Was this page helpful?
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All


Updated: October 21, 2008

Applies To: Windows Server 2008, Windows Server 2008 R2

You can use this registry setting to enable the logging of client certificate validation failures, which are secure channel (Schannel) events.

Incorrectly editing the registry might severely damage your system. Before making changes to the registry, you should back up any valued data on the computer.


Schannel is a security support provider (SSP) that supports a set of Internet security protocols, such as Secure Sockets Layer (SSL) and Transport Layer Security (TLS). These protocols provide identity authentication and secure, private communication through encryption. Logging of client certificate validation failures is a secure channel event, and is not enabled on the NPS server by default.

You can enable additional secure channel event logging by changing the registry key value from 1 (REG_DWORD type, data 0x00000001) to 3 (REG_DWORD type, data 0x00000003).

The logging of rejected or discarded authentication events is enabled by default.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

© 2015 Microsoft