Setup Schannel event logging in IIS (Event ID 3688)

Been having some odd errors about Schannel like this:


Turning off Schannel logging:

As the event has no meaning to my system I decided to turn off logging, which is the default anyway. I don’t know why it was turned on as it is.
Navigate to HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL

Set the EventLogging key to 0 to disable logging:

Logging options
The default value for Schannel event logging is 0x0000 in Windows NT Server 4.0, which means that no Schannel events are logged. In Windows 2000 Server and Windows XP Professional, this value is set to 0x0001, which means that error messages are logged. Additionally, you can log multiple events by specifying the hexadecimal value that equates to the logging options that you want. For example, to log error messages (0x0001) and warnings (0x0002), set the value to 0x0003.

Value Description
0x0000 Do not log
0x0001 Log error messages
0x0002 Log warnings
0x0004 Log informational and success events


Posted in Server 2012, Troubleshooting

Leave a Reply