Wolfram|Alpha: Systematic knowledge, immediately computable.

Wednesday, October 27, 2010

Schannel Event 36888 ( 10 / 10 ) When Playing BFBC2 / MOH / Etc. - WTF?

Since the beta of EA/DICE's Battlefield Bad Company 2, forums have had a myriad of posts with game problems, with this symptom included in the posts. Since retail release of the game, and the subsequent release of Medal of Honor by the same publisher/developer teams, the same has been seen for the latter game.

Specifically, the event log entry in the windows system log is:

Event 36888, Schannel
The following fatal alert was generated: 10. The internal error state is 10.

When I first saw the error myself, I recognized it from my network programming days as an informational error, indicating some kind of barf-o-rama on the server side of  a secure connection handshake. Unlike most of the other Schannel event IDs, this particular one seems to remain undocumented. Nonetheless, the Info opcode and 10 / 10 Alert Description and Error State hint strongly at it being server side.

Since it seemed to have no material effect on the playability of the game(s), my interest in investigating it stopped there. A recent poster, however, indicated that disabling their AV (Trend) caused the apparently related game issues to be remedied. While it appears that the game itself runs correcly despite encountering the Schannel error, it may be that some A/V that muck with everything on the wire might take drastic action in the face of it. Strange if some do, but plausible.

In any case, barring some other application / utility causing problems (e.g., said A/V), the error itself can be safely ignored. If it really bothers you, you can change the logging level via a registry change by modifying (or adding if needed) the key:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL

DWORD value EventLogging with a value of 0 will eliminate such event log messages. Note that current versions of windows seem to be more voluble for these errors - on older (e.g. XP), the error may occur without a log entry being generated.

I became interested again in this event / error recently while tracing the traffic activity of the game debugging a separate issue. Both games are built on the same engine / network infrastructure, so it is not surprising they share the same frailties.

From an outsider's view (since I have no access to the game source code, nor the EA master or game servers, my view must be the result of probing and testing theories, using debuggers and traffic sniffers), the network infrastructure for these games is a bit of a wreck. In the same way one might surmise their neighbor is a slob from observations of the trash bags thrown on their front lawn, the mishmash of connections and traffic these games generate is appalling. The possibilities of problems due to one piece failing or being unavailable are surely a source of grief for many attempting to play these games online.

If this system was designed this way from scratch, someone should be publicly whipped with a length Ethernet cable. If it is the result of 'evolution' of features and functionality by adding servers to the 'master' pool, the time has come perhaps for EA to rethink the infrastructure and rebuild it from scratch.

In any case, the Schannel error in these games appears to be generated by an improperly configured EA server that provides them with hardware information à la Steam's hardware survey.

Another way to eliminate the error (and stop spying by EA, if that's your stance), is to add the following to the file \windows\system32\drivers\etc\hosts:

127.0.0.1        bf1943hwtelemetry.ea.com

This prevents the game(s) from even starting the handshake process, short-circuiting the error path.

In summary: The error is harmless, it is not the cause of crashes / etc. in the game itself per se though it appears it might throw programs such as A/V into a tizzy (when I feel like it, I may investigate this further.) You can just ignore it, or if it bothers you having it in your event log, take one or both of the steps outlined above.



18 comments:

  1. Genius trouble shooting. Thx for posting this @ steam forum. I posted questions about this on microsoft forums - MVPs had no ideas. Game works fine - bfbc2 - , but this error was ticking me off after months of looking for a cause. +1 reputation if the blog had a button!

    ReplyDelete
  2. just added this to the hosts file. I do disagree when you say this doesn't cause crashes. I've had a crash to desktop problem for 2-3 months now and every time its happened the event log has the schannel error at the same time.

    ReplyDelete
  3. @ Anonymous October 29, 2010 12:15 PM:
    Adding the hosts entry disables that communication - the games gracefully ignore it when they cannot establish the connection. They do the same thing (fortunately) when they do connect but fail the handshake.

    Saying you see/saw this event every time you crash in the game is like saying you first started the game every time you saw a crash :-)

    If you've not changed the logging level or put the hosts entry, you will see this event (at least in current versions of windows), and if you trace the execution with your favorite debugger, you'll see the game ignores the error.

    Barring the A/V interaction alluded to (I'm going to investigate this perhaps later), it is not the cause of game crashes.

    Hope that clarifies things.

    ReplyDelete
  4. Thanks for figuring this out. Seems no one had an answer from the EA forums. Question - is this always caused by a server-side problem, or can something be done on the client side?

    ReplyDelete
  5. @ Anonymous November 5, 2010 10:37 PM :
    I cannot be 100% certain of this - as I said, this particular error is seemingly undocumented. However, every case I've seen has indicated a problem in the handshake from the server side.

    ReplyDelete
  6. I can't remember the last time my game crashed, and I've never been bothered to notice that error.
    Interesting how both games would have the same issue, and even more interesting is how a 10+ year old game (BF1942) is still the base MP code for it. OK, I see you wrote 1943... but still, they must be all interrelated, as I feel the same "loose" gameplay in BFBC2 as i did in BF1942/BFVietnem back in the day. HL1 and CS1.6/DOD were very tight although there were arguments related to the "curve" (do some searching if you wish) on those games as well. I modded back then, and we didn't see any oddities in the code we could touch, but there was surely underlying code that was beyond our reach.

    ReplyDelete
  7. Hey Rob I hope you have the time to generate an opinion or overview about the calamity of a release that BOs is technically. Please let us know your thoughts in a quick piece or on Crosshairs.

    ReplyDelete
  8. @ ibleedv20:
    Oh yeah, I'll be there. I haven't even installed mine yet - I knew this was coming, and decided to wait until the starting gate blues die down...

    ReplyDelete
  9. Thank you for this information.
    But I am not sure if this is not causing my PC from crashing. To tell long story short.
    I play Medal Oh Honor Online. It started to freeze randomly on around ~20 to 1 hour of play. Overheating, RAM, and CPU issues seems to be ruled out. I found my HDD having Bad Sectors. Now I have New HDD and I still had two crashes so far (in a week period).
    Each time after that I see Schannel in Event Viewer the same time when Crash occurred. And I mean totally freezes, only Hard Shutdown helps.
    I unchecked the TLS on IE8 Advanced Security settings (but I am not using IE8 at all).
    So I should try one of the methods mentions above... I will. Coz I don't have other choice at this moment.
    Thank you.

    ReplyDelete
  10. @Sergej:
    That is interesting - I've not seen a case where the game was in-play, then crashed, coinciding with the error. I suppose a lost connection / reconnection attempt might throw it, but I've only seen the error (at least in BFBC2) on first attempt on first start of the game. In any case, the suggestions will only eliminate the reporting of the error. The error still happens under the covers, and again, I've personally not seen any evidence it is the root of any crashes or hangs. Good luck, do comment back if you make progress.

    ReplyDelete
  11. Alright, I did change Registry value just now. Will see how it turns up.
    Before that I've added the Host to a list, but that seems to do no change. I had few crashes whatsoever.
    At this moment I am not able to play a game, so can't give any feedback, but I will, because I am not sure why this is happening and it drives me crazy.
    After reinstalling windows (on my new HardDrive) I started having BSOD even not in a game ;] and before that computer acts like he's freezed for a ~1 minute or so. Music is still playing (if u'r listening to any) but you can't use your computer in that period of time. After a minute it wakes up and make all the moves and clicks that you pressed while it was frozen. What can cause this? HDD (again)? RAM?
    But, to be honest, I don't think these two issues are related to freezings while playing MOH Online.

    ReplyDelete
  12. @Sergej:
    Do note - if the host name the game uses is different from my one for bfbc2, the host file change won't stop the error - you'd need to sniff the traffic to find the name. In any case, the registry change only prevents the recording of the error - windows is a bit zealous for this error. The error itself still occurs in these cases. From your description, it sounds like something else may be going on cvausign your problems. Did you get the stop error from the BSOD?

    Rob

    ReplyDelete
  13. I will get it next time.
    I noticed that my PC freezes for a minute or so especially when I am installing something. Apart from that system runs good.
    So you are saying it's better for me to leave error recording intact? When and how I can find which host name MOH is using?
    I am going to play a game for a while today. Will see what happens. I am pretty sure that it'll hang.

    ReplyDelete
  14. @Sergej:
    You could use the windows netstat command to catch what ip/hostname the game uses - I'm not playing MOH, or I'd grab it for you. You can also sniff via a packet sniffer (what I did), but not really something to be explained in a comment.

    As far as leaving that error reported - that's up to you - some players seemed really bothered at the cluttering of their logs, hence my offering a solution to the reporting.

    As I said - it only stops the reporting, not the error, but I've seen NO evidence the error is the CAUSE of hangs/crashes. It seems many that had issues saw the error and ASSUMED it was the cause.

    Do you have any kind of anti-virus running? They can cause a myriad of issues with games, including hangs/crashes. What windows are you running? Might you be able to perhaps do a clean, pure windows install on a second partition, NO OTHER INSTALLS OTHER THAN THIS GAME (and of course sound / graphics drivers if needed) and see what the behavior is?

    Rob

    ReplyDelete
  15. Thank you for your time. I do appreciate that.
    Last night I played more than an hour or two and everything seems to be OK. But this is not enough to judge yet.
    Yes, I am running Free Avast version and my OS is Win7 64bit Build 7600. I did all fresh install not so far ago (a few weeks), but I am up and running with all kind of programs also...
    I had reported this problem on a TechForum and one guy from Microsoft said (from reading of my DumbFiles), that Avast is causing problems and my Faulty HDD. Now I have new HDD, but I am still running same Avast. I am not sure how to detect is it OK or no, but if my game will still crash too often I will ask for help on that forum again. Just to be sure that it's not or IS Avast fault.
    I will keep you posted about it. I will try playing today maybe a little more.
    Cheers and have a nice weekend.

    ReplyDelete
  16. What is the easiest way to remote desktop?

    ReplyDelete
  17. @Silver MLM:

    A bit off topic? Feel free to PM me with questions not related to posts. In any case, the facility provided by Microsoft Windows Live Mesh is pretty slick, trivaial to use, gives RDA local or over the web, no firewall/router configuration needed, etc.

    For cross O/S, VNC is your best bet.

    ReplyDelete