Test connection failed because of an error in initializing provider. DBNETLIB ConnectionOpen SecDoClientHandshake SSL security error

Question

I'm running all Windows 2016 Servers. I've got MS SQL 2016 installed on one. For whatever reason, we cannot connect to the SQL Server unless we enable TLS 1.0 which is obviously not cool.

I found this: https://github.com/MicrosoftDocs/windowsserverdocs/issues/2783 which talks about how TLS 1.2 should be natively enabled across the board. I've verified TLS 1.2 is enabled in the registry on all involved servers. There is another MS doc referred to in the above link that suggests that isn't enough, we may also need to enable ciphers. So I enabled the RC4 ciphers in the registry on both servers, but still no change. Unless TLS 1.0 is enabled, no talk.

I can even go onto the SQL Server, and create a .UDL connection test (to itself) and it also fails unless TLS 1.0 is enabled.

Any ideas?

TLS 1.2 support depends on build version and driver version of the client. See https://dba.stackexchange.com/questions/107820/sql-server-compatibility-with-new-tls-standards and https://support.microsoft.com/en-us/topic/kb3135244-tls-1-2-support-for-microsoft-sql-server-e4472ef8-90a9-13c1-e4d8-44aad198cdbe — Fredric Shope, Jul 06 '21 at 17:35
You can change provider from SQLOLEDB to MSOLEDBSQL if that is the case. If possible use newer ones of course. See https://learn.microsoft.com/en-us/sql/connect/oledb/oledb-driver-for-sql-server?view=sql-server-2017 and https://learn.microsoft.com/en-us/sql/ado/guide/appendixes/microsoft-ole-db-provider-for-sql-server?view=sql-server-2017 — endo64, Jul 21 '23 at 19:11

David Browne - Microsoft · Answer 1 · 2021-07-06T23:19:50.720

1

The built-in Windows drivers for SQL Server didn't get TLS 1.2 support until Windows Server 2019, see KB4580390.

On older Windows you'll have to install newer SQL Server ODBC or OleDB drivers that support TLS 1.2.

edited Jul 06 '21 at 23:19

answered Jul 06 '21 at 23:14

David Browne - Microsoft

46,306
3
46
96

We actually do have the ODBC driver installed. What we ended up having to do was to install the SQL Server Native Client and then the magic worked. – Steven Jul 12 '21 at 11:49

score 1 · Answer 2 · answered Jul 12 '21 at 11:51

1

We had to install the SQL Server Native Client for SQL 2012 (2016 uses this driver as well) and then I upgraded the version of sqlnci on the SQL Server to the same version, then all was happy.

answered Jul 12 '21 at 11:51

Steven

11
1
1
2

Test connection failed because of an error in initializing provider. DBNETLIB ConnectionOpen SecDoClientHandshake SSL security error

2 Answers2