My server is windows 2008 server r2.
I found the following error on my server after disable tls 1.0 and SSLv3.
[DBNETLIB][ConnectionOpen (SECCreateCredentials()).]SSL Security
error.
Currently, only TLS 1.2 is enabled on my server, and at the client side the TLS 1.2 is set on
Is it posible if [DBNETLIB] is running on TLS 1.2?
UditS
1,93616 silver badges37 bronze badges
asked Apr 6, 2016 at 13:29
2
There might be chances that ODBC 11.0 earlier version is been installed. In this case the connection string should be
Driver={ODBC Driver 11 for SQL Server};Server=myServerAddress;Database=myDataBase;Trusted_Connection=yes;
And also check TLS 1.2 is enabled
answered Dec 12, 2018 at 16:04
After disabling TLS 1.0 and 1.1 on Windows Server 2016 we were able to get our ASP Classic scripts database connections working again in the following way:
- Download and install Microsoft OLE DB Driver for SQL Server (MSOLEDBSQL)
- Replace
Provider=SQLOLEDB;withProvider=MSOLEDBSQL;in all connection strings for the ASP Classic scripts - Done! (no restart needed)
Note: The previous (same name but different abbreviation) Microsoft OLE DB Provider for SQL Server (SQLOLEDB) and SQL Server Native Client OLE DB provider (SQLNCLI) remains deprecated and it is not recommended to use either for new development work. (source)
answered Jan 12, 2022 at 13:25
I had to do several things. The server was Windows 2016 Standard testing with a .txt file I changed to .UDL. This server was trying to connect to our Sql Server 2008 R2 SP3
On the 2016 box I installed SQL Server Native client 10.0
Get that here : https://www.microsoft.com/en-us/download/details.aspx?id=57606
Finally on the sql server box I had to install patch KB4057113 to enable TLS1.2
Note when testing the connection by opening the .UDL file don’t forget to change the provider to SQL Server Native Client 10.0
answered Jun 21, 2019 at 18:58
drzoundsdrzounds
3693 silver badges16 bronze badges
Similiar to Jonas Appelgran’s answer, but some slight changes to solve our issue.
- Download and install install Microsoft OLE DB Driver for SQL Server (MSOLEDBSQL)
- Replace Provider=SQLOLEDB; with Provider=MSOLEDBSQL19; in all connection strings for the ASP Classic scripts (note the version of the driver was needed)
- At this point, was still getting the following error:
SSL Provider: The certificate chain was issued by an authority that is
not trusted.
After some research, I found that I also needed to either trust the server certificate or set the encryption to false in the connection string:
Trust Server Certificate=True;
and/or
Use Encryption for Data=False;
Need to update these depending on your situation but it was an internal intranet application only for us so either option was fine. (Otherwise you would need to create and install either a self-signed certificate or one from your organization’s CA.)
answered Jul 11, 2022 at 22:27
TahariTahari
1316 bronze badges
- Open Regedit (Wind+R > regedit)
- Locate HKLMSOFTWAREMicrosoftMSSQLServerMSSQLServerSuperSocketNetLib
- Create a new word value and name it «Certificate» set the value to this: «Certificate=0»
- Also modify the default REG_SZ and set the value to «Certificate=0»
- Restart the MSSQL service
Hope this helps since worked for me.
answered Dec 15, 2017 at 15:03
- Remove From My Forums
-
Question
-
i found the following error on my server after disable tls 1.0 and SSLv3.
My server is windows 2008 server r2, and below is detil error that i got :
[DBNETLIB][ConnectionOpen (SECCreateCredentials()).]SSL Security error.
currently, only TLS 1.2 is enable on my server, and at the client side the TLS 1.2 is set on
Whether it posible if [DBNETLIB] running on TLS 1.2?
-
Moved by
Wednesday, April 6, 2016 6:39 PM
Moved to a relevant forum for best results
-
Moved by
Answers
-
-
Proposed as answer by
Sam ZhaMicrosoft contingent staff
Wednesday, April 13, 2016 5:05 AM -
Marked as answer by
Sam ZhaMicrosoft contingent staff
Friday, April 15, 2016 11:26 AM
-
Proposed as answer by
Добрый день.
У нас размещена база IT-Invent на MsSQL сервере согласно инструкции. На Windows 10 все отлично работает.
После обновления до Windows 11 подключиться не удается из-за ошибки:
Ошибка соединения!
Connection string: Provider=SQLOLEDB;(дальше данные для авторизации)
[DBNETLIB][ConnectionOpen(SECCreateCredentials().)Ошибка безопасности SSL.
Что необходимо сделать, чтобы исправить эту ошибку?
Tasks using ‘Microsoft OLE DB Provider for SQL Server’ are failing with the following error:
Possible Error 1:
Error: Connector connect error: ErrorSource: Microsoft OLE DB Provider for SQL Server, ErrorMsg: [DBNETLIB][ConnectionOpen (SECCreateCredentials()).]SSL Security error.
Possible Error 2:
ErrorMsg: [DBNETLIB][ConnectionOpen (SECDoClientHandshake()).]SSL Security error.
Environment:
- All QlikView versions
- All Qlik Sense versions
Resolution:
The source and destination servers do not have aligned TLS versions enabled.
For example, if the data source only has TLS 1.0 enabled, while the Qlik product is installed on a Windows 2016 machine that disallows 1.0 and uses either TLS 1.1 or TLS 1.2, then the data source needs to be upgraded to support TLS 1.1 or TLS 1.2, or the security protocols need to be aligned.
In this example, the currently deployed Microsoft OLE DEB Providers for SQL do not support TLS 1.2 yet.
Please verify what version you have installed and confirm if you need to upgrade your data source: https://support.microsoft.com/en-us/kb/3135244
Recommended Fix:
Upgrade your data source so that the TLS versions between the data source and Qlik Sense or QlikView server match.
Alternative Fix:
Align the TLS versions used. Note that the example we use here configures TLS 1.0. We do not recommend the use of TLS 1.0, it is simply used for demonstration purposes.
If the registry keys are not present, the script under the following article should add them leaving only TLS 1.2 enabled TLS and SSL Support in Qlik Sense: How to configure Qlik Sense and TLS . Then TLS 1.0 may be enabled as mentioned below.
TLS 1.0 can be enabled with the following registry changes:
- [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.0Server] «Enabled»=dword:00000001
- [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.0Server] «DisabledByDefault»=dword:00000000
- [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.0Client] «Enabled»=dword:00000001
- [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.0Client] «DisabledByDefault»=dword:00000000
If the organization policy requires TLS 1.1 to be disabled, this can be done after the installation completes:
- [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.1Server] «Enabled»=dword:00000000
- [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.1Server] «DisabledByDefault»=dword:00000001
- [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.1Client] «Enabled»=dword:00000000
- [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.1Client] «DisabledByDefault»=dword:00000001
Related Content:
- TLS and SSL Support in Qlik Sense: How to configure Qlik Sense and TLS
Hello Everyone,
During one of my CRM Installation when everything was going smooth, the following error popped up:
“Could not connect to the following SQL Server: ‘XXXXXXXXX’.
Verify that the server is up and running and that you have SQL Server administrative credentials.
[DBNETLIB][ConnectionOpen (SECCreateCredentials()).]SSL Security error.”
The next immediate thing was to look up at the Event Viewer logs. Under Windows Logs -> System found the error:
Source: Schannel
“A fatal error occurred while creating a TLS client credential. The internal error state is 10013”
I did even try to make an ODBC Data Source connection from my Web server to the SQL server but still the same error, confirming the connectivity issues through SSL Security.
I searched lot many blogs and articles with various suggestions but the one which solved my issue was the response from the Microsoft community support in the msdn and the iis-forum.
They both article points to the same issue and the resolution. In my case, I was already having Windows Server 2016 and SQL 2016 which are already TLS 1.2 compliant; even my .Net Framework was also updated to 4.6
The only solution left was Enabling the FIPS compliant encryption algorithm under system cryptography. As suggested I followed the same:
a. In Control Panel, click Administrative Tools, and then double-click Local Security Policy.
b. In Local Security Settings, expand Local Policies, and then click Security Options.
c. Under Policy in the right pane, select System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing.
d. By default it’s set to Disabled.
e. Double Click to open the option and then click Enabled.
f. Restart the machine for the policies to take effect.
I resumed my CRM installation and this time there was no issue of SSL Security error: SECCreateCredentials(). However, there was another SSL Security error: SECDoClientHandshake() which I’ll talk about in my next blog.
For further info on the FIPS, there is a Microsoft support article which is worth reading. Hope that was helpful. Thanks!
🙂