A Site of Information and Ideas
Getting loads of schannel errors in my log server every day, I decided to hunt them down.
Turns out that under Internet Options a GPO was misconfigured to allow sslv3 traffic.
Disabling this SSLv3 as shown below with a GPO or individually solves this log entry spam.
This has to do with FIPS Compliant Algorithms group policy, but the policy was disabled. Microsoft’s documentation states that the GPO controls the reg key [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy]. This key was disabled (set to 1), I created a GPO at my workstation level and caused an update/replace entry [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] and set fipsalgorithmpolicy to 0. On the next reboot the machine should no longer cause the Schannel errors.