Schannel – The internal error state is 10013 (Solved)

You may run into “Schannel – The internal error state is 10013” message if your website fails establishing TLS connection. That is to say, here is the error message you will see in Event Viewer:

Info – Schannel – Creating an SSL server credential.

Error – Schannel – A fatal error occurred while creating an SSL client credential. The internal error state is 10013

This error is logged when there are Schannel Security Service Provider (SSP) related issues. For example, web server might be trying to use an encryption algorithm or protocol that were actually disabled.

Similarly, incompatible machine keys or machine keys with insufficient file permissions may be other possible reasons of “The internal error state is 10013” error message.

Looking for a way to fix “SChannel error state is 960”? Check this post out.

How to solve “The internal error state is 10013” issue

Follow the steps below to solve this issue. If no more 10013 errors logged after performing these instructions, please make sure that all other applications and services you use in the server are working as expected.

Correct file permissions

Correct the permissions on the c:\ProgramData\Microsoft\Crypto\RSA\MachineKeys folder:

  1. Everyone Access: Special Applies to: This folder only
  2. Network Service Access: Read & Execute Applies to: This folder, subfolders and files
  3. Administrators Access: Full Control Applies to: This folder, subfolder and files
  4. System Access: Full control Applies to: This folder, subfolder and Files
  5. IUSR Access: Full Control Applies to: This folder, subfolder and files
The internal error state is 10013

After these changes, restart the server. The 10013 errors should dissappear. However, If you still see “Schannel 10013” errors in EventViewer, try the next solution (keep the changes you made in Step 1).

Enable “FIPS compliant algorithms for encryption”

Important!!! Even if this setting solves the problem for your application, it may break other applications in the same server! Please test all applications after performing these steps. Enabling “FIPS compliant algorithms” means disabling SSL 2.0/3.0 and forcing TLS 1.0+. A good reading about this setting: Why You Shouldn’t Enable “FIPS-compliant” Encryption on Windows

  1. Go to “Control Panel“.
  2. Click “Administrative Tools
  3. Double click “Local Security Policy
  4. In “Local Security Settings“, expand “Local Policies“. Then click “Security Options
  5. Double click “System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing” 
  6. Select “Enabled
  7. Click “OK
  8. Run gpupdate /force
The internal error state is 10013

In conclusion, the two methods above should solve the issue. As mentioned above, please make sure all services work expected after these changes.

Source

Solved: Google reCAPTCHA always returns “false” as a response to AJAX call

I have explained how to use Google reCAPTCHA in another post. Google returns “true” or “false” in “success” parameter as a response to your AJAX call.

After your implementation, you might be constantly getting “false” value in this parameter. The response looks like this in your browser trace:

{
“success”: false,
“error-codes”: [
 “missing-input-response”,
 “missing-input-secret”
 ]
}

Issue

You might be sending “secret” and “response” parameters as hash map. Your code may look like this:

$.ajax({
     type: "POST",
     url: "https://www.google.com/recaptcha/api/siteverify",
     data: {
     secret: "YOUR-SECRET-KEY",
     response: captchaResult
},
contentType: "application/json; charset=utf-8",
dataType: "json",
failure: function (response) {
     alert(response.d);
},
success: function (response) {
     googleCallResult = response.success;
}
}).done(function () {
     // Do stuff with googleCallResult
});

Solution

Google reCAPTCHA expects parameters to be sent in the URL instead of hash map. So you need to add “secret” and “response” parameters into the URL. Here is the edited code:

$.ajax({
     type: "POST",
     url: "https://www.google.com/recaptcha/api/siteverify?secret=YOUR-SITE-KEY&response=" + captchaResult,
     contentType: "application/json; charset=utf-8",
     dataType: "json",
     failure: function (response) {
     alert(response.d);
},
success: function (response) {
     googleCallResult = response.success;
}
}).done(function () {
     // Do stuff with googleCallResult
});

How to add captcha to your website? (How to use Google reCAPTCHA?)

Automated applications (bots, robots) can perform brute force attacks to your contact forms or registration pages. These attacks may cause a leakage in confidential information as well as service outage.

The crucial approach to prevent automated applications to mess up with your web forms is that using captcha verification. There are several third party services to implement captcha in your website. I will briefly explain how to use Google’s service called Google reCAPTCHA.

How to use Google reCAPTCHA?

  1. Sign up and create a new record
  2. It will give you a SITE KEY and SECRET KEY. You will use these values below
  3. Add this line before the closing </head> tag in HTML page:
    <script src='https://www.google.com/recaptcha/api.js'></script>
  4. Add this line where you want the reCAPTCHA widget to appear (Make sure to replace YOUR-SITE-KEY with your own site key):
    <div class="g-recaptcha" data-sitekey="YOUR-SITE-KEY"></div>
  5. Once user clicks the submit button in your page, make this AJAX call in your JavaScript function (Make sure to replace YOUR-SECRET-KEY with your own secret ):

    var captchaResult = grecaptcha.getResponse();
    var googleCallResult;
    
    $.ajax({
         type: "POST",
         url: "https://www.google.com/recaptcha/api/siteverify?secret=YOUR-SECRET-KEY&response=" + captchaResult,
         contentType: "application/json; charset=utf-8",
         dataType: "json",
         failure: function (response) {
              alert(response.d);
    },
    success: function (response) {
         // if googleCallResult equals "true", captcha verification
         // is successful. It equals "false" if verification fails
         googleCallResult = response.success;
    }
    }).done(function () {
         // Do stuff with googleCallResult
    });
  6. That’s all! By using the variable “googleCallResult“, you can build your logic in your page. This variable will have “true” if the captcha verification is successful.

.

Call a function as soon as  the user verifies captcha

  1. Add “data-callback” attribute to your div class (Make sure to replace YOUR-SITE-KEY with your own site key):
    <div class="g-recaptcha" data-sitekey="YOUR-SITE-KEY" data-callback='captchaSuccessful'></div>
  2. Add your JavaScript function. This function will be called once user verify the captcha
    function captchaSuccessful() {
         // Do stuff here
    }

.

More info about Google reCAPTCHA:
https://developers.google.com/recaptcha/intro