Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.
View products that this article applies to.
When you try to install Dynamics CRM Server 2016, the Environment Diagnostics Wizard fails with this error message:
| Error| Check SqlServerValidator : Failure: Could not connect to the following SQL Server: 'Server Name'. Verify that the server is up and running and that you have SQL Server administrative credentials. [DBNETLIB][ConnectionOpen (SECDoClientHandshake()).]SSL Security error. |
The Dynamics CRM Server 2016 wizard requires connectivity check through Microsoft OLE DB Provider for SQL Server to start database creation. The installation documentation lists software installed during the setup. This includes the Microsoft SQL Server Native Client. The setup uses this native client and during the phase of the configuration database creation, OLE DB connection is required.
This connectivity failure reproduces when a test connection is created for the given SQL Server through a UDL file.
This fails because the secured connection between the Dynamics CRM Server 2016 and the SQL Server needs TLS 1.0 to be enabled for the OLE DB Provider for SQL Server. And the SQL Server may not have TLS 1.0 enabled for secure channel communication.
The connectivity may fail even if TLS 1.1 or 1.2 is enabled on the SQL Server as the OLE DB Provider for SQL Server supports only TLS 1.0. Support for TLS 1.2 is provided for the providers listed in this article.
Enable TLS 1.0 for Microsoft OLE DB Provider for SQL Server on SQL Server. TLS 1.0 can be enabled with the following registry changes:
| [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server] "DisabledByDefault"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client] "DisabledByDefault"=dword:00000000 |
If the organization policy requires TLS 1.0 to be disabled, this can be done after the installation completes:
| [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server] "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server] "DisabledByDefault"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client] "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client] "DisabledByDefault"=dword:00000001 |
TLS 1.0 may also need to be enabled on Dynamics CRM Server 2016 as client.
TLS 1.0 can be disabled on SQL Server and Dynamics CRM Server 2016 after the installation completes if the organization policy needs TLS 1.0 disabled.
Useful articles:
Install or upgrade Microsoft Dynamics CRM Server
Keywords: Environment Diagnostics Wizard, EDW, install, SCHANNEL, TLS, TLS 1.0, OLEDB, SQL Server, SSL Security error, SECDoClientHandshake, CRM, Dynamics, TLS 1.2