November 16, 2007 at 2:02 pm
Hi,
I am getting the following error while installing a SQL 2005 on a standalone machine with Win2k3
Product: Microsoft SQL Server 2005 -- Error 29515. SQL Server Setup could not connect to the database service for server configuration. The error was: [Microsoft][SQL Native Client]SSL Provider: The client and server cannot communicate, because they do not possess a common algorithm.
any help to resolve this problem will be highly appreciated.
Regards
Nimesh
November 16, 2007 at 2:25 pm
November 16, 2007 at 3:14 pm
sorry,
that was not the error that i was getting...my error is different from that
November 16, 2007 at 8:20 pm
The only thing I've found, which even seems remotely related, is if you've turned on FIPS compliant algorithms. However, that should only affect .NET 1.1 apps and SQL Server 2005 is a .NET 2.0 app. With that said, here's one reference. You may want to see if your local security policy has this set:
Fix for Marshall SpamCensor application
K. Brian Kelley
@kbriankelley
July 13, 2010 at 11:35 am
Hi.
Was this ever resolved ? I'm asking because I'm experiencing exactly the same symptoms, and there is very little in the way of decent hits on Microsoft or the wider community.
Here's hoping !
Thanks - Joe Docherty
July 13, 2010 at 9:42 pm
this was related to one of the domain policies in place. as a work around, please raname the schannel registry and give a try....
Regards
Nimesh
July 14, 2010 at 2:38 am
Many thanks Nimesh. I'll let you know how I get on.
Joe
July 14, 2010 at 2:43 am
-connect to target SQL server via RDC using your admin equivalent domain account
-changed local security policy "Security Option: System cryptography: Force strong key protection for user keys stored on computer" from "User is prompted when the key is first used" to "Not Defined" by exporting (backing it up to d:\wwwtemp directory) and then deleting \HKLM\Software\Policies\Microsoft\Cryptography key
-export \HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL key (back it up to d:\wwwtemp directory)
-save and rename the attached SCHANNEL.reg.txt file to SCHANNEL.reg in d:\wwwtemp directory on target SQL server.
July 14, 2010 at 3:23 am
Many thanks again Nimesh. All help is really appreciated.
Our Windows Build & Security people are looking into this as well.
Thanks again
Joe
July 14, 2010 at 10:07 am
Hi Nimesh
It is now fixed. It was not the same fix as you detailed above.
The error emanated from a Post-Windows-Build "penetration" testing error :
"The cipher settings set what level of encryption the server supports. By default Windows accepts all bit lengths of encryption eg 48, 64, 128 bit etc. As a result of testing, everything under 128bit encryption was switched off. Unfortunately the wrong string value was set on what should have been left enabled eg all the 128 bit keys should have been set to ffffffff but were set at 1 which turned the bit length off - thus all encryption was off".
Re-setting back to ffffffff from the erroneous setting of "1", then reboots, did the trick.
Phew.
Thanks again for your help
Joe
Viewing 10 posts - 1 through 9 (of 9 total)
You must be logged in to reply to this topic. Login to reply