Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
PS C:Users>
whoami
Known on Twitter as
@banerjeeamit
An affair with SQL Server for nearly a decade
Sr. Program Manager on ...
No known vulnerabilities have been reported for the
Microsoft TDS implementation. This is the communication
protocol that'...
SQL Server Tiger Team
SQL Server Tiger Team
SQL Server Tiger Team
SQL Server Tiger Team
SQL Server 2014 FCI or below
Web servers
• .NET Framework update to use TLS 1.2 with
Database Mail
• Applicable Client Sid...
SQL Server 2014 FCI or below
Web servers
• Apply the .NET updates
• Applicable Client Side Components
• SQL Server Native ...
SQL Server 2014 FCI or below
Web servers
• Applicable Client Side Components
• SQL Server Native Client
• ADO.NET (SqlClie...
SQL Server Tiger Team
The report server cannot open a connection to the report server
database. A connection to the databa...
SQL Server Tiger Team
Connection handshake failed. An OS call failed: (80090331) 0x80090331(The client and server cannot c...
SQL Server Tiger Team
Wait on the Database Engine recovery handle failed. Check the SQL Server error log for potential cau...
SQL Server Tiger Team
Connection handshake failed. An OS call failed: (80090331) 0x80090331(The client and server cannot c...
SQL Server Tiger Team
Agent Log:
Microsoft.SqlServer.Management.SqlIMail.Server.Common.BaseException:
Mail configuration i...
SQL Server Tiger Team
Could not connect to server: A connection was successfully established to the server, but then an er...
SQL Server Tiger Team
SQL Server Tiger Team
https://github.com/amitmsft/MSSQLTIGERDemos
http://spoke.at/TigerTLS
https://blogs.msdn.microsoft.co...
• Blog:
• Aka.ms/sqlserverteam
• www.troubleshootingsql.com
• Twitter:
• @banerjeeamit
• @mssqltiger
Securing SQL Server with TLS 1.2
Securing SQL Server with TLS 1.2
Securing SQL Server with TLS 1.2
Securing SQL Server with TLS 1.2
Upcoming SlideShare
Loading in …5
×

Securing SQL Server with TLS 1.2

3,871 views

Published on

Recent changes to security compliance is driving the initiative in various IT environments to disable all security protocols apart from TLS 1.2. This has wide ranging impact on SQL Server installations from startup failures to connectivity issues. In this session, we will talk about the changes available in SQL Server 2008 and above to support TLS 1.2 and the changes required on the server and SQL Server configuration to support TLS 1.2.

All the script samples are available on GitHub at https://github.com/Microsoft/tigertoolbox/tree/master/tls1.2

Published in: Technology

Securing SQL Server with TLS 1.2

  1. 1. PS C:Users> whoami Known on Twitter as @banerjeeamit An affair with SQL Server for nearly a decade Sr. Program Manager on the Microsoft SQL Server (TIGER) product team Speaker at SQL PASS 24HOP TechEd Virtual TechDays User Groups SQL Saturdays SQLBITS Co-authored “Pro SQL Server on Microsoft Azure” Co-authored “Professional SQL Server 2012: Internals and Troubleshooting” Own TroubleshootingSQL.com Also found on http://aka.ms/sqlserverteam 2 @mssqltiger
  2. 2. No known vulnerabilities have been reported for the Microsoft TDS implementation. This is the communication protocol that's used between SQL Server clients and the SQL Server database engine.
  3. 3. SQL Server Tiger Team
  4. 4. SQL Server Tiger Team
  5. 5. SQL Server Tiger Team
  6. 6. SQL Server Tiger Team
  7. 7. SQL Server 2014 FCI or below Web servers • .NET Framework update to use TLS 1.2 with Database Mail • Applicable Client Side Components • SQL Server Native Client • ADO.NET (SqlClient) • Microsoft ODBC Driver for SQL Server • JDBC Driver
  8. 8. SQL Server 2014 FCI or below Web servers • Apply the .NET updates • Applicable Client Side Components • SQL Server Native Client • ADO.NET (SqlClient) • Microsoft ODBC Driver for SQL Server • JDBC Driver
  9. 9. SQL Server 2014 FCI or below Web servers • Applicable Client Side Components • SQL Server Native Client • ADO.NET (SqlClient) • Microsoft ODBC Driver for SQL Server • JDBC Driver
  10. 10. SQL Server Tiger Team The report server cannot open a connection to the report server database. A connection to the database is required for all requests and processing. (rsReportServerDatabaseUnavailable) KB3135244: SQL Server client updates have not been applied, namely .NET Framework updates are required so that older versions of ADO.NET can use TLS 1.2.
  11. 11. SQL Server Tiger Team Connection handshake failed. An OS call failed: (80090331) 0x80090331(The client and server cannot communicate, because they do not possess a common algorithm.). State 56. KB3135244: Database engine needs to be updated to support TLS 1.2 communications for Service Broker, Database Mirroring and Availability Groups
  12. 12. SQL Server Tiger Team Wait on the Database Engine recovery handle failed. Check the SQL Server error log for potential causes. A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: Named Pipes Provider, error: 0 - No process is on the other end of the pipe.) KB3135769: Apply the necessary .NET fixes and run SQL Server setup again.
  13. 13. SQL Server Tiger Team Connection handshake failed. An OS call failed: (80090331) 0x80090331(The client and server cannot communicate, because they do not possess a common algorithm.). State 58.' KB3137281: TLS 1.2 doesn't support MD5 as a signature hash algorithm. Switch to a non-MD5 signature hash for certificates that are used for SQL Server endpoint encryption.
  14. 14. SQL Server Tiger Team Agent Log: Microsoft.SqlServer.Management.SqlIMail.Server.Common.BaseException: Mail configuration information could not be read from the database. …. …. Unable to start mail session. KB3135244: .NET framework updates required to support TLS 1.2 for database mail need to be applied.
  15. 15. SQL Server Tiger Team Could not connect to server: A connection was successfully established to the server, but then an error occurred during the pre-login handshake Create the following registry key on the system that hosts the Reporting Services Configuration Manager: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHAN NELProtocolsTLS 1.2Client : REG_DWORD=Enabled, "Enabled"=dword:00000001
  16. 16. SQL Server Tiger Team
  17. 17. SQL Server Tiger Team https://github.com/amitmsft/MSSQLTIGERDemos http://spoke.at/TigerTLS https://blogs.msdn.microsoft.com/sqlreleaseservices/tls-1-2- support-for-sql-server-2008-2008-r2-2012-and-2014/ KB3135244
  18. 18. • Blog: • Aka.ms/sqlserverteam • www.troubleshootingsql.com • Twitter: • @banerjeeamit • @mssqltiger

×