A fatal error occurred while creating a TLS client credential (2024)

This Post Has 21 Comments

1. I have seen this on Win10 Clients and have already applied the IIS fix and also enabled strong crypto and TLS via registry keys. Problem is still there. Any other suggestions would be appreciated.

   Reply

2. Hi Ali,

   I have that issue and the event is on the client device (outlook). This happened after we updated TLS 1.2 on the EXCH server.

   My question:
   Can my client device be cured with this script?

   Reply

3. It definitely doesn’t show anymore in the event viewer. I’m praying that my constant crashed every 1 to 2 days are fixed by this. This is the only error I found on my system and now I’m completely out of gas

   Reply

4. Thanks, Very helpful!

   Reply

5. Well done… found lots of other articles that just talked about SSL / TLS settings but looks like the root cause is .net still trying to use depracated cihpers. The top part of your script telling .net to use 1.2 for default was the fix on more than one server….

   Reply

6. Exchange 2016 here. I was getting about 10 errors per second and it was filling up log file. This solution has decreased the error messages considerably. I only get the error only 2 per minute. Any way to get rid of the errors completely?

   Thank you for the solution which was very helpful.

   Reply

7. Hi Ali,

   After making the changes on one out of four domain controllers I’ve started getting event log 36871 on the TLS 1.2 only enabled DC
   I’ve double checked the registry settings and they are identical to the above script
   When you made the changes in your environment did you do it in a specific order
   1) domain controllers
   2) exchange servers,
   3) domain members
   Thanks for your help!

   Reply

8. What if i run this command on my network-connected machine?

   Reply

9. Thanks for your site and articles very helpful more so than Microsoft.

   Reply

10. Your script worked well after then making change to the advanced internet settings in inetcpl.cpl to use only TLS 1.2. The error messages disappeared from my event log! Hooray!

    Reply

11. Thank you man!
    After a few days, your script solve the problem we had to execute a program.
    Best wishes to you man!

    Reply

12. How about Pc workstations in a domain? I am trying to disable weak ciphers and strengthen security across the lan. I have seemed to have broken something if this TLS warning comes up on a Pc.

    Reply

13. Дуже вам вдячний. Помилка зникла.

    Reply

14. It worked for me (Windows 10 Pro 64 21H2)! Thanks!

    Reply

15. 1. Internet Option – Advanced – Disable TLS 1.2 – Reboot PC
    2. Internet Option – Advanced – Enable TLS 1.2 – Reboot PC

    Reply

    1. disabling TLS, rebooting + enabling TLS, rebooting doesn’t work on Windows 11.
       Also scripts around here and other internet sites to tweak registry don’t work.
       Permissions are set as expected but no workarounds seem to fix this certificate issue, nor Windows updates.

       Reply

       1. The same for me in a Windows 10, I apply de ps1 that disable TLS 1.0 and 1.1 and disabled TLS 1.0 and 1.1 in Internet Options, but I got lots of registry error ID 36871 yet. Someone has solve it?

          Reply

16. I have the exact same do to running the IIS Crypt disabling all but TLS 1.2, have all the registry entries in the correct places based on your post, running Server 2016, along with Exchange 2016 CU22 and I am still receiving the event error. I verified everything is correct… but still occurring. Thoughts?

    Reply

17. Good write up, very helpful

    Reply

18. Great stuff again! Thanks Ali!
    Greetz,
    Cor, CT Taxes

    Reply

    1. Thanks, Cor. Glad that you enjoyed it.

       Reply