locked
OleDbException (0x80004005): [DBNETLIB][ConnectionOpen (SECCreateCredentials()).]SSL Security error. RRS feed

  • Question

  • I have come here today after speding days trying to solve an issue. I have this ASP.Net application that I have been working on since 2010.

    Recently a new client showed interest in using the application. Of course, there were several requirements that my application needed to have. This client is very cautious when talking about security.

    One of the most important requirements was the support for the protocol TLS 1.2 They would disable older protocols (SSL 3.0, TLS 1.0), and only enable TLS 1.2

    As soon as they did that in their server my application stopped working. It was working before just fine, and the reason they need to apply this configuration is because they want to let users connect to the app through the Internet, not only inside their lan.

    This is the error I am getting when trying to connect to the application

    [OleDbException (0x80004005): [DBNETLIB][ConnectionOpen (SECCreateCredentials()).]SSL Security error.]
       System.Data.OleDb.OleDbConnectionInternal..ctor(OleDbConnectionString constr, OleDbConnection connection) +497
       System.Data.OleDb.OleDbConnectionFactory.CreateConnection(DbConnectionOptions options, DbConnectionPoolKey poolKey, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningObject) +100
       System.Data.ProviderBase.DbConnectionFactory.CreateNonPooledConnection(DbConnection owningConnection, DbConnectionPoolGroup poolGroup, DbConnectionOptions userOptions) +57
       System.Data.ProviderBase.DbConnectionFactory.TryGetConnection(DbConnection owningConnection, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal oldConnection, DbConnectionInternal& connection) +1143
       System.Data.ProviderBase.DbConnectionInternal.TryOpenConnectionInternal(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions) +314
       System.Data.ProviderBase.DbConnectionInternal.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory) +23
       System.Data.OleDb.OleDbConnection.Open() +52
       XS.dbUtils.TConexao.conexao@0(String sessionid) +1103
       XS.dbUtils.TConexao.conexao(String sessionid, Boolean novaconexao) +70
       XS.dbUtils.TUtils.QryOpen2(String sessionid, String sql, Object[] Parametros) +65
       XS.dbUtils.TUtils.QryValues(String sessionid, String sql, Object[] Parametros, String[] DefaultValue) +41
       GestaoEstrategica.TLoginNovo.Page_Load(Object sender, EventArgs ev) +411
       System.Web.UI.Control.OnLoad(EventArgs e) +103
       System.Web.UI.Control.LoadRecursive() +68
       System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1381

    Here is the enviroment:

    • Asp.Net Application running with .Net 4.5.2
    • SQL Server 2012
    • Today I tried to connect to an instance using SQL Server 2016

    Here are the things I have found and tried in order to solve this problem:

    • First I thought my application would not work with TLS 1.2, so I did what it is saying here blogs.perficient.com/microsoft/2016/04/tsl-1-2-and-net-support/

      ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
    • Second I started to think it was related to the SQL Version. I found this page here talking about an update:  blogs.msdn.microsoft.com/sqlreleaseservices/tls-1-2-support-for-sql-server-2008-2008-r2-2012-and-2014/

    • The page above led me to this link support.microsoft.com/pt-br/help/3135244/tls-1-2-support-for-microsoft-sql-server I figured I needed that upate in order to solve the issue. However, none of that worked.

    • Last thing I did was to start an instance of Windows Server 2016 with SQl Server Standard 2016. According to the link above, the SQL Server 2016 already comes with support to TLS 1.2. However, I am getting the same error DBNETLIB][ConnectionOpen (SECCreateCredentials()).]SSL Security error

    It has been almost a month doing research, reading foruns, and I can't solve this problem. Can someone help me out? I don't know what else to try. This is the first time I have to deal with this kind of security, so it has been really hard to understand what is going on.

    Thursday, January 25, 2018 8:03 PM

All replies

  • 1.2. However, I am getting the same error DBNETLIB][ConnectionOpen (SECCreateCredentials()).]SSL Security error

    Hi Arthur,

    The error message above is caused by the Client side rather than Server side. For this purpose, you need to update client component .NET Framework 4.5. If it doesn't work, you may try to change the way of connecting to SQL Server.(ODBC driver)

    Please refer:

    TLS 1.2 support for Microsoft SQL Server

    Best Regards,

    Will


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Friday, January 26, 2018 6:40 AM
  • Hi Will_Kong!

    Thanks a lot for the suggestion. I was able to solve this issue by doing what you said.

    - updated .NET Framework to 4.7

    - Installed  the Microsoft ODBC Driver 13.1 for SQL Server

    - Changed a property suggested in this link:

    https://community.ipswitch.com/s/article/How-to-resolve-SSL-Security-error-and-SECCreateCredentials-failures-in-Admin-Console-and-ODBC-connections-after-disabling-SSL-and-TLS1-0-protocols-on-the-WhatsUp-Gold-server

    Thanks a lot again! 

    :)

    Friday, January 26, 2018 1:14 PM
  • Hi Arthur,

    It is happy to hear that you have solved your issue. Well, since you have got your solution, please help mark useful reply as answer, so that it would be beneficial to anyone else reading this thread for more detailed description.

    Thanks for your contribution.

    Best Regards,

    Will


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Tuesday, January 30, 2018 11:20 AM