June 29, 2018 at 9:21 am
Hi All,
Today we encountered a issue with SQL Server services.
After upgrading TLS 1.0 to TLS 1.2, SQL Server Services are not coming up.
This is the first time I am hearing such type of issue.
So I would like to know what are all other dependencies are there in the background which may effect SQL Server if any changes occured to them.
Also Please suggest how to resolve above issue.
Thank You.
Regards,
Raghavender Chavva
June 29, 2018 at 10:46 am
Raghavender Chavva - Friday, June 29, 2018 9:21 AMHi All,Today we encountered a issue with SQL Server services.
After upgrading TLS 1.0 to TLS 1.2, SQL Server Services are not coming up.This is the first time I am hearing such type of issue.
So I would like to know what are all other dependencies are there in the background which may effect SQL Server if any changes occured to them.
Also Please suggest how to resolve above issue.
Just curious, are there any errors in the security or application logs?
July 4, 2018 at 7:01 am
Lynn Pettis - Friday, June 29, 2018 10:46 AMRaghavender Chavva - Friday, June 29, 2018 9:21 AMHi All,Today we encountered a issue with SQL Server services.
After upgrading TLS 1.0 to TLS 1.2, SQL Server Services are not coming up.This is the first time I am hearing such type of issue.
So I would like to know what are all other dependencies are there in the background which may effect SQL Server if any changes occured to them.
Also Please suggest how to resolve above issue.
Just curious, are there any errors in the security or application logs?
Yes there are some errors
Error 26011
msg: Server was unable to initialize encryption because of problem with security library etc....
Thank You.
Regards,
Raghavender Chavva
July 4, 2018 at 7:19 am
Raghavender Chavva - Wednesday, July 4, 2018 7:01 AMLynn Pettis - Friday, June 29, 2018 10:46 AMRaghavender Chavva - Friday, June 29, 2018 9:21 AMHi All,Today we encountered a issue with SQL Server services.
After upgrading TLS 1.0 to TLS 1.2, SQL Server Services are not coming up.This is the first time I am hearing such type of issue.
So I would like to know what are all other dependencies are there in the background which may effect SQL Server if any changes occured to them.
Also Please suggest how to resolve above issue.
Just curious, are there any errors in the security or application logs?
Yes there are some errors
Error 26011
msg: Server was unable to initialize encryption because of problem with security library etc....
Go through the following article:
TLS 1.2 support for Microsoft SQL Server
I've always seen people say "I already applied the updates" when given a reference to this article. But it's generally issues related to what is listed below the required updates, especially the registry keys. Or they miss the part about disabling TLS 1.0/1.1.
This is also a good checklist of some of those required changes:
SQL Server on TLS 1.2: Checklist to disabling TLS 1.1 and 1.0
Sue
July 4, 2018 at 7:25 am
Sue_H - Wednesday, July 4, 2018 7:19 AMRaghavender Chavva - Wednesday, July 4, 2018 7:01 AMLynn Pettis - Friday, June 29, 2018 10:46 AMRaghavender Chavva - Friday, June 29, 2018 9:21 AMHi All,Today we encountered a issue with SQL Server services.
After upgrading TLS 1.0 to TLS 1.2, SQL Server Services are not coming up.This is the first time I am hearing such type of issue.
So I would like to know what are all other dependencies are there in the background which may effect SQL Server if any changes occured to them.
Also Please suggest how to resolve above issue.
Just curious, are there any errors in the security or application logs?
Yes there are some errors
Error 26011
msg: Server was unable to initialize encryption because of problem with security library etc....Go through the following article:
TLS 1.2 support for Microsoft SQL Server
I've always seen people say "I already applied the updates" when given a reference to this article. But it's generally issues related to what is listed below the required updates, especially the registry keys. Or they miss the part about disabling TLS 1.0/1.1.
This is also a good checklist of some of those required changes:
SQL Server on TLS 1.2: Checklist to disabling TLS 1.1 and 1.0Sue
Thank You.
I was not aware of this till we encountered the issue.
So here I would like to know what are all other dependencies are there in the background which may effect SQL Server if any changes occured to them.
Thank You.
Regards,
Raghavender Chavva
July 4, 2018 at 7:42 am
Raghavender Chavva - Wednesday, July 4, 2018 7:25 AMSue_H - Wednesday, July 4, 2018 7:19 AMRaghavender Chavva - Wednesday, July 4, 2018 7:01 AMLynn Pettis - Friday, June 29, 2018 10:46 AMRaghavender Chavva - Friday, June 29, 2018 9:21 AMHi All,Today we encountered a issue with SQL Server services.
After upgrading TLS 1.0 to TLS 1.2, SQL Server Services are not coming up.This is the first time I am hearing such type of issue.
So I would like to know what are all other dependencies are there in the background which may effect SQL Server if any changes occured to them.
Also Please suggest how to resolve above issue.
Just curious, are there any errors in the security or application logs?
Yes there are some errors
Error 26011
msg: Server was unable to initialize encryption because of problem with security library etc....Go through the following article:
TLS 1.2 support for Microsoft SQL Server
I've always seen people say "I already applied the updates" when given a reference to this article. But it's generally issues related to what is listed below the required updates, especially the registry keys. Or they miss the part about disabling TLS 1.0/1.1.
This is also a good checklist of some of those required changes:
SQL Server on TLS 1.2: Checklist to disabling TLS 1.1 and 1.0Sue
Thank You.
I was not aware of this till we encountered the issue.
So here I would like to know what are all other dependencies are there in the background which may effect SQL Server if any changes occured to them.
The current changes needed are in the article. Potential issues are listed in this blog:
TLS 1.2 Support for SQL Server 2008, 2008 R2, 2012 and 2014
The issues that can come from removing the dependencies on older versions can be found in the paper "Solving the TLS 1.0 problem" which you can download from this link:
Solving the TLS 1.0 Problem
Sue
July 9, 2018 at 5:41 am
July 9, 2018 at 11:52 am
harikumar.mindi - Monday, July 9, 2018 5:41 AMJust my experience on TLS1.2
I had enabled TLS 1.2 and applied a certificate on SQL server. I had configured SQL to use the certificate from SQL Server Configuration Manager and restarted the services after which SQL services do not start.
Reason in my case was SQL Service account need to have permissions given to read the certificate. Once that was done, SQL Services came up as normal.
Could you please let me know what is that certificate and from where we can download it
Thank You.
Regards,
Raghavender Chavva
July 9, 2018 at 3:18 pm
To implement TLS or SSL encryption certificates are used. If your company has Enterprise Certificate Authority, you can request a certificate for SQL Server and then configure SQL Server to use it. You can use self-certs for the purpose but be aware that they do not encrypt the traffic completely as Man-In-Middle attacks are possible. Hence it is suggested for testing purposes but not for production.
Sue_H has already provided good links to find the information, however if you can look through the below link on how to implement self-cert.
http://dba-datascience.com/setting-ssl-or-tls-encryption-on-sql-server/
Viewing 9 posts - 1 through 8 (of 8 total)
You must be logged in to reply to this topic. Login to reply