Encryption is required...

Question

Hi all,

Have setup a sql 2005 x64 sp2 a/p cluster and installed a cert from our own cert. authority. Enabled "Force encryption" on the server config.

Can connect connect with all my clients exept one.

If I try to connect with this specific client the errorlog on server shows:

 

Error: 17835, Severity: 20, State: 1.
2007-05-09 18:33:41.99 Logon       Encryption is required to connect to this server but the client library does not support encryption; the connection has been closed. Please upgrade your client library. [CLIENT: 138.xxx.xxx.xx7]

 

What do I have to upgrade on client side?

- SQLServer driver ??

- Native client ?

- Somthing else ?

 

Thanks for a kick in the right direction

acki

Answer 1

Was this ever answered/resolved?  I am seeing this same issue on one particular setup and can't find any information pointing to a solution.  In my case the setup that fails is:

 

Windows 2000 Server with SP4 plus latest hotfixes

SQL Server 2005 SP2

MDAC 2.8 SP1

 

The application event log just fills with the error stated in the prior post until encryption is disabled.  I can't find any info on what "upgrade your client library" might mean and upgrading to the latest MDAC and running the latest sqlncli.msi haven't changed the behavior at all.

 

Any insight is appreciated.

 

Answer 2

 

Hi,

 

I am receiving the same error but not sure about the solution .... Please Help....

 

Encryption is required to connect to this server but the client library does not support encryption; the connection has been closed. Please upgrade your client library. [CLIENT: xxx.xxx.xx.xx].

 

Is this something related to SQL Server? The error seems to be client side?

 

Thanks in Advance,

Sumit

Answer 3

If you are using jtds jdbc driver to connect to a SQL Server that forces encryption, I tried JTDS JDBC Driver v1.2.4 and in my connection configuration, appended the jdbc url to be:

<jdbc.url>jdbc:jtds:sqlserver://x.x.x.x:1433/DB_NAME;ssl=request</jdbc.url>

you can also specify ssl=require or ssl=authenticate

http://jtds.sourceforge.net/faq.html

Answer 4

Install the public key in the client server.  Let em know if the following helps

For the client to request the SSL encryption, the client computer must trust the server certificate and the certificate must already exist on the server. You have to use the MMC snap-in to export the Trusted Root Certification Authority used by the server certificate:

1.       To export the server certificate's Trusted Root Certificate Authority (CA), follow these steps:

a.       Open MMC, and then locate your certificate in the Personal folder.

b.      Right-click the certificate name, and then click Open.

c.       Review the Certification Path tab. Note the top most item.

d.      Navigate to the Trusted Root Certification Authorities folder, and then locate the Certificate Authority noted in step c..

e.      Right-click CA, point to All Tasks, and then click Export.

f.        Select all the defaults, and then save the exported file to your disk where the client computer can access the file.

1.       Follow these steps to import the certificate on the client computer:

a.       Navigate to the client computer by using the MMC snap-in, and then browse to the Trusted Root Certification Authorities folder.

b.      Right-click the Trusted Root Certification Authorities folder, point to All Tasks, and then click Import.

Answer 5

I have this problem as well.  I have tried  ssl=require or ssl=authenticate and it doesn't work.  Anyone find a fixfor this?

Answer 6

OK, I know it's an old thread, but still have no answer how to solve the problem...
Just struggled over a fact today.

If I use only the computername in my connectstring I get the described error and cannot connect, but if I use FQDN in connect string the connection is established and no error comes up!

Dono why, but maybe this helps sombody...

Cheers
acki4711