Microsoft KB Archive/249863

= SGC Connections May Fail from Domestic Clients =

Article ID: 249863

Article Last Modified on 5/12/2007

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Professional Edition
 * Microsoft Internet Explorer 5.01
 * Microsoft Internet Explorer 5.0
 * Microsoft Internet Explorer 5.01
 * Microsoft Internet Explorer 5.01
 * Microsoft Internet Explorer 5.0
 * Microsoft Windows NT Workstation 4.0 Developer Edition
 * Microsoft Windows NT Server 4.0 Standard Edition
 * Microsoft Windows NT Server 4.0 Enterprise Edition
 * Microsoft Internet Information Server 4.0
 * Microsoft Windows 98 Second Edition
 * Microsoft Windows 98 Standard Edition
 * Microsoft Windows 95

-



This article was previously published under Q249863



SYMPTOMS
Web clients may fail to connect to Web sites that use Server Gated Cryptography (SGC) for strong encryption when a secure connection is required. If either the Internet server or Web client is running Microsoft products, then the connection may fail. If the Internet server and Web client are both running Microsoft products, then no problem occurs.



CAUSE
This problem occurs in the security provider Schannel.dll file, which is used in Microsoft Internet Information Server (IIS) and Microsoft Internet Explorer, when you connect to a site that uses SGC to do high encryption, and the export cipher suite uses one hash algorithm and the domestic cipher suite uses another. In this situation, the Schannel.dll file occasionally selects the wrong algorithm, which results in a failed connection.



Windows 2000
To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to Obtain the Latest Windows 2000 Service Pack

Windows NT 4.0
To resolve this problem, obtain the Windows NT 4.0 Security Rollup Package. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

299444 Post-Windows NT 4.0 Service Pack 6a Security Rollup Package (SRP)

The English version of this fix should have the following file attributes or later:

  Date      Time                 Size    File name     Platform

-  01/26/2000  06:15p             154,384 Schannel.dll  NT x86 40bit 01/26/2000 07:40p             267,536 Schannel.dll  NT Alpha 40bit 01/26/2000 07:40p             123,664 Schannel.dll  NT x86 128bit 01/26/2000 07:40p             226,576 Schannel.dll  NT Alpha 28bit

Microsoft Windows NT Server version 4.0, Terminal Server Edition
To resolve this problem, obtain the Windows NT Server 4.0, Terminal Server Edition, Security Rollup Package (SRP). For additional information about the SRP, click the article number below to view the article in the Microsoft Knowledge Base:

317636 Windows NT Server 4.0, Terminal Server Edition, Security Rollup Package

Windows 9x
A supported fix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Apply it only to computers that are experiencing this specific problem.

To resolve this problem, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information about support costs, visit the following Microsoft Web site:

http://support.microsoft.com/default.aspx?scid=fh;EN-US;CNTACTMS

NOTE: In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The usual support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

The English version of this fix should have the following file attributes or later:

  Date      Time      Size     File name     Platform ---  01/26/2000  03:15p  154,384  Schannel.dll  Win95 40bit 01/26/2000 04:40p  123,664  Schannel.dll  Win95 128bit 01/26/2000 03:15p  154,384  Schannel.dll  Win98 40bit 01/26/2000 04:40p  123,664  Schannel.dll  Win98 128bit



Windows 2000
Microsoft has confirmed that this problem may cause a degree of security vulnerability in Windows 2000. This problem was first corrected in Windows 2000 Service Pack 1.

Windows NT 4.0
Microsoft has confirmed that this problem may cause a degree of security vulnerability in Windows NT 4.0.

Windows 9x
Microsoft has confirmed that this problem may cause a degree of security vulnerability in Windows 95, Windows 98, and Windows 98 Second Edition.



MORE INFORMATION
This fix should be applied based on the following scenarios:
 * If the server is running IIS and the clients are not running Microsoft Internet Explorer, then apply the Microsoft Windows NT patch on the server.
 * If the server is running Microsoft Personal Web Server (PWS) for Windows 95 or 98 and the clients are not running Microsoft Internet Explorer, then apply the appropriate Microsoft Windows 95 or 98 patch on the PWS computer.
 * If the server is not running IIS or PWS and the client is running Microsoft Internet Explorer, then apply the appropriate Microsoft Windows NT, Microsoft Windows 95, or Microsoft Windows 98 patch on the client.

Note: If the Internet server and Web client are Microsoft products, then there is no issue. In most Windows 95 and Windows 98 cases, Windows is used as a client, and the fix should be applied on the client side.

Additional query words: security_patch tsesrp kbfaqw2knet

Keywords: kbbug kbfix kbqfe kbsecurity atdownload kbhotfixserver KB249863

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.