Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Event logs: too many PerfNet and Schannel errors


  • Please log in to reply
7 replies to this topic

#1 prince_zardos

prince_zardos

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 29 May 2018 - 04:10 AM

Hello everyone, first time posting here. Lately, I've been getting flooded by these errors in my logs. I'm not tech savvy so a great chunk of what's about to follow might come from ignorance on my part. The current Windows 7 I'm running comes from a recent reinstall, and I don't remember having these errors before the reformat. There are, however, 2 major things I'm doing differently from the last time - first is I'm now using TinyWall to block all traffic unless I allow them (previously, the firewall was at the default allow all outgoing setting), and second, I've disabled Server and Workstation on the services.msc control panel.


The PerfNet errors (id 2002 and 2004) seem to be related the disabled Server and Workstation, but the solutions I got from googling about it involves restarting the Server service (id 2004). I've disabled it on purpose, so what I'd like to know is whether there is a switch or setting somewhere that I can toggle to make PerfNet not report these 2 specific errors. I can't say I know much about PerfNet, but if it's keeping an eye on other errors besides these 2, I'd like to not disable PerfNet completely. Event id 2002 says "Unable to open the Redirector service performance object", I have no idea what that is, but I'm hoping it has something to do with Workstation service being disabled so that maybe I can deal with it in a similar manner. I would really prefer keeping Server and Workstation disabled unless these errors are serious matters that require me to do otherwise.

The Schannel errors are event id 36876 and 36888. My best guesses are it may have something to do with the new firewall setting, or it may have something to do with SSL2,SSL3, and TLS1 boxes being unchecked on my internet options panel. My first response to the issue was to download and install the latest root certificates from Microsoft, but I still get both errors. I'd like to know if either of these are serious errors that require more looking into, rather than my current planned course of action which is disable reporting of this error. If they are serious errors, then I'd like to know what to do next so I can fix it, but if they're not, I'd like to know how to disable the error from going into the log.

Based on how the computer feels during daily usage, none of these errors seem to impact my computer's usefulness. If anything, my bigger concern is my event log being swamped with too many reds from these things that something actually important might get buried outside of my notice.

I apologize for the huge wall of text, and thanks in advance for taking the time to read it, and hopefully I can fix them with the help of this community.

 

edit:formatting

Attached Files


Edited by prince_zardos, 29 May 2018 - 04:12 AM.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,868 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:33 PM

Posted 29 May 2018 - 05:07 AM

Please download MiniToolBox  , save it to your desktop and run it.
 
Checkmark the following checkboxes:
  List last 10 Event Viewer log
  List Installed Programs
  List Users, Partitions and Memory size.
 
Click Go and paste the content into your next post.
 
Also...please Publish a Snapshot using Speccy taking care to post the link of the snapshot in your next post.

   Go to Piriform's website, and download the free version on the left.  Click Download from Piriform.com (the FileHippo link requires an extra click). Or if you want to use a portable version of Speccy (which doesn't require installation), click the builds page link and download the portable version. You will now be asked where you want to save the file. The best place to put it is the Desktop, as it will be easy to find later.

    After the file finishes downloading, you are ready to run Speccy. If you downloaded the installer, simply double-click on it and follow the prompts until installation is complete. If you downloaded the portable version, you will need to unzip it before use. Right-click the ZIP file and click Extract all. Click Next. Open up the extracted folder and double-click on Speccy.
 
     Once inside Speccy, it will look similar to this (with your computer's specifications, of course):
 
post-33068-0-86653600-1480692866_thumb.j

     Now, at the top, click File > Publish Snapshot.

     Click Yes > then Copy to Clipboard

Now, once you are back in the forum topic you are posting in, click the ADD REPLY or REPLY TO THIS TOPIC button. Right-click in the empty space of the Reply box and click Paste. Then, click Add Reply below the Reply box.

Louis



#3 prince_zardos

prince_zardos
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 29 May 2018 - 11:32 AM

Here is the link I got from speccy: http://speccy.piriform.com/results/3eKyGympyngePYrC2wQNRA8

 

Following is the information from MiniToolBox:

 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by yano (administrator) on 30-05-2018 at 00:21:41
Running from "D:\bleep\speccy"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Model: To Be Filled By O.E.M. Manufacturer: To Be Filled By O.E.M.

Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/30/2018 12:19:26 AM) (Source: PerfNet) (User: )
Description:

Error: (05/30/2018 12:19:26 AM) (Source: PerfNet) (User: )
Description:

Error: (05/30/2018 12:11:26 AM) (Source: PerfNet) (User: )
Description:

Error: (05/30/2018 12:11:26 AM) (Source: PerfNet) (User: )
Description:

Error: (05/30/2018 12:03:26 AM) (Source: PerfNet) (User: )
Description:

Error: (05/30/2018 12:03:26 AM) (Source: PerfNet) (User: )
Description:

Error: (05/29/2018 11:55:26 PM) (Source: PerfNet) (User: )
Description:

Error: (05/29/2018 11:55:26 PM) (Source: PerfNet) (User: )
Description:

Error: (05/29/2018 11:47:26 PM) (Source: PerfNet) (User: )
Description:

Error: (05/29/2018 11:47:26 PM) (Source: PerfNet) (User: )
Description:


System errors:
=============
Error: (05/29/2018 11:43:45 PM) (Source: Schannel) (User: PC-OLD1)
Description: The certificate received from the remote server has not validated correctly. The error code is 0x80092013. The SSL connection request has failed. The attached data contains the server certificate.

Error: (05/29/2018 11:43:45 PM) (Source: Schannel) (User: PC-OLD1)
Description: The following fatal alert was generated: 43. The internal error state is 552.

Error: (05/29/2018 11:43:12 PM) (Source: Schannel) (User: PC-OLD1)
Description: The certificate received from the remote server has not validated correctly. The error code is 0x80092013. The SSL connection request has failed. The attached data contains the server certificate.

Error: (05/29/2018 11:43:12 PM) (Source: Schannel) (User: PC-OLD1)
Description: The following fatal alert was generated: 43. The internal error state is 552.

Error: (05/29/2018 11:42:58 PM) (Source: Schannel) (User: PC-OLD1)
Description: The certificate received from the remote server has not validated correctly. The error code is 0x80092013. The SSL connection request has failed. The attached data contains the server certificate.

Error: (05/29/2018 11:42:58 PM) (Source: Schannel) (User: PC-OLD1)
Description: The following fatal alert was generated: 43. The internal error state is 552.

Error: (05/29/2018 11:42:41 PM) (Source: Schannel) (User: PC-OLD1)
Description: The certificate received from the remote server has not validated correctly. The error code is 0x80092013. The SSL connection request has failed. The attached data contains the server certificate.

Error: (05/29/2018 11:42:41 PM) (Source: Schannel) (User: PC-OLD1)
Description: The following fatal alert was generated: 43. The internal error state is 552.

Error: (05/29/2018 11:41:07 PM) (Source: Schannel) (User: PC-OLD1)
Description: The certificate received from the remote server has not validated correctly. The error code is 0x80092013. The SSL connection request has failed. The attached data contains the server certificate.

Error: (05/29/2018 11:41:07 PM) (Source: Schannel) (User: PC-OLD1)
Description: The following fatal alert was generated: 43. The internal error state is 552.


Microsoft Office Sessions:
=========================
Error: (05/30/2018 12:19:26 AM) (Source: PerfNet)(User: )
Description:

Error: (05/30/2018 12:19:26 AM) (Source: PerfNet)(User: )
Description:

Error: (05/30/2018 12:11:26 AM) (Source: PerfNet)(User: )
Description:

Error: (05/30/2018 12:11:26 AM) (Source: PerfNet)(User: )
Description:

Error: (05/30/2018 12:03:26 AM) (Source: PerfNet)(User: )
Description:

Error: (05/30/2018 12:03:26 AM) (Source: PerfNet)(User: )
Description:

Error: (05/29/2018 11:55:26 PM) (Source: PerfNet)(User: )
Description:

Error: (05/29/2018 11:55:26 PM) (Source: PerfNet)(User: )
Description:

Error: (05/29/2018 11:47:26 PM) (Source: PerfNet)(User: )
Description:

Error: (05/29/2018 11:47:26 PM) (Source: PerfNet)(User: )
Description:


=========================== Installed Programs ============================
7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.1.0 - Asmedia Technology)
ASRock App Charger v1.0.4 (HKLM\...\ASRock App Charger_is1) (Version:  - ASRock Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
CCleaner (HKLM\...\CCleaner) (Version: 5.42 - Piriform)
Chocolatey GUI (HKLM-x32\...\{4ACC511C-C0F8-449F-AE5E-E3A480FA1699}) (Version: 0.16.0.0 - Chocolatey)
CleanMem (HKLM-x32\...\CleanMem) (Version: v2.5.0 - PcWinTech.com)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 397.93 - NVIDIA Corporation) Hidden
File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version:  - Pow Tools)
foobar2000 v1.3.17 (HKLM-x32\...\foobar2000) (Version: 1.3.17 - Peter Pawlowski)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hearthstone Deck Tracker (HKCU\...\HearthstoneDeckTracker) (Version: 1.6.6 - HearthSim)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
LibreOffice 6.0.4.2 (HKLM\...\{CBC4E8DF-CCBD-4260-A6A5-B682BA706DC4}) (Version: 6.0.4.2 - The Document Foundation)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Mozilla Firefox 60.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0.1 (x64 en-US)) (Version: 60.0.1 - Mozilla)
MSI Afterburner 4.4.2 (HKLM-x32\...\Afterburner) (Version: 4.4.2 - MSI Co., LTD)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.5.6 - Notepad++ Team)
NVIDIA Graphics Driver 397.93 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 397.93 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
ObjectDock Free (HKLM-x32\...\{2C13F8C1-570B-42A9-87B4-8C7903ECD602}) (Version: 2.0 - Stardock Corporation) Hidden
ObjectDock Free (HKLM-x32\...\ObjectDock Free) (Version: 2.0 - Stardock Corporation)
paint.net (HKLM\...\{E8FA8815-3817-4128-A814-E2EAC456ADF0}) (Version: 4.0.21 - dotPDN LLC)
PowerShell 6-preview-x64 (HKLM\...\{3C3D1E90-8F22-4712-B134-10C49501AA47}) (Version: 6.1.0.2 - Microsoft Corporation)
qBittorrent 4.1.0 (HKLM-x32\...\qBittorrent) (Version: 4.1.0 - The qBittorrent project)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.113.914.2017 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7512 - Realtek Semiconductor Corp.)
SeaMonkey 2.49.3 (x86 en-US) (HKLM-x32\...\SeaMonkey 2.49.3 (x86 en-US)) (Version: 2.49.3 - Mozilla)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TinyWall (HKLM-x32\...\{20E767BE-FE75-4429-8722-A5D75AC2FCA6}) (Version: 2.1.8.0 - Károly Pados)
XFast LAN v10.10 (HKLM\...\XFast LAN) (Version: 10.10 - cFos Software GmbH, Bonn)

========================= Memory info: ===================================
Percentage of memory in use: 37%
Total physical RAM: 3988.82 MB
Available physical RAM: 2475.89 MB
Total Virtual: 7975.81 MB
Available Virtual: 5542.74 MB

========================= Partitions: =====================================
1 Drive c: (Seven) (Fixed) (Total:100 GB) (Free:64.91 GB) NTFS
2 Drive d: (Games and Stuff) (Fixed) (Total:1658.82 GB) (Free:1194.56 GB) NTFS

========================= Users: ========================================
User accounts for \\

Administrator            Guest                    yano                       


**** End of log ****
 


Edited by hamluis, 30 May 2018 - 06:00 AM.


#4 prince_zardos

prince_zardos
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 30 May 2018 - 05:14 AM

A bit of an update here- it seems to me like the Schannel errors have something to do with Blizzard's Battle.net App. The log times seem to correspond to whenever I open the app, but for my daily intents and purposes, there is no decreased functionality from the app or the games from what I can tell. I may have googled a "fix" for it, but I'll wait for a few days for other opinions just because it feels to me like it is merely relieving symptoms rather than addressing the underlying cause. From https://www.sevenforums.com/network-sharing/174169-schannel-36888-36884-errors.html:

 

 

I have found a fix (sort of) for these error logs. If you are comfortable with going into the registry you can at least stop the errors from being logged. It doesn't stop the errors just the logging. Anyway here's the fix.

Go into the registry to the following key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL

Create a DWORD value and name it "EventLogging" (without quotes) with a value of "0" this will eliminate such event log messages. The error may still occur but without a log entry being generated.

 

No luck yet regarding the PerfNet errors, though.



#5 hamluis

hamluis

    Moderator


  • Moderator
  • 55,868 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:33 PM

Posted 30 May 2018 - 06:31 AM

FWIW/

 

To be honest...all of your noted errors...seem to relate to connectivity or server issues.  Which I find odd.

 

You have IE 8 installed...which is not good at all, IE 11 is the only version currently supported by Microsoft.

 

For a system with an install date of 2 weeks ago...Event Viewer is busy.

 

You have a torrent program installed...which is always viewed by me as a system vulnerability.  Perhaps that correlates to the references pointing to what I consider to be server errors.

 

No AV installed, that I can see.

 

My first order of business would be to install an AV and install IE11. 

 

You don't have any application errors reflected...that would justify suspecting a random program.

 

Louis



#6 prince_zardos

prince_zardos
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 30 May 2018 - 08:54 AM

 

You have IE 8 installed...which is not good at all, IE 11 is the only version currently supported by Microsoft.

 

I've disabled IE from the "Turn Windows features on/off" panel even before running Windows Update because I use Firefox anyway, so I don't know why IE 8 appears in the diagnostics.

 

 

You have a torrent program installed...which is always viewed by me as a system vulnerability.  Perhaps that correlates to the references pointing to what I consider to be server errors.

 

I haven't run the torrent client yet, not even once on this install. because I still have to figure out how to migrate its old settings from the previous install of Windows. That can wait until I fix the current issues.

 

I'm convinced the server error from PerfNet are caused by the disabled Server service on services.msc. I've come across the article you linked from previous google searches, but it and most of the other results resolve the issue by re-enabling the Windows Server service. I prefer to have the Server and Workstation services disabled because a.) I don't plan on using Windows LAN File Sharing on this computer, and b.) it doesn't work well with TinyWall (https://tinywall.pados.hu/faq.php - "Why does Tinywall keep disabling File and Printer Sharing?"), so I figured I'd take the freed resources over keeping the pointless services running. What I'm looking for is a way to tell PerfNet or Windows to not put the PerfNet errors in the logs, because I've disabled those services on purpose. I'm having trouble searching how to do it because this part of Windows is uncharted territory to a non-sysadmin guy like me, that's why I'd like to hear an opinion from others who know better.

 

 

My first order of business would be to install an AV and install IE11.

 

I'll install an AV later after the current issues are resolved. How important is it to install IE 11 if I'm not gonna use it? Quite frankly, I'm surprised the report thing says I have IE 8 on my computer, I'd remove it completely if I knew how, but I don't know how do it beyond turning it off on Windows features :(



#7 hamluis

hamluis

    Moderator


  • Moderator
  • 55,868 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:33 PM

Posted 30 May 2018 - 10:17 AM

Windows Update uses IE.  You cannot remove IE completely...it's an integral part of Windows, by design.  You can choose to use it or not...but you cannot access the Windows Update function without it.  Alternatively, you can download/install individual updates, using a different browser.

 

Louis



#8 prince_zardos

prince_zardos
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 31 May 2018 - 09:47 AM

Okay, so another update on the situation. I decided to uninstall Blizzard's app and remove its firewall permissions to "start from scratch". After reinstalling Blizzard's app, I let it run without firewall permissions first. This lets me see all of its connections blocked by TinyWall. Curiously, one of the blocked connections was from lsass.exe. I closed the Blizzard app, gave them back their old permissions, but this time I also allowed lsass through the firewall. After that, I ran Blizzard's app again and it didn't push Schannel errors in the event log anymore. I tried to do some confirmation by removing the lsass permission on the firewall, then ran the Blizzard app again, expecting to see the Schannel errors again, but I didn't get any. I don't really understand what happened, so if anyone can explain, I'm all ears. In the meantime, I'm not giving lsass firewall permissions unless the Schannel errors come back.

 

I still have the PerfNet errors spamming my logs.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users