This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 61%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
Hi
I have recently patched a SQL 2008 instance (On Windows Server 2008 R2) to 10.0.6556 which enabled TLS 1.2
When I try to connect from SSMS 18.1 it fails with
A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - An existing connection was forcibly closed by the remote host.) (.Net SqlClient Data Provider)
In the event viewer I see the following
An TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
Is there a quick fix for this? I have also patched a different Windows 2008 R2/SQL 2008 with the same CU update and it works fine.
I have tried most things I googled such as Windows patches or registry keys but it does not make a difference.
Some suggestions reference drivers or .net installations maybe?
Any help would be good.
Thanks
Sam
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 1%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETP%3C/text%3E%3C/svg%3E)
Did you do follow this:
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn786418(v=ws.11)?redirectedfrom=MSDN#tls-12
Note: For TLS 1.2 to be enabled and negotiated on servers that run Windows Server 2008 R2, you MUST create the "DisabledByDefault" entry in the appropriate subkey (Client, Server) and set it to "0". The entry will not be seen in the registry and it is set to "1" by default.
Hi Tom
Yes I have set these up and rebooted the server many times.
Thanks
Sam
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 26%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYK%3C/text%3E%3C/svg%3E)
Hi @Anonymous ,
Both, (1) TLS and (2) Cipher Suites should be properly configured on the Windows Server 2008 R2 server.
Just TLS is not enough.
You could run a free utility: IISCrypto on both machines, compare and adjust TLS protocols and Cipher Suites settings.
Thank you I will try that tomorrow and come back to you.
So I have tried using it to apply TLS 1.2 but it was already checked. I then chose "best practices" but still no joy after a restart.
I then tried looking at ciphers, do I need to change the order?
@@Anonymous ,
You don't need "best practices".
You need to run IIS Crypto on the machine with SSMS vs. Windows Server 2008 R2 (with MS SQL Server 2008 instance)
on both machines.
And compare and adjust both (1) TLS protocols and (2) Cipher Suites settings on the server.
I am assuming that you are running Windows 10 OS on the machine with SSMS.
So, Windows 10 OS settings should be propagated/synched to the server.
Hi @Anonymous ,
Agree with YitzhakKhabinsky-0887, suggest you using the IISCrypto to compare the settings of TLS and Cipher Suites between SQL server and Client.
In addition, you can also capture the network package on SQL server side and client side, then find which Cipher Suites they are using.
By the way, did you read the blog KB3135244 - TLS 1.2 support for Microsoft SQL Server.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".