Rocksolid Light

Welcome to RetroBBS

mail  files  register  newsreader  groups  login

Message-ID:  

Dijkstra probably hates me (Linus Torvalds, in kernel/sched.c)

computers / alt.windows7.general / Re: SChannel Errors

Re: SChannel Errors

<uf215s$38oef$1@dont-email.me>

  copy mid

https://www.rocksolidbbs.com/computers/article-flat.php?id=7089&group=alt.windows7.general#7089

  copy link   Newsgroups: alt.windows7.general
Path: i2pn2.org!i2pn.org!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: nospam@needed.invalid (Paul)
Newsgroups: alt.windows7.general
Subject: Re: SChannel Errors
Date: Wed, 27 Sep 2023 15:52:27 -0400
Organization: A noiseless patient Spider
Lines: 179
Message-ID: <uf215s$38oef$1@dont-email.me>
References: <uesb0s$20cd6$1@dont-email.me> <uf0t1j$3142g$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Injection-Date: Wed, 27 Sep 2023 19:52:28 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="5ee6a96cb9242c16a7797f44e271f2bf";
logging-data="3432911"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/w+BD1QkD5LMLgZj5g9yszWArL5as0xMI="
User-Agent: Ratcatcher/2.0.0.25 (Windows/20130802)
Cancel-Lock: sha1:KHrWJn99/7yTxTVGxsQbDMKuzz0=
In-Reply-To: <uf0t1j$3142g$1@dont-email.me>
Content-Language: en-US
 by: Paul - Wed, 27 Sep 2023 19:52 UTC

On 9/27/2023 5:35 AM, Java Jive wrote:
> On 25/09/2023 17:03, Java Jive wrote:
>>
>> [snip]
>
> As per previous explanation, getting daily SChannel errors on attempted outbound connections, apparently by the Software Protection Service within about 10 minutes or so of switching on the affected PC. Temporarily for this morning I set the router to log all dns queries and send them to an external syslog server.  Appended are this morning's results.  Can anyone help me make sense of them?  I'm beginning to think it's not something that needs worrying about, but it would be nice to be sure.
>
>
> PCs System Event log:
>
> 2023-09-27 09:10:29  Service Control Manager  7036  The Software
> Protection service entered the running state
>
> 2023-09-27 09:11:04  Schannel  36867  Creating an SSL client credential
>
> 2023-09-27 09:11:04  Schannel  36887* The following fatal alert was
> received: 70.
> [Repeated twice more]
>
> 2023-09-27 09:15:06  Schannel  36867  Creating an SSL client credential
>
> 2023-09-27 09:15:06  Schannel  36880  An SSL client handshake completed
> successfully [...]
>
> 2023-09-27 09:15:57  Service Control Manager  7036  The Software
> Protection service entered the stopped state.
>
> * This event number is for an outgoing failure to connect on SChannel, as per the documentation previously linked.
>
>
> Router Syslog output from before until after the above:
>
> <30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2145 [Problem PC IP6 Address]/55907 reply e83157.dscb.akamaiedge.net is 2a02:26f0:b7::17c8:9350
> <30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2146 [Problem PC IP6 Address]/53806 query[A] crl.verisign.com from [Problem PC IP6 Address]
> <30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2146 [Problem PC IP6 Address]/53806 forwarded crl.verisign.com to [4G USB Mobile Dongle IP4 Address]
> <30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2146 [Problem PC IP6 Address]/53806 reply crl.verisign.com is <CNAME>
> <30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2146 [Problem PC IP6 Address]/53806 reply crl-symcprod.digicert.com is <CNAME>
> <30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2146 [Problem PC IP6 Address]/53806 reply crl.edge.digicert.com is <CNAME>
> <30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2146 [Problem PC IP6 Address]/53806 reply fp2e7a.wpc.2be4.phicdn.net is <CNAME>
> <30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2146 [Problem PC IP6 Address]/53806 reply fp2e7a.wpc.phicdn.net is 192.229.221.95
> <30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2147 [Problem PC IP6 Address]/55895 query[AAAA] crl.verisign.com from [Problem PC IP6 Address]
> <30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2147 [Problem PC IP6 Address]/55895 forwarded crl.verisign.com to [4G USB Mobile Dongle IP4 Address]
> <30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2147 [Problem PC IP6 Address]/55895 reply crl.verisign.com is <CNAME>
> <30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2147 [Problem PC IP6 Address]/55895 reply crl-symcprod.digicert.com is <CNAME>
> <30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2147 [Problem PC IP6 Address]/55895 reply crl.edge.digicert.com is <CNAME>
> <30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2147 [Problem PC IP6 Address]/55895 reply fp2e7a.wpc.2be4.phicdn.net is <CNAME>
> <30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2147 [Problem PC IP6 Address]/55895 reply fp2e7a.wpc.phicdn.net is 64:ff9b::c0e5:dd5f
> <30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2148 [Problem PC IP6 Address]/59498 query[A] crl.verisign.com from [Problem PC IP6 Address]
> <30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2148 [Problem PC IP6 Address]/59498 forwarded crl.verisign.com to [4G USB Mobile Dongle IP4 Address]
> <28>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: nameserver [4G USB Mobile Dongle IP4 Address] refused to do a recursive query
> <30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2148 [Problem PC IP6 Address]/59498 reply crl.verisign.com is 192.229.221.95
> <30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2149 [Problem PC IP6 Address]/50563 query[AAAA] crl.verisign.com from [Problem PC IP6 Address]
> <30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2149 [Problem PC IP6 Address]/50563 forwarded crl.verisign.com to [4G USB Mobile Dongle IP4 Address]
> <28>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: nameserver [4G USB Mobile Dongle IP4 Address] refused to do a recursive query
> <30>1 2023-09-27T09:10:58+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2149 [Problem PC IP6 Address]/50563 reply crl.verisign.com is 64:ff9b::c0e5:dd5f
> <30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2150 [Problem PC IP6 Address]/63429 query[A] www.microsoft.com from [Problem PC IP6 Address]
> <30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2150 [Problem PC IP6 Address]/63429 forwarded www.microsoft.com to [4G USB Mobile Dongle IP4 Address]
> <30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2150 [Problem PC IP6 Address]/63429 reply www.microsoft.com is <CNAME>
> <30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2150 [Problem PC IP6 Address]/63429 reply www.microsoft.com-c-3.edgekey.net is <CNAME>
> <30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2150 [Problem PC IP6 Address]/63429 reply www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net is <CNAME>
> <30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2150 [Problem PC IP6 Address]/63429 reply e13678.dscb.akamaiedge.net is 92.123.241.137
> <30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2151 [Problem PC IP6 Address]/59863 query[AAAA] www.microsoft.com from [Problem PC IP6 Address]
> <30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2151 [Problem PC IP6 Address]/59863 cached www.microsoft.com is <CNAME>
> <30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2151 [Problem PC IP6 Address]/59863 cached www.microsoft.com-c-3.edgekey.net is <CNAME>
> <30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2151 [Problem PC IP6 Address]/59863 cached www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net is <CNAME>
> <30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2151 [Problem PC IP6 Address]/59863 forwarded www.microsoft.com to [4G USB Mobile Dongle IP4 Address]
> <30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2151 [Problem PC IP6 Address]/59863 reply www.microsoft.com is <CNAME>
> <30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2151 [Problem PC IP6 Address]/59863 reply www.microsoft.com-c-3.edgekey.net is <CNAME>
> <30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2151 [Problem PC IP6 Address]/59863 reply www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net is <CNAME>
> <30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2151 [Problem PC IP6 Address]/59863 reply e13678.dscb.akamaiedge.net is 2a02:26f0:da:895::356e
> <30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2151 [Problem PC IP6 Address]/59863 reply e13678.dscb.akamaiedge.net is 2a02:26f0:da:884::356e
> <30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2151 [Problem PC IP6 Address]/59863 reply e13678.dscb.akamaiedge.net is 2a02:26f0:da:893::356e
> <30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2151 [Problem PC IP6 Address]/59863 reply e13678.dscb.akamaiedge.net is 2a02:26f0:da:885::356e
> <30>1 2023-09-27T09:10:59+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2151 [Problem PC IP6 Address]/59863 reply e13678.dscb.akamaiedge.net is 2a02:26f0:da:890::356e
> <30>1 2023-09-27T09:11:08+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2152 [Problem PC IP6 Address]/63697 query[A] go.microsoft.com from [Problem PC IP6 Address]
> <30>1 2023-09-27T09:11:08+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2152 [Problem PC IP6 Address]/63697 forwarded go.microsoft.com to [4G USB Mobile Dongle IP4 Address]
> <30>1 2023-09-27T09:11:08+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2152 [Problem PC IP6 Address]/63697 reply go.microsoft.com is <CNAME>
> <30>1 2023-09-27T09:11:08+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2152 [Problem PC IP6 Address]/63697 reply go.microsoft.com.edgekey.net is <CNAME>
> <30>1 2023-09-27T09:11:08+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2152 [Problem PC IP6 Address]/63697 reply e11290.dspg.akamaiedge.net is 184.31.226.104
> <30>1 2023-09-27T09:11:08+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2153 [Problem PC IP6 Address]/51318 query[AAAA] go.microsoft.com from [Problem PC IP6 Address]
> <30>1 2023-09-27T09:11:08+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2153 [Problem PC IP6 Address]/51318 cached go.microsoft.com is <CNAME>
> <30>1 2023-09-27T09:11:08+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2153 [Problem PC IP6 Address]/51318 cached go.microsoft.com.edgekey.net is <CNAME>
> <30>1 2023-09-27T09:11:08+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2153 [Problem PC IP6 Address]/51318 forwarded go.microsoft.com to [4G USB Mobile Dongle IP4 Address]
> <30>1 2023-09-27T09:11:08+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2153 [Problem PC IP6 Address]/51318 reply go.microsoft.com is <CNAME>
> <30>1 2023-09-27T09:11:08+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2153 [Problem PC IP6 Address]/51318 reply go.microsoft.com.edgekey.net is <CNAME>
> <30>1 2023-09-27T09:11:08+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2153 [Problem PC IP6 Address]/51318 reply e11290.dspg.akamaiedge.net is 2a02:26f0:b7:3a7::2c1a
> <30>1 2023-09-27T09:11:08+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2153 [Problem PC IP6 Address]/51318 reply e11290.dspg.akamaiedge.net is 2a02:26f0:b7:38a::2c1a
> <30>1 2023-09-27T09:11:11+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2154 [Problem PC IP6 Address]/56771 query[A] download.windowsupdate.com from [Problem PC IP6 Address]
> <30>1 2023-09-27T09:11:11+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2154 [Problem PC IP6 Address]/56771 forwarded download.windowsupdate.com to [4G USB Mobile Dongle IP4 Address]
> <30>1 2023-09-27T09:11:11+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2154 [Problem PC IP6 Address]/56771 reply download.windowsupdate.com is <CNAME>
> <30>1 2023-09-27T09:11:11+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2154 [Problem PC IP6 Address]/56771 reply wu-fg-shim.trafficmanager.net is <CNAME>
> <30>1 2023-09-27T09:11:11+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2154 [Problem PC IP6 Address]/56771 reply cds.d2s7q6s2.hwcdn.net is 209.197.3.8
> <30>1 2023-09-27T09:11:11+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2155 [Problem PC IP6 Address]/51542 query[AAAA] download.windowsupdate.com from [Problem PC IP6 Address]
> <30>1 2023-09-27T09:11:11+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2155 [Problem PC IP6 Address]/51542 cached download.windowsupdate.com is <CNAME>
> <30>1 2023-09-27T09:11:11+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2155 [Problem PC IP6 Address]/51542 cached wu-fg-shim.trafficmanager.net is <CNAME>
> <30>1 2023-09-27T09:11:11+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2155 [Problem PC IP6 Address]/51542 forwarded download.windowsupdate.com to [4G USB Mobile Dongle IP4 Address]
> <30>1 2023-09-27T09:11:11+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2155 [Problem PC IP6 Address]/51542 reply download.windowsupdate.com is <CNAME>
> <30>1 2023-09-27T09:11:11+01:00 [Router hostname] dnsmasq 7405 - - dnsmasq[7405]: 2155 [Problem PC IP6 Address]/51542 reply wu-fg-shim.trafficmanager.net is <CNAME>
>

This gives access to the SSL/TLS protocol versions. Some browsers,
for example, may consult these "system-like" settings for inspiration.
And since "somebody" is using the SChannel (when many browsers have
their own SSL/TLS and certs onboard), the odds are high that this
dialog controls whatever is making these SChannel calls.

Start : Run : inetcpl.cpl Advanced tab, scroll to end

[Picture]

https://i.postimg.cc/bJSrB2Tw/win11-untouched-inetcpl-cpl-settings.gif

The two ends, try to negotiate the highest TLS/SSL version, as well
as negotiate the best crypto method. Normally, on an OS, you can
"disable" insecure versions of SSL/TLS, and that's what the
dialog in the picture is doing. It is selecting 1.2 and 1.3 as options.
Vanilla SSL 3.0 went out the window long ago, so it is not to be ticked.

Occasionally, the negotiation ends up with no viable choices shared
by the two ends. That's where the "70" error comes from. Protocol mismatch.

*******

You can see in your router log, a lot of certificate activity, as
the first part of the job is verifying the "trust" in the thing we
are connecting to, before connecting to it.

There might be three separate transactions in the log, with some
time between them.

Windows Update, when it "computes" the updates, that takes (best-case)
around three minutes of computing. When WU is broken, it can take... forever.
Basically, the WU metadata does not scale well, and the more updates
shipped, the worse things get. So that could account for a 3 minute delay
between one activity and another.

If some crack-head at Microsoft, has disabled enough of the SSL/TLS suite,
it's possible your machine can not meet the "high" setting they are
using on their end. I've read of cases where private people have
dialed the suite to TLS 1.3 and only a couple of the very best
crypto methods, and... nobody can connect to their site. All that
is really required, is to disable things like 40-bit this or that.
It doesn't require "paranoid" settings, unless your objective is
to "break something".

If Windows 7 is patched up to date, the optional (out-of-band) ones
are installed (there's no way to track these), then you don't have
a lot of reasons to leave Windows Update in "Auto" mode. WU has
settings from 0..4 and 0 shuts it off or so. Presumably some
control panel, has the GUI method for setting this. (There might be
a Windows Update in the Control Panels.)

Now, what I can't tell you, is I've heard that WU does a computation
about once an hour, to determine if updates are necessary. Does
turning off Windows Update stop that activity ? You would hope so,
but this is Microsoft we're talking about here.

What you could be seeing, could be related to Windows Update.
And this is not a SHA1 versus SHA2 issue (WU switched to SHA2 when
verifying downloaded packages). But I don't think you are really
receiving packages, and you probably installed the SHA2 updates
long ago. (WU had packages it installed, to bump WU from SHA1 to SHA2
operation. SHA2=SHA256.)

Summary: 1) Check unetcpl.cpl settings.
2) Determine whether problem correlates with Windows Update activity.

I don't have particularly strong feelings about the
"cleanup in aisle 3" aspect of this. Maybe it's not worth
fixing. Or, maybe it really is worth investigating, if you
can't get it to stop.

Since it *is* SChannel, who the hell is doing that ???
Are you telling me, WU is using Internet Explorer or so ?
What crusty piece of crap is enlisted for this activity ?
That's mind-boggling enough.

Paul

SubjectRepliesAuthor
o SChannel Errors

By: Java Jive on Mon, 25 Sep 2023

7Java Jive
server_pubkey.txt

rocksolid light 0.9.81
clearnet tor