none
Appication cannot connect SQL Server with TLS 1.0 disabled

    General discussion

  • Hello

    I have SQL Server 2014 (fully patched with SP and CU) on one vm (Windows Server 2012 R2). On the second vm (same OS) I have  application. Recently TLS 1.0 has been disabled on all servers and app can't connect SQL now. From app config file I see "Provider=SQLOLEDB.1". I have seen https://support.microsoft.com/en-us/help/3135244/tls-1.2-support-for-microsoft-sql-server and I was able to fix other apps using .NET or ODBC but still don't know how to fix SQLOLEDB.1.

      


    Thursday, January 19, 2017 10:33 AM

All replies

  • Please post output from issuing this command on your SQL instance:

    SELECT 
    	SERVERPROPERTY ('MachineName') as 'Host',
    	SERVERPROPERTY ('InstanceName') as 'Instance',
    	SERVERPROPERTY ('ProductVersion') as 'Version', 
    	SERVERPROPERTY ('ProductLevel') as 'Level', 
    	SERVERPROPERTY ('Edition') as 'Edition'	
    ORDER BY
    	'Host'

    Thanks,


    Phil Streiff, MCDBA, MCITP, MCSA

    Thursday, January 19, 2017 12:48 PM
  • Hi Phil

    Here are instance details (I had to rename host and instance name).

    Host: WIN123

    Instance: SQL123

    Version: 12.0.5511.0

    Level: SP2

    Edition: Standard Edition (64-bit)

    Thanks

    Thursday, January 19, 2017 1:07 PM
  • What sql authentication do you have enabled on the SQL instance? 'SQL Server and Windows authentication mode' or just 'Windows authentication mode'?

    Does the app connect with a Windows account or SQL account? What is the error message returned when connection attempt fails?

    Is TLS 1.2 security protocol enabled on the SQL Server machine?

    Can you post connection string (with fake password) used by the app to connect to SQL instance?

    Thanks,


    Phil Streiff, MCDBA, MCITP, MCSA

    • Edited by philfactor Thursday, January 19, 2017 3:51 PM
    Thursday, January 19, 2017 1:52 PM
  • App uses SQL auth. 

    Unfortunately app is not returning anything useful. It was working before windows patching at the end of Dec. I fixed other applications installing client components mentioned in https://support.microsoft.com/en-us/help/3135244/tls-1.2-support-for-microsoft-sql-server but still have a problem with that one and import to Excel 2013. I guess they both use SQL OLE DB Provider. 

    TLS 1.2 is enabled on SQL Server machine.

    Connection string is OK. It was working before. The only important thing is Provider=SQLOLEDB.1.


    Thursday, January 19, 2017 4:26 PM
  • Apparently, if your app uses a .NET Framework version lower than 4.6.1, the TLS 1.2 security protocol is not supported.

    You should install .NET Framework version 4.6.1 (or above) on you app server to resolve the issue.

    Alternatively, if you have to stay on .NET Framework 4.5.x, then...

    .NET 4.5. TLS 1.2 is supported, but it’s not a default protocol. You need to opt-in to use it. The following code will make TLS 1.2 default, make sure to execute it before making a connection to secured resource:
     
    ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12

    Reference:
    .NET Framework versions and dependencies
    TLS 1.2 and .NET Support: How to Avoid Connection Errors

    [Please mark as answer if this post helps you]

    Hope that helps,


    Phil Streiff, MCDBA, MCITP, MCSA

    • Edited by philfactor Thursday, January 19, 2017 10:03 PM
    Thursday, January 19, 2017 4:55 PM
  • Problem is that application is not .NET. It uses SQL OLE DB Driver - not ADO.NET.
    Friday, January 20, 2017 7:10 AM