling enough.

The other thing I noticed is that all the IP addresses from the problem
PC are IP6, whereas from previous investigations I strongly suspect that
the 4G dongle I use for broadband has no IP6 support, but the logs seem
to show the IP6 connections seamlessly being forwarded to IP4, and from
previous experience I suspect that I would be having much more than just
a daily bunch of isolated SChannel errors if that was the problem.

Thanks again for the suggestions. Will post again tomorrow.

--

Fake news kills!

I may be contacted via the contact address given on my website:
www.macfh.co.uk

Re: SChannel Errors

<uf499j$3oujp$1@dont-email.me>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=7091&group=alt.windows7.general#7091

  copy link   Newsgroups: alt.windows7.general
Path: i2pn2.org!i2pn.org!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: nos...@needed.invalid (Paul)
Newsgroups: alt.windows7.general
Subject: Re: SChannel Errors
Date: Thu, 28 Sep 2023 12:23:14 -0400
Organization: A noiseless patient Spider
Lines: 29
Message-ID: <uf499j$3oujp$1@dont-email.me>
References: <uesb0s$20cd6$1@dont-email.me> <uf0t1j$3142g$1@dont-email.me>
<uf215s$38oef$1@dont-email.me> <uf3l3j$3l3md$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Injection-Date: Thu, 28 Sep 2023 16:23:15 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="a34c8e8f2fc149052e9b8d3256c7f98e";
logging-data="3963513"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX180h6AT4+Jk5GVtQ5JWCIAnzhpRLEVlcVY="
User-Agent: Ratcatcher/2.0.0.25 (Windows/20130802)
Cancel-Lock: sha1:db+7BwM4yLTVY+8OJCWr/Abt4Yc=
Content-Language: en-US
In-Reply-To: <uf3l3j$3l3md$1@dont-email.me>
 by: Paul - Thu, 28 Sep 2023 16:23 UTC

On 9/28/2023 6:38 AM, Java Jive wrote:

> The other thing I noticed is that all the IP addresses from the problem PC are IP6, whereas from previous investigations I strongly suspect that the 4G dongle I use for broadband has no IP6 support, but the logs seem to show the IP6 connections seamlessly being forwarded to IP4, and from previous experience I suspect that I would be having much more than just a daily bunch of isolated SChannel errors if that was the problem.
>
> Thanks again for the suggestions.  Will post again tomorrow.
>

You can do IPV6-over-IPV4 with "Teredo Tunneling".

It is unclear whether this is still enabled and working.
This is how IPV6 can traverse an IPV4-only router.

https://en.wikipedia.org/wiki/Teredo_tunneling

There is some sort of regular "certificate update" from Microsoft.
Whether that uses Windows Update, I do not know. That's about
the only thing I can think of, which might be worthwhile coming
from Microsoft. The version of "Defender" or whatever on Win7,
I don't think that was all that wonderful.

The entries in the news, were to the effect that some change
to the Windows certificate updates, changed them from weekly to daily.
What good do the certificate update do ? Who knows. As Chrome
and Firefox, likely have their own certificate stores. Do the
browsers rely on an OS certificate store for some root of trust ?
That sounds sloppy and careless. Maybe the certificates, in the end,
serve to validate the Windows Update server...

Paul

Re: SChannel Errors

<uf6cri$8hmg$1@dont-email.me>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=7092&group=alt.windows7.general#7092

  copy link   Newsgroups: alt.windows7.general
Path: i2pn2.org!i2pn.org!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: jav...@evij.com.invalid (Java Jive)
Newsgroups: alt.windows7.general
Subject: Re: SChannel Errors
Date: Fri, 29 Sep 2023 12:36:09 +0100
Organization: A noiseless patient Spider
Lines: 66
Message-ID: <uf6cri$8hmg$1@dont-email.me>
References: <uesb0s$20cd6$1@dont-email.me> <uf0t1j$3142g$1@dont-email.me>
<uf215s$38oef$1@dont-email.me> <uf3l3j$3l3md$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Fri, 29 Sep 2023 11:36:18 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="51d0408d80f8cf64bdc50eab5c048687";
logging-data="280272"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/mQjBnUyV60tLbzNYxkhTDXhU8/n2T9RQ="
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:68.0) Gecko/20100101
Thunderbird/68.4.2
Cancel-Lock: sha1:/h37VhICjQwwPP/4izJWfQCzXNY=
Content-Language: en-GB
In-Reply-To: <uf3l3j$3l3md$1@dont-email.me>
 by: Java Jive - Fri, 29 Sep 2023 11:36 UTC

On 28/09/2023 11:38, Java Jive wrote:
> On 27/09/2023 20:52, Paul wrote:
>>
>> On 9/27/2023 5:35 AM, Java Jive wrote:
>>>
>>> On 25/09/2023 17:03, Java Jive wrote:
>>>>
>>>> [snip]
>>>
>>> As per previous explanation, getting daily SChannel errors on
>>> attempted outbound connections, apparently by the Software Protection
>>> Service within about 10 minutes or so of switching on the affected
>>> PC. Temporarily for this morning I set the router to log all dns
>>> queries and send them to an external syslog server.  Appended are
>>> this morning's results.  Can anyone help me make sense of them?  I'm
>>> beginning to think it's not something that needs worrying about, but
>>> it would be nice to be sure.
>
> [Logs snipped, they can still be seen in my last post above]
>
>> This gives access to the SSL/TLS protocol versions. Some browsers,
>> for example, may consult these "system-like" settings for inspiration.
>> And since "somebody" is using the SChannel (when many browsers have
>> their own SSL/TLS and certs onboard), the odds are high that this
>> dialog controls whatever is making these SChannel calls.
>>
>> Start : Run : inetcpl.cpl       Advanced tab, scroll to end

Same sequence this morning after disabling TLS1.1.

> I had also been wondering vaguely about Windows Update.  It had occurred
> to me that now Windows 7 is no longer being supplied with updates  -
> these days I only receive security updates and possibly occasional
> offers of hardware updates, but as I usually hide the latter on the
> grounds that OEM drivers are usually better, I can't remember when the
> last hardware update offer occurred  -  it had occurred to me that maybe
> WU looks for several different categories of updates, and that the
> SChannel errors were the result of the W7 variety failing because
> support has been discontinued.  However, although I can't check ATM
> because my main PC is OOO (yet another example of a laptop requiring
> near complete dismantling just to change the bloody fan, only to find I
> had the wrong one), I don't think it was showing any SChannel errors
> before I dismantled it.
>
> If the SChannel errors still occur tomorrow after disabling TLS1.1, I'll
> try temporarily disabling WU.

Which I've now done, will report results tomorrow.

> The other thing I noticed is that all the IP addresses from the problem
> PC are IP6, whereas from previous investigations I strongly suspect that
> the 4G dongle I use for broadband has no IP6 support, but the logs seem
> to show the IP6 connections seamlessly being forwarded to IP4, and from
> previous experience I suspect that I would be having much more than just
> a daily bunch of isolated SChannel errors if that was the problem.
>
> Thanks again for the suggestions.  Will post again tomorrow.

Thanks for your explanation about Teredo Tunnelling in your separate reply.

--

Fake news kills!

I may be contacted via the contact address given on my website:
www.macfh.co.uk

Re: SChannel Errors

<uf8sfs$qgc6$1@dont-email.me>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=7093&group=alt.windows7.general#7093

  copy link   Newsgroups: alt.windows7.general
Path: i2pn2.org!i2pn.org!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: jav...@evij.com.invalid (Java Jive)
Newsgroups: alt.windows7.general
Subject: Re: SChannel Errors
Date: Sat, 30 Sep 2023 11:15:14 +0100
Organization: A noiseless patient Spider
Lines: 35
Message-ID: <uf8sfs$qgc6$1@dont-email.me>
References: <uesb0s$20cd6$1@dont-email.me> <uf0t1j$3142g$1@dont-email.me>
<uf215s$38oef$1@dont-email.me> <uf3l3j$3l3md$1@dont-email.me>
<uf6cri$8hmg$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sat, 30 Sep 2023 10:15:24 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="80fb15aee56ea87f7d866e51d133c755";
logging-data="868742"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/riBRno3qfoTJlbz6B3qb4BAm/vz4VE+A="
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:68.0) Gecko/20100101
Thunderbird/68.4.2
Cancel-Lock: sha1:HrR70mSuR2ZLD51kUFQ91DoDeQk=
In-Reply-To: <uf6cri$8hmg$1@dont-email.me>
Content-Language: en-GB
 by: Java Jive - Sat, 30 Sep 2023 10:15 UTC

On 29/09/2023 12:36, Java Jive wrote:
>
> On 28/09/2023 11:38, Java Jive wrote:
>>
>> If the SChannel errors still occur tomorrow after disabling TLS1.1,
>> I'll try temporarily disabling WU.
>
> Which I've now done, will report results tomorrow.

With Windows Update disabled, the SChannel errors still occur, but the
sequence is now different:

2023-09-30 09:07:15 Event 7036 Service Control Manager The WinHTTP
Web Proxy Auto-Discovery Service service entered the running state.

2023-09-30 09:07:16 Event 36867 SChannel Creating an SSL client
credential.

2023-09-30 09:07:16 Event 36887 SChannel The following fatal alert
was received: 70.
[Repeated twice more]

2023-09-30 09:23:45 Event 7036 Service Control Manager The WinHTTP
Web Proxy Auto-Discovery Service service entered the stopped state.

So now I've changed the startup of WinHTTP Web Proxy Auto-Discovery
Service from 'manual' to 'disabled' to see what happens tomorrow, and
I've re-enabled Windows Update.

--

Fake news kills!

I may be contacted via the contact address given on my website:
www.macfh.co.uk

Re: SChannel Errors

<ufcqs5$2hfs0$1@dont-email.me>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=7116&group=alt.windows7.general#7116

  copy link   Newsgroups: alt.windows7.general
Path: i2pn2.org!i2pn.org!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: jav...@evij.com.invalid (Java Jive)
Newsgroups: alt.windows7.general
Subject: Re: SChannel Errors
Date: Sun, 1 Oct 2023 23:12:20 +0100
Organization: A noiseless patient Spider
Lines: 43
Message-ID: <ufcqs5$2hfs0$1@dont-email.me>
References: <uesb0s$20cd6$1@dont-email.me> <uf0t1j$3142g$1@dont-email.me>
<uf215s$38oef$1@dont-email.me> <uf3l3j$3l3md$1@dont-email.me>
<uf6cri$8hmg$1@dont-email.me> <uf8sfs$qgc6$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Sun, 1 Oct 2023 22:12:21 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="21af701afef845bba8929b7d52bdaefa";
logging-data="2670464"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/hcCKyaTuC57eFLuSab8FeBbXY9h9fZtY="
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:68.0) Gecko/20100101
Thunderbird/68.4.2
Cancel-Lock: sha1:Cr07+xYt9r2ygljZfFJo1r+PwmU=
Content-Language: en-GB
In-Reply-To: <uf8sfs$qgc6$1@dont-email.me>
 by: Java Jive - Sun, 1 Oct 2023 22:12 UTC

On 30/09/2023 11:15, Java Jive wrote:
> On 29/09/2023 12:36, Java Jive wrote:
>>
>> On 28/09/2023 11:38, Java Jive wrote:
>>>
>>> If the SChannel errors still occur tomorrow after disabling TLS1.1,
>>> I'll try temporarily disabling WU.
>>
>> Which I've now done, will report results tomorrow.
>
> With Windows Update disabled, the SChannel errors still occur, but the
> sequence is now different:
>
> 2023-09-30 09:07:15  Event 7036  Service Control Manager  The WinHTTP
> Web Proxy Auto-Discovery Service service entered the running state.
>
> 2023-09-30 09:07:16  Event 36867  SChannel  Creating an SSL client
> credential.
>
> 2023-09-30 09:07:16  Event 36887  SChannel  The following fatal alert
> was received: 70.
> [Repeated twice more]
>
> 2023-09-30 09:23:45  Event 7036  Service Control Manager  The WinHTTP
> Web Proxy Auto-Discovery Service service entered the stopped state.
>
> So now I've changed the startup of WinHTTP Web Proxy Auto-Discovery
> Service from 'manual' to 'disabled' to see what happens tomorrow, and
> I've re-enabled Windows Update.

No change. I left the PC doing something overnight, so this time the
SChannel errors occurred between 3 & 4am, and there were no messages
about starting or stopping services anywhere near that time, so I'm back
to square 1.

--

Fake news kills!

I may be contacted via the contact address given on my website:
www.macfh.co.uk

1
server_pubkey.txt

rocksolid light 0.9.8
clearnet tor