SGC Connections May Fail from Domestic Clients

Article translations Article translations
Article ID: 249863 - View products that this article applies to.
This article was previously published under Q249863
This article has been archived. It is offered "as is" and will no longer be updated.
Expand all | Collapse all

On This Page

SYMPTOMS

Web clients may fail to connect to Web sites that use Server Gated Cryptography (SGC) for strong encryption when a secure connection is required. If either the Internet server or Web client is running Microsoft products, then the connection may fail. If the Internet server and Web client are both running Microsoft products, then no problem occurs.

CAUSE

This problem occurs in the security provider Schannel.dll file, which is used in Microsoft Internet Information Server (IIS) and Microsoft Internet Explorer, when you connect to a site that uses SGC to do high encryption, and the export cipher suite uses one hash algorithm and the domestic cipher suite uses another. In this situation, the Schannel.dll file occasionally selects the wrong algorithm, which results in a failed connection.

RESOLUTION

Windows 2000

To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
260910 How to Obtain the Latest Windows 2000 Service Pack

Windows NT 4.0

To resolve this problem, obtain the Windows NT 4.0 Security Rollup Package. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
299444 Post-Windows NT 4.0 Service Pack 6a Security Rollup Package (SRP)
The English version of this fix should have the following file attributes or later:
   Date      Time                 Size    File name     Platform

   -------------------------------------------------------------
   01/26/2000  06:15p             154,384 Schannel.dll  NT x86 40bit
   01/26/2000  07:40p             267,536 Schannel.dll  NT Alpha 40bit
   01/26/2000  07:40p             123,664 Schannel.dll  NT x86 128bit
   01/26/2000  07:40p             226,576 Schannel.dll  NT Alpha 28bit
				

Microsoft Windows NT Server version 4.0, Terminal Server Edition

To resolve this problem, obtain the Windows NT Server 4.0, Terminal Server Edition, Security Rollup Package (SRP). For additional information about the SRP, click the article number below to view the article in the Microsoft Knowledge Base:
317636 Windows NT Server 4.0, Terminal Server Edition, Security Rollup Package

Windows 9x

A supported fix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Apply it only to computers that are experiencing this specific problem.

To resolve this problem, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information about support costs, visit the following Microsoft Web site:
http://support.microsoft.com/default.aspx?scid=fh;EN-US;CNTACTMS
NOTE: In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The usual support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

The English version of this fix should have the following file attributes or later:
   Date      Time      Size     File name     Platform
   -------------------------------------------------------
   01/26/2000  03:15p  154,384  Schannel.dll  Win95 40bit
   01/26/2000  04:40p  123,664  Schannel.dll  Win95 128bit
   01/26/2000  03:15p  154,384  Schannel.dll  Win98 40bit
   01/26/2000  04:40p  123,664  Schannel.dll  Win98 128bit
				

STATUS

Windows 2000

Microsoft has confirmed that this problem may cause a degree of security vulnerability in Windows 2000. This problem was first corrected in Windows 2000 Service Pack 1.

Windows NT 4.0

Microsoft has confirmed that this problem may cause a degree of security vulnerability in Windows NT 4.0.

Windows 9x

Microsoft has confirmed that this problem may cause a degree of security vulnerability in Windows 95, Windows 98, and Windows 98 Second Edition.

MORE INFORMATION

This fix should be applied based on the following scenarios:
  • If the server is running IIS and the clients are not running Microsoft Internet Explorer, then apply the Microsoft Windows NT patch on the server.
  • If the server is running Microsoft Personal Web Server (PWS) for Windows 95 or 98 and the clients are not running Microsoft Internet Explorer, then apply the appropriate Microsoft Windows 95 or 98 patch on the PWS computer.
  • If the server is not running IIS or PWS and the client is running Microsoft Internet Explorer, then apply the appropriate Microsoft Windows NT, Microsoft Windows 95, or Microsoft Windows 98 patch on the client.
Note: If the Internet server and Web client are Microsoft products, then there is no issue. In most Windows 95 and Windows 98 cases, Windows is used as a client, and the fix should be applied on the client side.

Properties

Article ID: 249863 - Last Review: February 28, 2014 - Revision: 2.10
APPLIES TO
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional Edition
  • Microsoft Internet Explorer 5.01
  • Microsoft Internet Explorer 5.0
  • Microsoft Internet Explorer 5.01
  • Microsoft Internet Explorer 5.01
  • Microsoft Internet Explorer 5.0
  • Microsoft Windows NT Workstation 4.0 Developer Edition
  • Microsoft Windows NT Server 4.0 Standard Edition
  • Microsoft Windows NT Server 4.0 Enterprise Edition
  • Microsoft Internet Information Server 4.0
  • Microsoft Windows 98 Second Edition
  • Microsoft Windows 98 Standard Edition
  • Microsoft Windows 95
Keywords: 
kbnosurvey kbarchive kbhotfixserver kbqfe atdownload kbbug kbfix kbsecurity KB249863

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com