A Fatal Error Occurred While Creating a TLS Client Credential. The Internal Error State is 10013.

Leave a comment

You may face the issue with Event ID 36871 after upgrading to a greater version of Windows 11 or 10. The issue will show ‘A fatal error occurred while creating a TLS client credential. The internal error state is 10013’ in Windows logs under the Console tree in Event Viewer.

You may wonder why a fatal error occurs when updating the Windows to a higher version. However, this error will be resolved easily, as long as you know the methods to fix it. Thankfully, this post will show you a guide on how to fix this fatal error when upgrading your Windows. Here you go!

What Is the Cause of the Fatal Error Issue When Upgrading Windows?

A Fatal Error Occurred While Creating a TLS Client Credential. The Internal Error State is 10013.

The Windows tool will require the error message that says ‘A fatal error occurred while creating a TLS client credential. The internal error state is 10013’ repeatedly. We think you will be bothered with this continuing ongoing task.

The fatal error that occurs while creating a TLS client credential will commonly appear as you launch a program, browse the web or also connect to a network. This issue occurs because of a disagreement between the server and client on a mutual cipher to use to build a secure connection.

It does not matter, as you can fix this fatal error easily. You definitely can solve the internal error state in Windows 11 or 10 by taking some steps that will show in the next section.

Fixing the Fatal Error When Upgrading Windows, Here’s How!

There are a bunch of methods that you can take to fix ‘A fatal error occurred while creating a TLS client credential. The internal error state is 10013’ message after upgrading the Windows to a higher version.  Here are some methods that you can do to fix this fatal error:

Method 1: Enable TLS 1.0 and 1.1 Protocols

To fix the fatal error when upgrading the Windows to a higher version, you can try to enable Enable TLS 1.0 and 1.1 Protocols. To do so, you can do the following steps:

    • First, you can open ‘Run’ by pressing Windows + R.
    • On the command box, you can type ‘ncpa.cpl’.
    • Then, you can click ‘OK’ or press ‘Enter’.
    • After the Internet properties window pops up, you can then click the ‘Advanced’ tab.
    • You may need to scroll down and check both ‘Use TLS 1.0’ and ‘Use TLS 1.1’.
    • After that, click ‘Apply’. Then, click  ‘OK’.
    • Last, you can reboot the device and check if the fatal error while creating a TLS client credential still appears.

Method 2: Enable deprecated Transport Layer Security protocols

In addition to enabling the TLS 1.0 and 1.1 Protocols, you can also try to enable deprecated Transport Layer Security protocols. This way can be performed for Windows Server. Here’s how!

    • First, you can click on IIS Crypto GUI and download the tool.
    • After downloading the tool, you can then double click on IISCrypto.exe.
    • Then, you can launch the app.
    • By default, it will bring the ‘Schannel’ tab.
    • You need to check TLS 1.0 and TLS 1.1 in both the Server protocols and Client protocols sections.
    • You can then click on ‘Apply’ where they are the deprecated protocols.

Method 3: Registry tweak to fix The Internal error state is 10013

You can also try to make registry changes to fix the fatal error when upgrading the Windows to a higher version. This method can be performed for Windows 10 or 11.  To do so, you can perform some steps, as follow:

    • First, click the ‘Search’.
    • Then, type the ‘regedit’ and hit ‘Enter’.
    • You can choose ‘Yes’ on the User Account Control prompt.
    • You can navigate to the location on the Registry Editor to ‘HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client’
    • After that, you can go to right pane and right click and choose ‘New => DWORD (32-bit) Value’
    • You can name the value ‘DisabledByDefault’.
    • Make sure to double click on the value and then enter Value data 0. Then, click ‘OK’.
    • Similarly, you can make one more value named, Enabled. You can then put value data 1 for this.
    • You can then close the registry editor and restart the PC.

Method 4: Running a PowerShell Script

For the last method, you can try to run a PowerShell Script to fix a fatal error occured while creating a TLS client credential. Well, you can try to enable TLS 1.2 using a script. Let’s follow the steps below!

    • First, you need to download ‘TSL1.2_enable’ here.
    • After the downloading process is completed, you can then extract the file.
    • Then, right-click on the TLS1.2_enable.ps1 and choose ‘Run’ with PowerShell.
    • As an alternative way, you can also launch PowerShell ISE.
    • Then, copy the following Script:
New-Item ‘HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319’ -Force | Out-Null

New-ItemProperty -path ‘HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319’ -name ‘SystemDefaultTlsVersions’ -value ‘1’ -PropertyType ‘DWord’ -Force | Out-Null

New-ItemProperty -path ‘HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319’ -name ‘SchUseStrongCrypto’ -value ‘1’ -PropertyType ‘DWord’ -Force | Out-Null

New-Item ‘HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319’ -Force | Out-Null

New-ItemProperty -path ‘HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319’ -name ‘SystemDefaultTlsVersions’ -value ‘1’ -PropertyType ‘DWord’ -Force | Out-Null

New-ItemProperty -path ‘HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319’ -name ‘SchUseStrongCrypto’ -value ‘1’ -PropertyType ‘DWord’ -Force | Out-Null

New-Item ‘HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server’ -Force | Out-Null

New-ItemProperty -path ‘HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server’ -name ‘Enabled’ -value ‘1’ -PropertyType ‘DWord’ -Force | Out-Null

New-ItemProperty -path ‘HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server’ -name ‘DisabledByDefault’ -value 0 -PropertyType ‘DWord’ -Force | Out-Null

New-Item ‘HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client’ -Force | Out-Null

New-ItemProperty -path ‘HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client’ -name ‘Enabled’ -value ‘1’ -PropertyType ‘DWord’ -Force | Out-Null

New-ItemProperty -path ‘HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client’ -name ‘DisabledByDefault’ -value 0 -PropertyType ‘DWord’ -Force | Out-Null

Write-Host ‘TLS 1.2 has been enabled.’
    • You can then paste the script above in PowerShell ISE.
    • After that, you can press ‘Enter’.
    • Then, you need to restart the Windows Server.
    • Now, you can open Start ‘Event Viewer’ and go to ‘Windows Logs’ and then click the ‘System’.
    • You will no longer see the error ‘Event ID 36871: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.’  on your Windows.

Okay, those are four methods that you can use to try fixing ‘A fatal error occurred while creating a TLS client credential. The internal error state is 10013.’  after you upgrade your Windows to a higher version. Good Luck!!!

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *