Произошла неустранимая ошибка при создании учетных данных tls

If you get A fatal error occurred while creating a TLS client credential error in the Event Viewer, you can resolve the problem with the help of this guide. This error occurs on Windows 11 as well as Windows 10.

The entire error message says:

A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

This error appears on your computer when you do not have TLS 1.0 and TLS 1.1 enabled. Although most programs may not require it when you have TLS 1.2 or TLS 1.3, some old programs might need them for connecting to the internet. If it happens, you can get rid of this error with the help of this method.

TLS or Transport Layer Security is a security protocol that is designed with two goals in mind—maintaining Privacy and Data security on the internet. Vulnerabilities were detected in TLS 1.0, and so for this reason it is disabled by default in Windows. TLS 1.3 is aimed to make sure less user information is available in plain text. It uses three cipher suites to achieve that in the earlier version of TLS. Client authentication exposed client identity unless renegotiation was made.

So if you wish to get around this issue, you may temporarily enable TLS 1.0 and TLS 1.1 on your system by following any one of these methods.

To fix A fatal error occurred while creating a TLS client credential, The internal error state is 10013 while creating a TLS client credential error, follow these steps:

1. Enable TLS 1.0/1.1 using Internet Properties
2. Change values in the Registry

To learn more about these steps, continue reading.

1] Enable TLS 1.0/1.1 using Internet Properties

As said earlier, you need to enable or turn on TLS 1.0 and TLS 1.1 on your computer in order to fix this issue. As these are not enabled by default on Windows 11 and Windows 10, you need to do that manually. For that, you can get the help of the Internet Properties panel. In order to enable TLS 1.0/1.1 on Windows 11/10, do the following:

• Search for internet properties in the Taskbar search box.
• Click on the individual search result.
• Switch to the Advanced tab.
• Find the TLS 1.0 and TLS 1.1.
• Tick both checkboxes.
• Click the OK button.

You may need to restart your computer to get the job done. Once done, you won’t find the aforementioned error message. To verify that, you can open the Event Viewer and check if the problem is resolved or not.

However, this needs to be a temporary measure only, as it is not very secure to use TLS 1.10 and TLS 1.1 for long.

2] Change values in the Registry

If you get the above-mentioned error, a simple change in the Registry file could fix the issue. However, you may need to create some keys and REG_DWORD values as well. Whether it is Windows 11, Windows 10, or any other older version, you can do the following:

Press Win+R to open the Run prompt.

Type regedit > click the OK button > click the Yes option.

Navigate to this path:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols

Right-click on Protocols > New > Key and name it as TLS 1.2.

Right-click on TLS 1.2 > New > Key and name it as Client.

Right-click on Client > New > DWORD (32-bit) Value.

Set the name as DisabledByDefault.

Right-click on Client > New > DWORD (32-bit) Value.

Set the name as Enabled.

Double-click on it to set the Value data as 1.

Click the OK button.

Finally, restart your computer. Once done, your computer won’t show such error messages in the Event Viewer anymore.

That’s all! I hope this guide helped.

How do you check if TLS 1.2 is enabled?

The easiest way to check if TLS 1.2 is enabled or not on Windows 11/10 PC. You can use the Internet Properties panel. For that, press Win+R to open the Run prompt, type inetcpl.cpl, and hit the Enter button. Then, switch to the Advanced tab and navigate to the Security section. Now, check if the Use TLS 1.2 checkbox is enabled or not. If ticked, TLS 1.2 is turned on.

How do you check if TLS 1.0 is enabled on server?

To check if TLS 1.0 is enabled on the server or not, you can use the same steps as above. Having said that, you can search for internet properties in the Taskbar search box and click on the individual search box. Go to the Advanced tab and check if the Use TLS 1.0 checkbox is enabled or not.

Read: How to disable TLS 1.0 in Windows.

A fatal error occurred while creating a TLS client credential. The internal error state is 10013″. The Windows tool prompts this message repeatedly and disturbs continuing ongoing tasks.

The fatal error occurred while creating a TLS client credential commonly appears when you launch a program, browse the web, or connect to a network. The reason is a disagreement between client and server on a mutual cipher to use to establish a secure connection. However, you can fix the internal error state is 10013 in Windows 11 or 10 simply using the methods in the upcoming parts of this post –

Here is how to Fix A fatal error occurred while creating a TLS client credential. The internal error state is 10013 Windows 11/10 –

For Windows 10 or 11 –

Way-1: Enable TLS 1.0 and 1.1 Protocols

1. Press – Windows+R.
2. Type – ncpa.cpl.
3. Click OK or hit Enter.

1. Once the Internet properties window opens up, click on the Advanced tab.
2. Scroll down and check both Use TLS 1.0 and Use TLS 1.1.
3. Click Apply and then OK.

1. Reboot the device and check if the error A fatal error occurred while creating a TLS client credential still appears.

Way-2: Registry tweak to fix The internal error state is 10013

1. Click – Search.
2. Type – regedit. See – 9 Ways to Open Registry Editor in Windows 10.
3. Hit – Enter.
4. On User Account Control prompt, select – Yes.
5. On the Registry Editor, navigate to the location –

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client

1. Go to right pane, right click and select New => DWORD (32-bit) Value.
2. Name the value DisabledByDefault.
3. Double click on this value and enter Value data 0.
4. Click – OK.

1. Similarly, create one more value named, Enabled. and put value data 1 for this.
2. Close the registry editor and restart the PC.

For Windows Server

Way-3: Enable deprecated Transport Layer Security protocols

1. Click on IIS Crypto GUI and download the tool.
2. Double click on IISCrypto.exe and launch the app.
3. By default, it opens with the Schannel tab.
4. Check TLS 1.0 and TLS 1.1 in both the Server protocols and Client protocols sections.
5. Click on – Apply. These are the deprecated protocols.

Way-4: Solve A fatal error occurred while creating a TLS client credential by running a PowerShell Script

You can also enable TLS 1.2 using a script. Simply follow the steps –

1.  Download TLS1.2_enable.
2. Unpack the file by extracting the file.
3. Right-click on the TLS1.2_enable.ps1 and select Run with PowerShell.
4. Alternatively, launch PowerShell ISE.
5. Copy the following script –

New-Item 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319' -name 'SystemDefaultTlsVersions' -value '1' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319' -name 'SchUseStrongCrypto' -value '1' -PropertyType 'DWord' -Force | Out-Null
New-Item 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319' -name 'SystemDefaultTlsVersions' -value '1' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319' -name 'SchUseStrongCrypto' -value '1' -PropertyType 'DWord' -Force | Out-Null
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -name 'Enabled' -value '1' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -name 'DisabledByDefault' -value 0 -PropertyType 'DWord' -Force | Out-Null
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'Enabled' -value '1' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'DisabledByDefault' -value 0 -PropertyType 'DWord' -Force | Out-Null
Write-Host 'TLS 1.2 has been enabled.'

1. Paste the script in PowerShell ISE.
2. Press – Enter.

1. Restart the Windows Server.
2. Now open Start Event Viewer. Go to Windows Logs and click – System.
3. You will no longer find The error “Event ID 36871: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.”

Methods list:
Way-1: Enable TLS 1.0 and 1.1 Protocols
Way-2: Registry tweak to fix The internal error state is 10013
Way-3: Enable deprecated Transport Layer Security protocols
Way-4: Run a PowerShell Script

That’s all!!

Repair any Windows problems such as Blue/Black Screen, DLL, Exe, application, Regisrty error and quickly recover system from issues using Reimage.