I am using Rs.exe for automatic deployment of report files. When older versions of SSL and TLS are disabled , and only TLS 1.2 is enabled. Deployments are failing.
I am getting below error:
Could not connect to server: https://ServerName/reportserver/ReportService2010.asmx
Things I tried:
I added following registry entries as per
https://social.msdn.microsoft.com/Forums/sqlserver/en-US/cc1cc0c5-65d0-48ac-a0b4-a689b9e6a2bd/2016-report-builder-connection-difficulty-with-tls-12-only-?forum=sqlreportingservices
Still no luck :(
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001
"SystemDefaultTlsVersions"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001
"SystemDefaultTlsVersions"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
OS - Windows Server 2016
SQL - SQL Server 2016
.NET framework - 4.7.1
Proper certificate is installed in server.
https://ServerName/reportserver is accessible in browser.
All valid configurations are done in RS Configuration Manager
Any help would be appreciated. Thank You!
Related
I have been digging for answers for this issue and have not been able to solve it. I believe it is a TLS issue but nothing I've tried fixes it. Setup ...
The reporting application server trying to connect to the database server via ODBC SQL Server is using the SQLSRV32.DLL version 6. (I know the driver is old and updating would probably fix the issue but that is not so easy to do). I have confirmed on both hosts that TLS 1.0 is not enabled. I did this by checking the registry under "SCHANNEL->Protocols" and using "Internet Options -> Advanced Tab". Both only have TLS 1.1 and TLS 1.2 checked. The error is "Error 772; Connection Failed; SSL Security Error". I found a host with an updated ODBC driver (v10) and it can connect to the database.
I have another DB and reporting server with what appears to be identical configurations, using the same old SQL driver, but they are not having the issue. Trying to connect from this reporting server to the other database fails too.
I believe this is an issue with the database server, possibly SQL Server, but am stuck on what to look for.
Any guidance on what else to look at would be appreciated.
In the infrastructure we've got following machines:
1. Websphere application server (on SUSE Linux Enterprise Server 12 SP4)
2. DB2 server (on SUSE Linux Enterprise Server 12 SP4)
Customer wants to deactivate the TLS 1.1 and below everywhere within the infrastructure.
I know where to disable it in WAS Admin console on server 1, but I don't know where to disable it in other places. Please advice. Thank you!
You need to set the Db2 instance configuration parameter ssl_versions to TLSv12. For example, when using the command line processor, while logged in as the instance owner:
db2 update dbm cfg using ssl_versions TLSv12
You will need to restart the instance for the change to take effect.
Reference
Has anyone been able to get TLS 1.1 or TLS 1.2 working on Windows 2k8 SP2 (non R2). The support just recently came out Microsoft Support. I have gone through installed the updated and did the registry entries and it doesn't appear to be enabled. Is there a way to check with out just looking at registry entries?
You could use https://www.ssllabs.com/ssltest to test that your IIS configuration has been updated.
The Security tab under Chrome's developer tools will also indicate what protocol, key exchange, and cipher suite are used.
I'm trying to switch off TLS 1.0 on my SQL Server 2012 server in order to comply with PCI standards.
Initially I had some trouble with the SQL Server service not starting.
I've found help online on other sites and discussions but I'm having mixed results:
This is what I've done so far:
I have downloaded SQL Server 2012 Cumulative Update 7 (CU 6 also works) and the SQL Server Service then starts correctly.
I had a problem not being able to sign in to the DB instance through SQL Server Enterprise Manager which was fixed by installing .Net 4.6.
Next problem, client computer running IIS Application is unable to connect to SQL instance because of a 'handshaking SSL error'. I followed advice and installed the latest SNAC native client.
This was difficult to track down and the latest version available as a download from Microsoft was from 2014. I then obtained sqlnclient.msi dated 9/7/2015 revision number {E6CB4138-3D1C-4ADC-95C4-88322B60FC14} from a sub folder generated by the extract of CU 7 - "Path to Extract Folder \1033_enu_lp\x64\setup\x64".
I've updated this version of the Native client on my IIS server (and .Net 4.6) and I'm still unable to connect remotely to the SQL instance. If I enable TLS 1.0 I'm able to connect.
The exact error I'm getting is 'A connection was sucessfully established with the server, but then an error occurred during the pre-login handshake'.
My diagnosis is I don't have the correct version of SNAC on my machine compatible with TLS 1.2 and the CU 7 as the client and server cannot handshake. However, this sqlnclient.msi was extracted from the CU 7 and I cannot find a more up to date copy.
Has anyone else experienced this problem? What version of the SNAC are you using? Where did you get it?
Thanks
As of January 29th, Microsoft SQL Server supports TLS 1.2 for SQL Server 2008, SQL Server 2008 R2, SQL Server 2012 and SQL Server 2014 and major client drivers like Server Native Client, Microsoft ODBC Driver for SQL Server, Microsoft JDBC Driver for SQL Server and ADO.NET (SqlClient).
Blog post about the release: http://blogs.msdn.com/b/sqlreleaseservices/archive/2016/01/29/tls-1-2-support-for-sql-server-2008-2008-r2-2012-and-2014.aspx
List of builds that support TLS 1.2 along with the client and server component download locations (KB3135244): http://support.microsoft.com/kb/3135244
Did you get the client update from the KB (https://support.microsoft.com/en-us/kb/3052468)
Package name: 2012_SP2_SNAC_CU6_3052468_11_0_5592_x64
Download link: http://support2.microsoft.com/hotfix/KBHotfix.aspx?kbnum=3052468&kbln=en-us
What is the provider name in your IIS site?
You will need the KB3052468 update both for the client and the server. They are available on the hotfix download link provided.
I attempts to setup IIS (version 6.0, windows 2003 server) sit in front of IBM WAS server so that it can route all specific traffic to IBM WebSphere application server. I've things setup on both UAT and pre-production IIS web server and its works just fine. The problem happens now, however, only in production server. I investigated the websphere plugin logs (defined in plugin-cfg.xml) and found the following errors
iisWASPlugin_http.dll Out-of-process ISAPI extension request failed.
Tried google the solution but no luck.
Setup procedures is summarized below
Install IBM Installation Manager
Install Web Server Plug-ins for IBM WebSphere Application Server and Version 8.5.0.0 through IBM Installation Manager
Copy Plugin-cfg.xml, Plugin-key.db, Plugin-key.sth from WAS to web server.
Configurate IIS web site - create virtual directory named sePlugins, Add ISAPI filter with iisWASPlugin_http.dl, add Web service extension
Create plugin-cfg.loc, paste the full path of plugin-cfg.xml to plugin-cfg.loc
The procedures above already working in UAT and pre-production environment.
Details setup procedures is exactly the same as the url below
http://pic.dhe.ibm.com/infocenter/wasinfo/v8r0/index.jsp?topic=%2Fcom.ibm.websphere.express.doc%2Finfo%2Fexp%2Fae%2Ftins_manualWebIIS.html
(Refer to "Configure IIS Version 6.0." section)
Note: IIS have "IIS 5.0 isolation mode" turned on.
Any help / hints is greatly appreciated.
Thanks in advance.
Regards.
The error gone after a server reboot...