Edit

Share via

"Connection to the linked server has failed" error after you update Windows Server

  • Article

This article helps you resolve errors that occur when a connection to the linked server fails after the recent Windows Server updates are installed.

Symptoms

The following error messages are logged in the SQL Server error log.

TCP Provider: An existing connection was forcibly closed by the remote host.

OLE DB provider "MSOLEDBSQL" for linked server "<LinkedServerName>" returned message "Client unable to establish connection". (Microsoft SQL Server, Error: 10054)

The following screenshot shows the event ID 36874. This is a Schannel error that occurs in the Windows Event Viewer which indicates that the client and server support different sets of cipher suites which causes a failure in connection.

Screenshot that shows that multiple errors occur after the connection to the linked server fails.

Cause

The ciphers for the SQL Server client and server were modified after you installed Windows Server updates. As a result, there were issues with communication.

How to check cipher values

To check the cipher values on the client and server computers, follow these steps:

  1. Open an administrative PowerShell session, and then run the following command on both the client and main server:

    Get-ItemPropertyValue  -Path HKLM:\System\CurrentControlSet\Control\Cryptography\Configuration\Local\SSL\00010002\ -Name Functions

  2. Compare the values from both computers to determine whether the ciphers differ.

Resolution

To resolve the problem, follow these steps:

  1. If a network trace isn't available, check the functions value in this registry subkey:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\SSL\00010002

  2. Run the following PowerShell command to find the Transport Layer Security (TLS) functions:

    Get-ItemPropertyValue  -Path HKLM:\System\CurrentControlSet\Control\Cryptography\Configuration\Local\SSL\00010002\ -Name Functions

  3. Use the Ciphers Suites tab in the IIS Crypto tool to check whether there are any matching algorithms. If no matching algorithms are found, contact Microsoft Support.

Third-party contact disclaimer

Microsoft provides third-party contact information to help you find additional information about this topic. This contact information may change without notice. Microsoft does not guarantee the accuracy of third-party contact information.

See also

An existing connection was forcibly closed by the remote host (OS error 10054)