«

»

Dec 11

Solution for Schannel Event ID:36888 VPN Problems

I have been experiencing issues when I use VPN. It started occuring after installing latest Windows Updates. So what happens was, as soon as I get on VPN, although I can ping public servers and even use telnet/ftp etc. to get information, surfing web pages was not possible.

After going through series of troubleshooting, I found out it was caused by a Windows Security update (2585542 http://support.microsoft.com/kb/2585542/ MS12-006: Description of the security update for Webio, Winhttp, and schannel in Windows: January 10, 2012)

If you go on this website (http://support.microsoft.com/kb/2643584) there is more details about the reason Microsoft had to come up with this security patch and also mentions “side effects” of installing this update. Right under “Known issues with this security update”. The solution to this problem is fairly simple:

By default, this security update sets the Opt-in mode at the schannel level, because of application compatibility issues. To disable this security update for all applications system-wide, you must add a DWORD value named SendExtraRecordthat has a value of 2 to the following registry subkey:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL

To add this schannel registry entry registry entry, follow these steps:

  1. Click Start, click Run, type regedit in the Open box, and then click OK.
  2. Locate and then click the following subkey in the registry:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL
  3. On the Edit menu, point to New, and then click DWORD Value.
  4. Type SendExtraRecord for the name of the DWORD, and then press ENTER.
  5. Right-click SendExtraRecord, and then click Modify.
  6. In the Value data box, type 2 to disable the split record in schannel, and then click OK.
  7. Exit Registry Editor.

 

Leave a Reply