Hello,
I am having an issue very similar to http://forums.iis.net/post/1992139.aspx, which was never resolved. I have just upgraded our server from Windows Server 2003 to Windows Server 2008 R2. TLS 1.0 is the only protocol enabled in the registry, and all of our local systems and some remote systems can connect to the server, no problem. However, some remote systems cannot connect to the server without SSL 2.0 being enabled in their Internet Explorer settings. There doesn't seem to be any common denominator regarding OS, IE version, etc, but I can't be 100% sure since I don't know the specs on all of the remote systems. The only reason we found the SSL 2.0 workaround is a good guess on the part of a coworker.
I've run through http://www.iis.net/learn/troubleshoot/security-issues/troubleshooting-ssl-related-issues-server-certificate and I'm stuck on Scenario 5. When a remote system doesn't connect, I can see in Wireshark that the server sends the server hello, and then the client kills the connection.
I do receive some SCHANNEL errors in my System log. All of the most recent errors are 36887, with error codes either 10 or 48. These don't appear to happen on any set interval, or specifically when a client tries to connect.
We have been thinking it had something to do with the clients' proxy servers. One of the clients was able to change proxy servers and that worked, but we also know that the upgraded server has something to do with the issue because when we roll back to the old server, every client can connect.
Any help would be greatly appreciated. Thanks!