Forum Discussion

WillClarke's avatar
WillClarke
Occasional Contributor
6 years ago
Solved

SSL Security error when running SQL scripts

Hey all.

 

We made some security updates switching from TLS 1.1 to TLS 1.2 on our SQL servers and we get the following error when attempting to connect to the server

"[DBNETLIB][ConnectionOpen (SECCreateCredentials()).]SSL Security error"

 

for the script in particular we use a connection string like follows

"Provider=SQLOLEDB.1;Integrated Security=SSPI;Persist Security Info=False;Initial Catalog=DBNAME;Data Source=SERVERNAME;"

 

NOTE: I also changed it to use ODBC instead and still for the SSL Security Error

Prior to the security update, everything has been hunky dory and we have not had errors with anything else.

 

has anyone else experienced this issue or know the best way to resolve?

  • What the IT team ended up okaying and doing was adding a new ODBC DSN with stronger security. We updated the connection string to use the new DSN and it worked.

     

    Thanks for the suggestions and help.

4 Replies

  • Not exactly a match to your isssue but I encountered this TSL issue in Visual Studio.  Microsoft recommended forcing the underlying System.Net ServicePointManager to negotiate downlevel SSL instead of using TLS.  They provided a plugin for VS that worked.  You will need to research if this is possible in TC.

    • tristaanogre's avatar
      tristaanogre
      Esteemed Contributor

      Again, it's a .NET version registry key

       

      Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319

       

      if it's not present, create a DWORD key called SchUseStrongCrypto and set it to 1.  Do it for oth the WOW6432 and the Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319

  • tristaanogre's avatar
    tristaanogre
    Esteemed Contributor

    I have not experience that issue.  However, when some of our servers and such switched here to use the new stronger certifications, some of our other software started generating errors.  Specifically, we were running the 2013 version of Team Explorer and that was generating a number of errors.

    Turns out that it is a different in the .NET version.  Team Explorer 2017 uses a newer version of .NET which includes strong encryption as the default.  So, it COULD be possible that you need to make a registry key setting to change the .NET libraries for SQLOLDDB to use strong encryption.

  • WillClarke's avatar
    WillClarke
    Occasional Contributor

    What the IT team ended up okaying and doing was adding a new ODBC DSN with stronger security. We updated the connection string to use the new DSN and it worked.

     

    Thanks for the suggestions and help.