MsxEncryptChannelOptions and Multi-server administration

  • Edward Mlynar

    SSCommitted

    Points: 1723

    Setting up the multi-server administration failed for me because the MsxEncryptChannelOptions registry value on the server I am attempting to make the target is set to '2'. According to Microsoft and everyone else on the interwebz, changing it to '0' resolves this issue.

    My question is what are the effects of changing the value to '0'? Seeing as this is a production server, making changes to the registry without knowing what else it will effect kinda makes me nervous.

    What else uses this registry entry or is it exclusively used by the multi-server admin functions?

    ...

  • BuntyBoy

    SSCommitted

    Points: 1876

    don't mess with registry.....

    ===========================================
    Better try and fail than not to try at all...

    Database Best Practices[/url]

    SQL Server Best Practices[/url]

  • ctrlb

    Old Hand

    Points: 383

    I was really hesitant about modifying the registry as well, so I wrote a PowerShell Script to do it in a controlled and safe manner.

    Safely Enable SQL Server Agent MultiServer Administration using PowerShell[/url]

  • wayne.fairless

    SSC Enthusiast

    Points: 157

    I'm creating scripts for deployment, so it was simpler to use xp_regwrite:

    EXEC master..xp_regwrite

    @rootkey='HKEY_LOCAL_MACHINE',

    @key='SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\SQLServerAgent',

    @value_name='MsxEncryptChannelOptions',

    @type='REG_SZ',

    @value='00000000'

    -- 0 Disables encryption between this target server and the master server. her means.

    -- 1 Enables encryption only between this target server and the master server, but no certificate validation is required.

    -- 2 Default. Enables full SSL encryption and certificate validation between this target server and the master server.

  • Allen McGuire

    Mr or Mrs. 500

    Points: 588

    Probably worth noting that if you use the xp_regwrite version, you should go to your passive nodes in your clusters right away so you don't forget to update those as well. Otherwise upon failover, things will stop working.

    Good post otherwise.


    Kindest Regards,

    Allen McGuire
    madtownlounge.com

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Login to reply