A fatal error occurred while creating a TLS client credential. The internal error state is 10013
Basically we had to enable TLS 1.2 for .NET 4.x. Making this registry changed worked for me, and stopped the event log filling up with the Schannel error.
More information on the answer can be found here
Linked Info Summary
Enable TLS 1.2 at the system (SCHANNEL) level:
Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]"DisabledByDefault"=dword:00000000"Enabled"=dword:00000001[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]"DisabledByDefault"=dword:00000000"Enabled"=dword:00000001(equivalent keys are probably also available for other TLS versions)
Tell .NET Framework to use the system TLS versions:
Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]"SystemDefaultTlsVersions"=dword:00000001[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]"SystemDefaultTlsVersions"=dword:00000001This may not be desirable for edge cases where .NET Framework 4.x applications need to have different protocols enabled and disabled than the OS does.
After making no changes to a production server we began receiving this error. After trying several different things and thinking that perhaps there were DNS issues, restarting IIS fixed the issue (restarting only the site did not fix the issue). It likely won't work for everyone but if we tried that first it would have saved a lot of time.
In my case, the Windows 2016 server where this was happening was hardened for security compliance. As a result, only specific cipher suites were allowed. This was causing an incompatibility when making HTTPS connections to highly secure endpoints (like Apple Push Notifications API aka APNS)
To fix the issue, I downloaded IIS Crypto and clicked on the Cipher Suites button on the left, to display the list of enabled/disabled cipher suites, and then clicked the "Best Practices" button and rebooted the server. Problem fixed.