Dear TechNet community,
I recently setup DirectAccess on a Windows Server 2012 R2 machine.
DirectAccess works fine, users are connecting via their Windows 8.1 clients up to DirectAccess, no problem.
However, on the servers side, after every client connection, we get the following events:
Event 36874, Schannel: AN TLS 1.2 connection request was received from a remote client application, but none of the cipher suits supported by the client application are supported by the server. The SSL connection request has failed.
Followed by:
A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 1205.
The client using non-supported Cipher suits according to the DirectAccess server could be the cause of these errors. We’re using a self signed DirectAccess certificate based on SHA-1. Our DirectAccess server is using TLS 1.2 for encryption of the connection. I’m not a Cipher Suite / TLS / Certificate expert. So I don’t know if this is the cause of the issue.. but I sure can imagine it could be.
Some more background information:
- I've setup DirectAccess using the "Remote Access Setup Wizard". Not the "Getting Started Wizard".
- At the "Remote Access Server Setup" step, i've selected "Use a self-signed certificate created automatically by DirectAccess".
So I've deployed DirectAccess via a self-signed SHA1 certificate, which via GPO gets deployed to the DirectAccess clients.
- the NLS role is installed on the same server as DirectAccess itself.
Any of you got any idea as to why above errors occur?
Any help would be greatly appreaciated.
Greetings,
Teun
I recently setup DirectAccess on a Windows Server 2012 R2 machine.
DirectAccess works fine, users are connecting via their Windows 8.1 clients up to DirectAccess, no problem.
However, on the servers side, after every client connection, we get the following events:
Event 36874, Schannel: AN TLS 1.2 connection request was received from a remote client application, but none of the cipher suits supported by the client application are supported by the server. The SSL connection request has failed.
Followed by:
A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 1205.
The client using non-supported Cipher suits according to the DirectAccess server could be the cause of these errors. We’re using a self signed DirectAccess certificate based on SHA-1. Our DirectAccess server is using TLS 1.2 for encryption of the connection. I’m not a Cipher Suite / TLS / Certificate expert. So I don’t know if this is the cause of the issue.. but I sure can imagine it could be.
Some more background information:
- I've setup DirectAccess using the "Remote Access Setup Wizard". Not the "Getting Started Wizard".
- At the "Remote Access Server Setup" step, i've selected "Use a self-signed certificate created automatically by DirectAccess".
So I've deployed DirectAccess via a self-signed SHA1 certificate, which via GPO gets deployed to the DirectAccess clients.
- the NLS role is installed on the same server as DirectAccess itself.
Any of you got any idea as to why above errors occur?
Any help would be greatly appreaciated.
Greetings,
Teun