SQL Server Dependencies

  • Hi All,

    Today we encountered a issue with SQL Server services.
    After upgrading TLS 1.0 to TLS 1.2, SQL Server Services are not coming up.

    This is the first time I am hearing such type of issue.

    So I would like to know what are all other dependencies are there in the background which may effect SQL Server if any changes occured to them.

    Also Please suggest how to resolve above issue.

    Thank You.

    Regards,
    Raghavender Chavva

  • Raghavender Chavva - Friday, June 29, 2018 9:21 AM

    Hi All,

    Today we encountered a issue with SQL Server services.
    After upgrading TLS 1.0 to TLS 1.2, SQL Server Services are not coming up.

    This is the first time I am hearing such type of issue.

    So I would like to know what are all other dependencies are there in the background which may effect SQL Server if any changes occured to them.

    Also Please suggest how to resolve above issue.

    Just curious, are there any errors in the security or application logs?

  • Lynn Pettis - Friday, June 29, 2018 10:46 AM

    Raghavender Chavva - Friday, June 29, 2018 9:21 AM

    Hi All,

    Today we encountered a issue with SQL Server services.
    After upgrading TLS 1.0 to TLS 1.2, SQL Server Services are not coming up.

    This is the first time I am hearing such type of issue.

    So I would like to know what are all other dependencies are there in the background which may effect SQL Server if any changes occured to them.

    Also Please suggest how to resolve above issue.

    Just curious, are there any errors in the security or application logs?

    Yes there are some errors 
    Error 26011
    msg: Server was unable to initialize encryption because of problem with security library etc....

    Thank You.

    Regards,
    Raghavender Chavva

  • Raghavender Chavva - Wednesday, July 4, 2018 7:01 AM

    Lynn Pettis - Friday, June 29, 2018 10:46 AM

    Raghavender Chavva - Friday, June 29, 2018 9:21 AM

    Hi All,

    Today we encountered a issue with SQL Server services.
    After upgrading TLS 1.0 to TLS 1.2, SQL Server Services are not coming up.

    This is the first time I am hearing such type of issue.

    So I would like to know what are all other dependencies are there in the background which may effect SQL Server if any changes occured to them.

    Also Please suggest how to resolve above issue.

    Just curious, are there any errors in the security or application logs?

    Yes there are some errors 
    Error 26011
    msg: Server was unable to initialize encryption because of problem with security library etc....

    Go through the following article:
      TLS 1.2 support for Microsoft SQL Server

    I've always seen people say "I already applied the updates" when given a reference to this article. But it's generally issues related to what is listed below the required updates, especially the registry keys. Or they miss the part about disabling TLS 1.0/1.1.
    This is also a good checklist of some of those required changes:
    SQL Server on TLS 1.2: Checklist to disabling TLS 1.1 and 1.0

    Sue

  • Sue_H - Wednesday, July 4, 2018 7:19 AM

    Raghavender Chavva - Wednesday, July 4, 2018 7:01 AM

    Lynn Pettis - Friday, June 29, 2018 10:46 AM

    Raghavender Chavva - Friday, June 29, 2018 9:21 AM

    Hi All,

    Today we encountered a issue with SQL Server services.
    After upgrading TLS 1.0 to TLS 1.2, SQL Server Services are not coming up.

    This is the first time I am hearing such type of issue.

    So I would like to know what are all other dependencies are there in the background which may effect SQL Server if any changes occured to them.

    Also Please suggest how to resolve above issue.

    Just curious, are there any errors in the security or application logs?

    Yes there are some errors 
    Error 26011
    msg: Server was unable to initialize encryption because of problem with security library etc....

    Go through the following article:
      TLS 1.2 support for Microsoft SQL Server

    I've always seen people say "I already applied the updates" when given a reference to this article. But it's generally issues related to what is listed below the required updates, especially the registry keys. Or they miss the part about disabling TLS 1.0/1.1.
    This is also a good checklist of some of those required changes:
    SQL Server on TLS 1.2: Checklist to disabling TLS 1.1 and 1.0

    Sue

    Thank You.

    I was not aware of this till we encountered the issue.

    So here I would like to know what are all other dependencies are there in the background which may effect SQL Server if any changes occured to them.

    Thank You.

    Regards,
    Raghavender Chavva

  • Raghavender Chavva - Wednesday, July 4, 2018 7:25 AM

    Sue_H - Wednesday, July 4, 2018 7:19 AM

    Raghavender Chavva - Wednesday, July 4, 2018 7:01 AM

    Lynn Pettis - Friday, June 29, 2018 10:46 AM

    Raghavender Chavva - Friday, June 29, 2018 9:21 AM

    Hi All,

    Today we encountered a issue with SQL Server services.
    After upgrading TLS 1.0 to TLS 1.2, SQL Server Services are not coming up.

    This is the first time I am hearing such type of issue.

    So I would like to know what are all other dependencies are there in the background which may effect SQL Server if any changes occured to them.

    Also Please suggest how to resolve above issue.

    Just curious, are there any errors in the security or application logs?

    Yes there are some errors 
    Error 26011
    msg: Server was unable to initialize encryption because of problem with security library etc....

    Go through the following article:
      TLS 1.2 support for Microsoft SQL Server

    I've always seen people say "I already applied the updates" when given a reference to this article. But it's generally issues related to what is listed below the required updates, especially the registry keys. Or they miss the part about disabling TLS 1.0/1.1.
    This is also a good checklist of some of those required changes:
    SQL Server on TLS 1.2: Checklist to disabling TLS 1.1 and 1.0

    Sue

    Thank You.

    I was not aware of this till we encountered the issue.

    So here I would like to know what are all other dependencies are there in the background which may effect SQL Server if any changes occured to them.

    The current changes needed are in the article. Potential issues are listed in this blog:
    TLS 1.2 Support for SQL Server 2008, 2008 R2, 2012 and 2014

    The issues that can come from removing the dependencies on older versions can be found in the paper "Solving the TLS 1.0 problem" which you can download from this link:
    Solving the TLS 1.0 Problem

    Sue

  • Just my experience on TLS1.2
    I had enabled TLS 1.2 and applied a certificate on SQL server. I had configured SQL to use the certificate from SQL Server Configuration Manager and restarted the services after which SQL services do not start.
    Reason in my case was SQL Service account need to have permissions given to read the certificate. Once that was done, SQL Services came up as normal.

  • harikumar.mindi - Monday, July 9, 2018 5:41 AM

    Just my experience on TLS1.2
    I had enabled TLS 1.2 and applied a certificate on SQL server. I had configured SQL to use the certificate from SQL Server Configuration Manager and restarted the services after which SQL services do not start.
    Reason in my case was SQL Service account need to have permissions given to read the certificate. Once that was done, SQL Services came up as normal.

    Could you please let me know what is that certificate and from where we can download it

    Thank You.

    Regards,
    Raghavender Chavva

  • To implement TLS or SSL encryption certificates are used. If your company has Enterprise Certificate Authority, you can request a certificate for SQL Server and then configure SQL Server to use it. You can use self-certs for the purpose but be aware that they do not encrypt the traffic completely as Man-In-Middle attacks are possible. Hence it is suggested for testing purposes but not for production.
    Sue_H has  already provided good links to find the information, however if you can look through the below link on how to implement self-cert.
    http://dba-datascience.com/setting-ssl-or-tls-encryption-on-sql-server/

Viewing 9 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic. Login to reply