Event 36888: The following fatal alert was generated: 10. The internal error state is 1203

Solution 1:

I realize that you are not running IIS, but it appears other processes can cause this error message as well.

This might help:

http://social.technet.microsoft.com/Forums/en/winserverDS/thread/4c5430f5-43f6-41b4-97d3-03cfb3efa70b

Solution 2:

Ran across this post while researching 36888 and 36874 events from SChannel on one of our Windows 2008 R2 servers. I decided to dig into KB2992611, mentioned in another answer.

36888 is a failed SSL conection request on TLS 1.2 - none of the cipher suites supported by the client app are supported by the server.

36874 error text: The following fatal alert was generated: 40. The internal error state is 1205.

Bottom line: OP predated KB2992611 by 2+ years. I don't think it is related to the OP issue. I don't think it's related to the events I'm seeing now, either.

Details:

KB2992611 (referenced in Microsoft Security Bulletin MS14-066) was a patch to fix a vulnerability in SChannel. The patch caused a lot of problems and was re-released along with a second update, 3018238, for Windows 2008 R2 and Windows Server 2012.

On our server, KB2992611 was installed back in 2014, as was the subsequent re-release.

Per KB2992611 4 cipher suites were added to 2008R2 and 2012:

[...]Some customers have reported an issue that's related to the addition of the following new cipher suites to Windows Server 2008 R2 and Windows Server 2012: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_128_GCM_SHA256 [...]

At this point, we have no enabled TLS_DHE cipher suites, but the two mentioned TLS_RSA suites are Enabled.

While these errors are happening semi-regularly (not being flooded), they don't seem serious. I'm not going to spend anymore time worrying about them. My explanation is that someone is trying to access a server resource using a weak, disabled cipher suite, perhaps TLS_DHE_XXX.