Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

SECDoClientHandshake() SSL Security error connecting SQL Server when installing Dynamics CRM Server 2016


View products that this article applies to.

Symptom

When you try to install Dynamics CRM Server 2016, the Environment Diagnostics Wizard fails with this error message:

Error| Check SqlServerValidator : Failure: Could not connect to the following SQL Server: 'Server Name'. Verify that the server is up and running and that you have SQL Server administrative credentials. [DBNETLIB][ConnectionOpen (SECDoClientHandshake()).]SSL Security error.

 

↑ Back to the top


Cause

The Dynamics CRM Server 2016 wizard requires connectivity check through Microsoft OLE DB Provider for SQL Server to start database creation. The installation documentation lists software installed during the setup. This includes the Microsoft SQL Server Native Client.  The setup uses this native client and during the phase of the configuration database creation, OLE DB connection is required.

This connectivity failure reproduces when a test connection is created for the given SQL Server through a UDL file.

  1. Open Notepad
  2. Save the file as 'Connectivity Test.udl' and file type as 'All Files'
  3. Open the saved file
  4. Select Microsoft OLE DB Provider for SQL Server as the provider
  5. Provide server connection and authentication details
  6. Test the connection or open list of databases
  7. The connection fails with same error message

 

This fails because the secured connection between the Dynamics CRM Server 2016 and the SQL Server needs TLS 1.0 to be enabled for the OLE DB Provider for SQL Server. And the SQL Server may not have TLS 1.0 enabled for secure channel communication.

The connectivity may fail even if TLS 1.1 or 1.2 is enabled on the SQL Server as the OLE DB Provider for SQL Server supports only TLS 1.0. Support for TLS 1.2 is provided for the providers listed in this article.

↑ Back to the top


Resolution

Enable TLS 1.0 for Microsoft OLE DB Provider for SQL Server on SQL Server. TLS 1.0 can be enabled with the following registry changes:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server] "Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server] "DisabledByDefault"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client] "Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client] "DisabledByDefault"=dword:00000000

 

If the organization policy requires TLS 1.0 to be disabled, this can be done after the installation completes:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server] "Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server] "DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client] "Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client] "DisabledByDefault"=dword:00000001

 

TLS 1.0 may also need to be enabled on Dynamics CRM Server 2016 as client.

 

↑ Back to the top


More Information

TLS 1.0 can be disabled on SQL Server and Dynamics CRM Server 2016 after the installation completes if the organization policy needs TLS 1.0 disabled.

Useful articles:

SQL Server Native Client

Install or upgrade Microsoft Dynamics CRM Server

TLS 1.2 support for Microsoft SQL Server

Enable and Disable TLS 1.0

Microsoft OLE DB Provider for SQL Server Overview
 

↑ Back to the top


Keywords: Environment Diagnostics Wizard, EDW, install, SCHANNEL, TLS, TLS 1.0, OLEDB, SQL Server, SSL Security error, SECDoClientHandshake, CRM, Dynamics, TLS 1.2

↑ Back to the top

Article Info
Article ID : 4077486
Revision : 13
Created on : 2/1/2018
Published on : 2/1/2018
Exists online : False
Views : 319