This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 47%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENI%3C/text%3E%3C/svg%3E)
Hi!
Clicking on View conflicts in Object Explorer open Connect to Server dialog form instead of Conflict Viewer. If I fill in form to connect to the same server, it creates very strange error:
A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.) (Framework Microsoft SqlClient Data Provider)
Regards,
Nebojsa
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 8%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELB%3C/text%3E%3C/svg%3E)
Here is a screenshot to perhaps help clarify what steps are taken that lead to the error.
Exactly like that! In addition, the same error is produced using any value for connection security.
And even setting additional connection parameters manually has no effect.
Yes, I can confirm that additional connection parameters can't solve the problem.
Lloyd, what OS are you using? Nebosja's OS seems to be a bit mouldy.
You are right, 2012 is very old. But what make me confused is following:
Nothing has changed on server.
SSMS 19.3 works fine on desktop.
SSMS 20 produces error on the same desktop.
I am using relatively current software. SSMS 20.1.10.0 running under Windows 10 22H2 and connecting to SQL Server 2022 running on Windows Server 2022.
My hunch is that the problem lays within SSMS as it honors connection settings when initially connecting to the SQL server, but then seemingly ignores or uses other connection settings when launching the replication conflict resolver.
Hi,
The values accepted are yes/no, if true/false doesn't seem to work. The default value is "no", which means that the server certificate will be validated.
Hope it helps.
Regards
Tried that in different combinations. It makes no difference and the problem remains.
Encrypt=no;TrustServerCertificate=true;
Encrypt=yes;TrustServerCertificate=true;
Encrypt=yes;TrustServerCertificate=yes;
Encrypt=no;TrustServerCertificate=yes;
Encrypt=no;
I can't find combination that works for us too.
I also found the same connection problem when I edit job step which is type of SSIS Package and package is on different server.
Hi @Nebojsa Ilic,
Have you seen errorlog and other messages? Link that you sent is not working for us because server is not configured to use certificate.
Just like what Erland said:
SSMS 20 changed the default for encryption, so that encryption is mandatory.
And I said in my first answer:
there are breaking changes in EF Core 7.0. SqlClient connection strings use Encrypt=False by default. This means that: The server must be configured with a valid ceritificate.
Maybe this can answer your confused.
Regards
SSMS 20.1 was released yesterday. There is nothing in the Release Notes that mentions the Conflict Viewer, so the issue may not have been fixed. But I would still suggest that you give it a try.
There is nothing in server errorlog. As I said, it is very difficult to do any server changes. We do not have full control over old applications. Can I configure server with certificate without any changes on application side?
The workaround for the EF Core changes mentioned in the article are:
There are three ways to proceed:
- Install a valid certificate on the server. Note that this is an involved process and requires obtaining a certificate and ensuring it is signed by an authority trusted by the client.
- If the server has a certificate, but it is not trusted by the client, then
TrustServerCertificate=Trueto allow bypassing the normal trust mechanims.- Explicitly add
Encrypt=Falseto the connection string.
Unfortunately option 1 is not an option in my case and options 2 and 3 do not work!
Thanks for info about new version. It is helpful!
As mentioned before, I found problem with SSIS Job step. And in release notes you can find this:
| SSIS | When creating or modifying an SSIS job step in a SQL Agent job, you receive the error "A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.) (Framework Microsoft SqlClient Data Provider)" regardless of whether Optional or Mandatory is selected for the Encryption property. | Use SSMS 19.3 to create or modify SSIS job steps. |
|---|---|---|
| SSIS | When creating or modifying an SSIS job step in a SQL Agent job, you receive the error "A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.) (Framework Microsoft SqlClient Data Provider)" regardless of whether Optional or Mandatory is selected for the Encryption property. | Use SSMS 19.3 to create or modify SSIS job steps. |
I think this is the same problem as we have with conflict viewer!
Wow, good. Glad to hear you resolve the confused. :)
The same with 20.1. Hope Microsoft will find solution so we can uninstall old SSMS.
Hi @Nebojsa Ilic,
Is this issue solved now? If you have any questions, please feel free to share with us.
And don't forget to accept the answers if they helped. Your action would be helpful to other users who encounter the same issue and read this thread.
Thanks for your understanding!
As we can see there are lot of issues where Microsoft recommend using SSMS 19.3. I think that this problem belongs to the same group.
Thanks for your effort and @Erland Sommarskog too!
All - this issue is resolved in SSMS 20.2, which was released July 9, 2024.
Excellent! Thank you
I checked all issues I found in v20 not only conflict viewer. It looks that v20.2 solved all. Thanks to @Erin Stellato @LucyChenMSFT-4874 @Erland Sommarskog and Lloyd too
Hi @Nebojsa Ilic,
Thanks for your information. Please check out the article, there are breaking changes in EF Core 7.0. SqlClient connection strings use Encrypt=False by default. This means that:
A SqlException will be thrown if these conditions are not met:
A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.)
There are three ways to proceed:
Best regards,
Lucy Chen
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our Documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
https://docs.microsoft.com/en-us/answers/support/email-notifications
Hi,
I am talking about production server. Changing configuration is not an option for the moment. I tried to do a change in the connection properties (Option 3 - Encrypt=False) in SSMS but it doesn't work. Actually, I successfully connect object explorer to the server but try to open conflict viewer (Replication\Local Publication\View Conflicts) opens "Connect to server" dialog. Even if I put the same connection properties it produces error I mentioned before.
It is connection to the production server so any change on the server is not an option for the moment. I already tried with Option 3 to force encryption to false, but the same problem exists.
Fact is that I can connect with object explorer, I can use almost all functionalities from SSMS but starting conflict viewers produces error (Replication\Local Publication\View Conflicts). There is no connection property option that work for me.
Any other idea?
Hi @Nebojsa Ilic,
Could you please provide us the error log in SSMS? I need detail information to narrow down the issue. https://learn.microsoft.com/en-us/sql/relational-databases/performance/view-the-sql-server-error-log-sql-server-management-studio?view=sql-server-ver16. Thank you!
Error log on that server has no any error. Do you want me to send you sql error log file from the server to see server configuration or you need client error details from SSMS that I'm getting calling viewer?
Yeah, please upload the logs here. Thank you!
In addition, here is a known issue, you can try the steps in this article, hope it can help you well. https://learn.microsoft.com/en-us/troubleshoot/sql/database-engine/connect/error-message-when-you-connect
Please find Errorlog file attached. I had to remove all entries specific for our environment. In addition, error produced on server is:
Network error code 0x2746 occurred while establishing a connection; the connection has been closed.
This may have been caused by client or server login timeout expiration.
Time spent during login: total 2083 ms, enqueued 0 ms, network writes 0 ms, network reads 0 ms, establishing SSL 2083 ms, network reads during SSL 2062 ms, network writes during SSL 0 ms, secure calls during SSL 20 ms, enqueued during SSL 0 ms, negotiating SSPI 0 ms, network reads during SSPI 0 ms, network writes during SSPI 0 ms, secure calls during SSPI 0 ms, enqueued during SSPI 0 ms, validating login 0 ms, including user-defined login processing 0 ms. [CLIENT: xx.xx.xx.xxx]
Client is receiving following error (details):
===================================
Could not show Conflict Viewer.
===================================
Exception has been thrown by the target of an invocation. (mscorlib)
Program Location:
at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments)
at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
at Microsoft.SqlServer.Management.UI.VSIntegration.ObjectExplorer.Replication.ReplicationMenuItem.OnCreateAndShowConflictViewer(IServiceProvider sp, XmlDocument doc)
===================================
A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.) (Framework Microsoft SqlClient Data Provider)
For help, click: https://docs.microsoft.com/sql/relational-databases/errors-events/mssqlserver--2146893019-database-engine-error
Server Name: xxx.xxx.xxx.xxx
Error Number: -2146893019
Severity: 20
State: 0
Program Location:
at Microsoft.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
at Microsoft.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)
at Microsoft.Data.SqlClient.TdsParserStateObject.SNIWritePacket(SNIHandle handle, SNIPacket packet, UInt32& sniError, Boolean canAccumulate, Boolean callerHasConnectionLock, Boolean asyncClose)
at Microsoft.Data.SqlClient.TdsParserStateObject.WriteSni(Boolean canAccumulate)
at Microsoft.Data.SqlClient.TdsParserStateObject.WritePacket(Byte flushMode, Boolean canAccumulate)
at Microsoft.Data.SqlClient.TdsParser.TdsLogin(SqlLogin rec, FeatureExtension requestedFeatures, SessionData recoverySessionData, FederatedAuthenticationFeatureExtensionData fedAuthFeatureExtensionData, SqlClientOriginalNetworkAddressInfo originalNetworkAddressInfo, SqlConnectionEncryptOption encrypt)
at Microsoft.Data.SqlClient.SqlInternalConnectionTds.Login(ServerInfo server, TimeoutTimer timeout, String newPassword, SecureString newSecurePassword, SqlConnectionEncryptOption encrypt)
at Microsoft.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean ignoreSniOpenTimeout, TimeoutTimer timeout, Boolean withFailover, Boolean isFirstTransparentAttempt, Boolean disableTnir)
at Microsoft.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString connectionOptions, SqlCredential credential, TimeoutTimer timeout)
at Microsoft.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(TimeoutTimer timeout, SqlConnectionString connectionOptions, SqlCredential credential, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance)
at Microsoft.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, SqlCredential credential, Object providerInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString userConnectionOptions, SessionData reconnectSessionData, ServerCertificateValidationCallback serverCallback, ClientCertificateRetrievalCallback clientCallback, DbConnectionPool pool, String accessToken, SqlClientOriginalNetworkAddressInfo originalNetworkAddressInfo, Boolean applyTransientFaultHandling)
at Microsoft.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, DbConnectionPoolKey poolKey, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection, DbConnectionOptions userOptions)
at Microsoft.Data.ProviderBase.DbConnectionFactory.CreateNonPooledConnection(DbConnection owningConnection, DbConnectionPoolGroup poolGroup, DbConnectionOptions userOptions)
at Microsoft.Data.ProviderBase.DbConnectionFactory.TryGetConnection(DbConnection owningConnection, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal oldConnection, DbConnectionInternal& connection)
at Microsoft.Data.ProviderBase.DbConnectionInternal.TryOpenConnectionInternal(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions)
at Microsoft.Data.ProviderBase.DbConnectionClosed.TryOpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions)
at Microsoft.Data.SqlClient.SqlConnection.TryOpenInner(TaskCompletionSource`1 retry)
at Microsoft.Data.SqlClient.SqlConnection.TryOpen(TaskCompletionSource`1 retry, SqlConnectionOverrides overrides)
at Microsoft.Data.SqlClient.SqlConnection.Open(SqlConnectionOverrides overrides)
at Microsoft.Data.SqlClient.SqlConnection.Open()
at Microsoft.SqlServer.Management.UI.ConflictViewer.PublicationForm.InitForm(String servername, Boolean ntAuth, String username, String password, ViewerForm viewform)
at Microsoft.SqlServer.Management.UI.ConflictViewer.PublicationForm.InitFormFromOE(SqlConnectionInfo sqlConn, ViewerForm viewform)
===================================
The certificate chain was issued by an authority that is not trusted
My answer was deleted. Please let me know if you can open errorlog file
In addition, I have extended event setup on that server to collect failed queries and it shows following error:
Network error code 0x2746 occurred while establishing a connection; the connection has been closed.
This may have been caused by client or server login timeout expiration.
Time spent during login: total 2083 ms, enqueued 0 ms, network writes 0 ms, network reads 0 ms, establishing SSL 2083 ms, network reads during SSL 2062 ms, network writes during SSL 0 ms, secure calls during SSL 20 ms, enqueued during SSL 0 ms, negotiating SSPI 0 ms, network reads during SSPI 0 ms, network writes during SSPI 0 ms, secure calls during SSPI 0 ms, enqueued during SSPI 0 ms, validating login 0 ms, including user-defined login processing 0 ms. [CLIENT: xx.xx.xx.xxx]
Have you seen errorlog and other messages? Link that you sent is not working for us because server is not configured to use certificate.
My answer was deleted. Please let me know if you can open errorlog file
As a moderator, I have restored your deleted message. I've also converted your Answers to Comments. You should only use Answers to post, well, answer. So if you found the solution yourself, you post an Answer, else not.
Hi @Nebojsa Ilic,
Thanks for your information! I can see the errorlog and other messages. Please don't worry. I will try my best to help you.
I was using answer instead of comment by mistake. Sorry
Hi @Nebojsa Ilic ,
Good news!
Please refer to the latest general availability SSMS 20.2, we can get the information in bug fixed:
Best regards,
Lucy Chen
SSMS 20 changed the default for encryption, so that encryption is mandatory. In the best of worlds, this means that SQL Server should use a "real" certificate for encryption of the traffic, and this certificate should be installed in the Trusted Certificate store on the client. But in less sensitive environments you can let it suffice with checking "Trust server certificate". In the new connection dialog in SSMS, this option is one the first page.
Or, at least, the normal dialog you get when you open a query window or Object Explorer. If you don't get this window when you open the Conflict Viewer, this seems like an oversight. (I'm not sure, but Conflict Viewer relates to Replication right? I don't have any replication set up, so that I can try it myself.) But in that case, you should find Trust Server Certificate on the second page.
Can you show a screenshot of the dialog you get?
Hi @Nebojsa Ilic,
Thanks for your information. This error message '0x2746' indicates that there is a network error, an existing connection was forcibly closed by the remote host.
The error '0x2746' can be a challenging issue to resolve, but with a systematic approach to troubleshooting, it can be managed effectively. Please feel free to share your issue here.
Regards,
Lucy Chen
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our Documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
https://docs.microsoft.com/en-us/answers/support/email-notifications
Thank you for your effort. Yes, our server is 2012 and it is difficult to find the root of the problem. Hope we will upgrade it soon. But until then I should maintain this server with minimal changes in configuration to reduce risk.
I still can use SSMS 19.3 because it works fine providing me all functionalities. SSMS 20 I will use only for newer servers on which I have full control.
Hi @Nebojsa Ilic,
Thanks for your information. I didn't know you cannot upgrade your server easily before. How about this method?
it looks like changing the cipher suite on Windows Server 2012 R2 solves the issue, please check this article.
In addition, hope the following preventive measures can help you minimize the chances of encountering the error in SSMS20:
Best regards
Lucy Chen
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our Documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
https://docs.microsoft.com/en-us/answers/support/email-notifications