How to enable Schannel event logging in IIS

Enable logging

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Start Registry Editor. To do this, click Start, click Run, type regedt32, and then click OK.

Locate the following key in the registry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL

On the Edit menu, click Add Value, and then add the following registry value:
Value Name: EventLogging
Data Type: REG_DWORD

Note After you add this property, you must give it a value.
See the table in the "Logging options" section to obtain the appropriate value for the kind of events that you want to log.

Exit Registry Editor and restart the computer.
Logging does not take effect until after you restart the computer

Logging options

The default value for Schannel event logging is 0x0000 which means that no Schannel events are logged.
Additionally, you can log multiple events by specifying the hexadecimal value that equates to the logging options that you want. For example, to log error messages (0x0001) and warnings (0x0002), set the value to 0x0003.
Value Description
0x0000 Do not log
0x0001 Log error messages
0x0002 Log warnings
0x0004 Log informational and success events

Applies to

Microsoft Internet Information Services 8.0
Microsoft Internet Information Services 7.5
Microsoft Internet Information Services 7.0
Microsoft Internet Information Services 6.0
Microsoft Internet Information Services 5.1
Microsoft Internet Information Services 5.0
Microsoft Internet Information Server 4.0

Citrix Client SSL Error Codes

Taken from : http://support.citrix.com/article/CTX113309 as when i need them i can never find the article !

Note: This list contains general information and might not fully explain the reason for your error. This information is provided “as is” and is not meant to be an official rendering of the SSL error code definitions. Refer to the Disclaimer for more information.

* 0 Everything is fine *

* 1 Redo handshake before other things *

* 2 Handshake loop is complete *

* 3 An error occurred that cannot be further defined *

* 4 An error occurred while reading *

* 5 An error occurred in the provider. No further information is available *

* 6 A required library is missing *

* 7 A required library has no entry point? *

* 8 Initialization (of whatever was being initialized, library) failed *

* 9 There is no memory left for the application to use *

* 10 Can't locate your certificate. *

* 11 Your certificate isn't in a format readable by the provider *

* 12 You do not have permission to access the specified certificate *

* 13 The SSL package isn't there (SChannel specific) *

* 14 Can't work to the cipher strength required *

* 15 The context has expired or isn't properly initialized *

* 16 The buffer read isn't a valid SSL packet *

* 17 The buffer read isn't a valid socks 5 packet *

* 18 Your SSL packet has been modified illegally *

* 19 Your SSL packet is out of sequence *

* 20 The data received is not a complete packet *

* 21 The server response to socks hello is bad *

* 22 The server response to socks connect request is bad *

* 23 We do not support the given address type *

* 24 Send the given buffer, and terminate the communication (SChannel specific) *

* 25 Do socks 5 server side redirection before completing handshake (SChannel specific) *

* 26 Unable to open the specified keystore *

* 27 Unable to find the specified identity cert *

* 28 The socket given to a function is not of the right type (SChannel specific) *

* 29 The socks 5 handshake broke down in an unspecified manner *

* 30 The buffer supplied is not big enough for all the data *

* 31 The SDK context supplied is not valid for the function called *

* 32 The clients socks 5 hello is bad *

* 33 The clients connect request is bad *

* 34 The socks 5 command requested is not supported *

* 35 The socks 5 server refuses to redirect to the required destination *

* 36 The destination network requested is inaccessible *

* 37 The destination host requested is unreachable *

* 38 Connection to the destination host requested is refused *

* 39 The TTL on the packet sent the destination host requested expired *

* 40 The hostname could not be resolved *

* 41 A socket could not be created *

* 42 Connection to the host is refused *

* 43 A close notify alert was received *

* 44 An unexpected message alert was received *

* 45 A bad mac alert was received *

* 46 A decompression failure alert was received *

* 47 A handshake failure alert was received *

* 48 A no certificate alert was received *

* 49 A bad certificate alert was received *

* 50 An unsupported certificate alert was received *

* 51 A certificate revoked alert was received *

* 52 A certificate expired alert was received *

* 53 A certificate unknown (untrusted) alert was received *

* 54 An illegal parameter alert was received *

* 55 An unknown alert was received (probably TLS alert) *

* 56 Unable to set the CA certs verify path (OpenSSL specific) *

* 57 Unable to set identity certificate *

* 58 Unable to set private key *

* 59 The common name on the ID certificate is not what was expected *

* 60 (OpenSSL specific) a zero depth self signed cert was received *

* 61 (OpenSSL specific) a root cert to match the identity received could not be found locally *

* 62 (OpenSSL specific) a root cert to match the identity received could not be found at all *

* 63 (OpenSSL specific) a self signed cert was in the chain received *

* 64 (OpenSSL specific) unable to verify the signature on the leaf cert *

* 65 (OpenSSL specific) unable to decode the issuers public key *

* 66 (OpenSSL specific) unable to verify the signature on a cert *

* 67 (OpenSSL specific) the before field in the cert is corrupt *

* 68 (OpenSSL specific) the certificate is not yet valid *

* 69 (OpenSSL specific) the expiry field in the cert is corrupt *

* 70 (OpenSSL specific) the certificate has expired *

* 71 A method called is unimplemented *

* 72 The provider could not load any of the root certs in the keystore *

* 73 The provider could not load some of the root certs in the keystore *

* 74 Client authentication failed *

* 75 The connection timed-out *

* 76 A server certificate was revoked *

* 77 No CRL could not be retrieved for one of the certificates *

* 78 Revocation support is not available *