A fatal error occurred while creating a TLS client credential. The internal error state is 10013


Picture of TLS Client Handshake Negotiation
So, today we are going to go over another annoying error we most often see in Windows 10 event logs. The error in question is "A fatal error occurred while creating a TLS client credential. The internal error state is 10013" with an EventID of 10013. This error seems to be caused by the disabling of certain client side ciphers and TSL versions, or some sort of corruption from installed updates. 

As we know, SSL 1.0, SSL 2.0, SSL 3.0, TLS 1.0, and TLS 1.1 are insecure and no longer recommended to be used. Despite Microsoft stating its version of TLS 1.0 is free of any known security vulnerabilities, they still recommend migrating existing applications to use new versions of TLS such as 1.2 or ideally 1.3.

However, Microsoft Windows is a funny thing. It relies heavily on RPC(Remote Procedure Call). It even uses RPC to carry out local functions. This makes Windows robust, but can often have unintended consequences such as this error. 

To fix this issue we need to do two things:

1. Edit Registry to Fix TLS version used by .Net Framework by adding the following registry values to the registry by using regedit. Navigate to the proper keys, and change or create them. See below:

Windows Registry Editor Version 5.00

Windows Registry Editor Version 5.00

Those registry keys will enable TLS 1.2 for use by applications that use .Net Framework. 


2. Use the ISS Crypto Application  by Nartac software to set security suites to the "Best Practices" setting and then restarting the computer. See Screenshot below

After using the ISS Crypto application to set the system to "Best Practices" which is really the Microsoft Windows Default Settings, adding the registry enteries above for .Net Framework, and restarting the computer, the TLS Event ID 10013 error should stop. 

Before anyone asks, yes it shows TLS 1.0 being enabled, however, TLS 1.2 is backwards compatible with previous versions. So in essence what these changes do is allow TLS 1.2 and 1.3 in Windows to respond and handle requests for older versions so the event viewer doesn't flood your log with errors.

I hope this article helps anyone out there dealing with these errors. Until next time! 

Disclaimer: I am not responsible for anything that may happen to your PC when changing settings or changing registry values. If you choose to make changes, you do so at your own risk.. You are solely responsible for any damage to your computer , data, or other hardware due to user error, inadequate cooling, too high of voltages, incorrect software settings, and any other factors. Please remember to back up your computer before attempting this. If overclocking, Do not Overclock on the stock AMD or Intel CPU Heatsink and fans. Use Aftermarket cooling heat sinks of sufficient TDP or water cooling to ensure best chance of not having premature hardware failure. As always, remember to backup your data before attempting any change. I am not responsible for data loss or damage of any kind.

Leave a Reply

Total Pageviews