Post reply

[DBNETLIB][ConnectionOpen (SECDoClientHandshake()).]SSL Security error

  • January 7, 2020 at 2:50 pm

    #3713197

    We are experiencing the following error when attempting to run a SQL Server 2016 SSIS package.

    Error: 2020-01-07 11:01:19.31
    Code: 0xC0202009
    Source: InsightMonthlyFile Connection manager "CognitionDB"Description: SSIS Error Code DTS_E_OLEDBERROR. 
    An OLE DB error has occurred. Error code: 0x80004005.An OLE DB record is available.  Source: "Microsoft OLE DB Provider for SQL Server"  Hresult: 0x80004005  Description: "[DBNETLIB][ConnectionOpen (SECDoClientHandshake()).]SSL Security error.".
    End Error

    We temporarily re-enabled TLS 1.0 on the server and the package worked, but we need to ensure this protocol remains disabled. Both TLS 1.1 and TLS 1.2 are enabled on the server, and .NET Framework 4.7 is installed (we are running SQL Server 2016 Standard Edition on Windows Server 2016 Standard).

    We added a script task to the SSIS package as per here (in order to force the connection to use TLS 1.2, which is enabled), however the error is still occurring.

    Public Sub Main()
        ' Force SSIS package to use TLS 1.2.
        System.Net.ServicePointManager.SecurityProtocol = CType(3072, System.Net.SecurityProtocolType)
        Dts.TaskResult = ScriptResults.Success
    End Sub

    A very frustrating issue, especially since TLS 1.2 is supposed to be enabled by default. Can anyone please advise?

    Many thanks in advance.

    • This topic was modified 4 years, 3 months ago by  zoggling.

  • January 7, 2020 at 3:32 pm

    #3713231

    I've been through this before, but I've been to sleep since then

    I did a quick google based on my issue at the time and there are a few registry settings to modify

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]

    "SchUseStrongCrypto"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]

    "SchUseStrongCrypto"=dword:00000001

    this is obviously framework 4.0, but you get the drift? these force 4.0 to use TLS1.2

     

    original material from https://success.solarwindsmsp.com/kb/solarwinds_n-central/How-To-Force--NET-to-use-TLS-1-2

     

    MVDBA

  • January 7, 2020 at 4:29 pm

    #3713258

    Thank you for your reply. Unfortunately I have been unable to locate the keys you reference (or any equivalents), throughout the whole registry?

    Untitled

  • January 7, 2020 at 4:37 pm

    #3713273

    just keep googling - it was definatly a registry key for me

    MVDBA

  • January 7, 2020 at 4:47 pm

    #3713274

    We created both of those keys (as they were not present), but no cigar sadly. Been Googling for most of the day!!

  • January 8, 2020 at 8:53 am

    #3713518

    there aer definatly 2 or 3 articles on here about it

    I Turned TLS1.0 off and just kept plugging away - took me most of a day, but i'm sorry , I can't rememeber exactly the details other than registry

    MVDBA

Viewing 6 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Login to reply