How to enable Schannel Event logging on Windows Server to help troubleshoot TLS and SSL errors

Troubleshooting certificate and other errors that cause problems initiating TLS and SSL connections can be difficult at times because Windows Server does not log many events related to setting up those connections. Schannel events can be logged by making registry edits to enable them. The registry changes can be enabled and disabled quickly through Powershell or the command line and do not require a restart of the operating system to take effect.

reg add “HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL” /v “EventLogging” /t REG_DWORD /d 7 /f 
reg add “HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL” /v “EventLogging” /t REG_DWORD /d 3 /f

The first one will set logging level 7 which includes: Warnings, Errors, Informational and Success events. The second sets log level 3 which only sets Errors and Warning messages. Level 3 is usually sufficient for troubleshooting issues and results in less events in the log to filter through.

While logging is enabled, events related to the creation of secure channels will write to the System log and can be viewed with Windows Event viewer. These Schannel events will contain much more detail on what is causing the failures in creating secure connections, which will make troubleshooting bad certificates and improper or mismatched TLS/SSL settings much easier.


Disable Schannel Event Logging
1. Launch Powershell or command line in Administrator mode
2. Run the following command:

reg delete “HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL” /v “EventLogging”