Sfrgttk

What are the pros and cons of Aerospike nosecones?

What causes the vertical darker bands in my photo?

How can players work together to take actions that are otherwise impossible?

How do I keep my slimes from escaping their pens?

Is a manifold-with-boundary with given interior and non-empty boundary essentially unique?

What would be Julian Assange's expected punishment, on the current English criminal law?

Why is "Consequences inflicted." not a sentence?

Disable hyphenation for an entire paragraph

How widely used is the term Treppenwitz? Is it something that most Germans know?

ListPlot join points by nearest neighbor rather than order

How to assign captions for two tables in LaTeX?

What are 'alternative tunings' of a guitar and why would you use them? Doesn't it make it more difficult to play?

Bonus calculation: Am I making a mountain out of a molehill?

Do I really need recursive chmod to restrict access to a folder?

Stars Make Stars

If a contract sometimes uses the wrong name, is it still valid?

How to say 'striped' in Latin

Does accepting a pardon have any bearing on trying that person for the same crime in a sovereign jurisdiction?

What would be the ideal power source for a cybernetic eye?

WAN encapsulation

How to bypass password on Windows XP account?

Did Xerox really develop the first LAN?

Why is "Captain Marvel" translated as male in Portugal?

Check which numbers satisfy the condition [A*B*C = A! + B! + C!]

Does SQL Server 2008 R2 10.50.6560.0 Support TLS 1.2?

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}

4

We recently upgraded a non-production SQL Server 2008 R2 system to SP3, and then Windows Updates installed the latest Security Update (10.50.6560.0). I see that TLS 1.2 support for 2008 R2 is provided in 10.50.6542.0, but that update will not install on top of 6560. Login attempts are failing and I can see in Event Viewer that the client is requesting TLS 1.2, but the server doesn't support it.

SSMS returns:

...(provider: SSL Provider, error: 0 - An existing connection was forcibly closed by the remote host.)

(Microsoft SQL Server, Error: 10054)

System Event Log on server:

Event ID 36874

An TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

I have tried updating the various SQL clients on both client and server, enabling TLS 1.2 in the registry on the server (and rebooting), to no avail. So now I'm beginning to think that build 6560 doesn't support it, and if that's the case, I have to uninstall it somehow so that I can install build 6542 first.

We have other servers running the same build that work fine, so I'm trying to find what's different about this server--no luck yet.

sql-server sql-server-2008-r2

share|improve this question

edited Jul 26 '18 at 1:07

Tony Hinkle

asked Jul 25 '18 at 17:19

Tony HinkleTony Hinkle

3,0901725

• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  
  6560 includes the fixes from 6542, so uninstalling the former to install the latter is not going to get you anywhere. This is not SQL Server but another component, likely SqlClient or .NET Framework. Did you install all applicable updates from the second and third tables here? I don't think you'll get any of those by default from Windows Update.
  
  – Aaron Bertrand♦
  Jul 25 '18 at 17:26
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  This answer shows the required minimums for TLS 1.2 on SQL Server 2008 R2.
  
  – Max Vernon
  Jul 25 '18 at 18:39
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Regarding article reference by @AaronBertrand, none of the .NET updates that are listed apply on the server (I have tried them all). I have updated the client with every type of driver (ADO.Net, 2012 and 2008 R2 native clients, and ODBC). I have also created the reg keys to enable TLS 1.2 on the server (and rebooted).
  
  – Tony Hinkle
  Jul 25 '18 at 19:24
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  At this point I would engage Microsoft customer support.
  
  – Aaron Bertrand♦
  Jul 25 '18 at 19:33
  

  
  
  
  

add a comment | 

4

We recently upgraded a non-production SQL Server 2008 R2 system to SP3, and then Windows Updates installed the latest Security Update (10.50.6560.0). I see that TLS 1.2 support for 2008 R2 is provided in 10.50.6542.0, but that update will not install on top of 6560. Login attempts are failing and I can see in Event Viewer that the client is requesting TLS 1.2, but the server doesn't support it.

SSMS returns:

...(provider: SSL Provider, error: 0 - An existing connection was forcibly closed by the remote host.)

(Microsoft SQL Server, Error: 10054)

System Event Log on server:

Event ID 36874

An TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

I have tried updating the various SQL clients on both client and server, enabling TLS 1.2 in the registry on the server (and rebooting), to no avail. So now I'm beginning to think that build 6560 doesn't support it, and if that's the case, I have to uninstall it somehow so that I can install build 6542 first.

We have other servers running the same build that work fine, so I'm trying to find what's different about this server--no luck yet.

sql-server sql-server-2008-r2

share|improve this question

edited Jul 26 '18 at 1:07

Tony Hinkle

asked Jul 25 '18 at 17:19

Tony HinkleTony Hinkle

3,0901725

• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  
  6560 includes the fixes from 6542, so uninstalling the former to install the latter is not going to get you anywhere. This is not SQL Server but another component, likely SqlClient or .NET Framework. Did you install all applicable updates from the second and third tables here? I don't think you'll get any of those by default from Windows Update.
  
  – Aaron Bertrand♦
  Jul 25 '18 at 17:26
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  This answer shows the required minimums for TLS 1.2 on SQL Server 2008 R2.
  
  – Max Vernon
  Jul 25 '18 at 18:39
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Regarding article reference by @AaronBertrand, none of the .NET updates that are listed apply on the server (I have tried them all). I have updated the client with every type of driver (ADO.Net, 2012 and 2008 R2 native clients, and ODBC). I have also created the reg keys to enable TLS 1.2 on the server (and rebooted).
  
  – Tony Hinkle
  Jul 25 '18 at 19:24
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  At this point I would engage Microsoft customer support.
  
  – Aaron Bertrand♦
  Jul 25 '18 at 19:33
  

  
  
  
  

add a comment | 

We recently upgraded a non-production SQL Server 2008 R2 system to SP3, and then Windows Updates installed the latest Security Update (10.50.6560.0). I see that TLS 1.2 support for 2008 R2 is provided in 10.50.6542.0, but that update will not install on top of 6560. Login attempts are failing and I can see in Event Viewer that the client is requesting TLS 1.2, but the server doesn't support it.

SSMS returns:

...(provider: SSL Provider, error: 0 - An existing connection was forcibly closed by the remote host.)

(Microsoft SQL Server, Error: 10054)

System Event Log on server:

Event ID 36874

An TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

I have tried updating the various SQL clients on both client and server, enabling TLS 1.2 in the registry on the server (and rebooting), to no avail. So now I'm beginning to think that build 6560 doesn't support it, and if that's the case, I have to uninstall it somehow so that I can install build 6542 first.

We have other servers running the same build that work fine, so I'm trying to find what's different about this server--no luck yet.

sql-server sql-server-2008-r2

share|improve this question

edited Jul 26 '18 at 1:07

Tony Hinkle

asked Jul 25 '18 at 17:19

Tony HinkleTony Hinkle

3,0901725

share|improve this question

edited Jul 26 '18 at 1:07

Tony Hinkle

asked Jul 25 '18 at 17:19

Tony HinkleTony Hinkle

3,0901725

share|improve this question

edited Jul 26 '18 at 1:07

Tony Hinkle

asked Jul 25 '18 at 17:19

Tony HinkleTony Hinkle

3,0901725

asked Jul 25 '18 at 17:19

Tony HinkleTony Hinkle

3,0901725

asked Jul 25 '18 at 17:19

Tony HinkleTony Hinkle

3,0901725

2 Answers
2

active

oldest

votes

1

Build 10.50.6560.0 does support TLS 1.2. I was able to resolve the problem by installing a new certificate from our CA. Apparently the older certificates that are on the server are not capable of supporting TLS 1.2.

TLS 1.2 support for Microsoft SQL Server includes information regarding the client and server versions that are required to support TLS 1.2.

share|improve this answer

edited Jul 31 '18 at 13:57

answered Jul 30 '18 at 17:29

Tony HinkleTony Hinkle

3,0901725

add a comment | 

0

We have just moved to Exchange 2016 and our 2008 R2 servers were unable to send emails after that. I configured Database Mail for SSL and port 587 and gave it a trusted login but then found an error in the Eventlog that was to do with the system not being able to download a certificate. I therefore downloaded it manually and installed it and was able to send emails after that.

The certificate is:

http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/47BEABC922EAE80E78783462A79F45C254FDE68B.crt

share

answered 3 mins ago

RichardRichard

11

New contributor

Richard is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "182"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fdba.stackexchange.com%2fquestions%2f213226%2fdoes-sql-server-2008-r2-10-50-6560-0-support-tls-1-2%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

1

Build 10.50.6560.0 does support TLS 1.2. I was able to resolve the problem by installing a new certificate from our CA. Apparently the older certificates that are on the server are not capable of supporting TLS 1.2.

TLS 1.2 support for Microsoft SQL Server includes information regarding the client and server versions that are required to support TLS 1.2.

share|improve this answer

edited Jul 31 '18 at 13:57

answered Jul 30 '18 at 17:29

Tony HinkleTony Hinkle

3,0901725

add a comment | 

1

Build 10.50.6560.0 does support TLS 1.2. I was able to resolve the problem by installing a new certificate from our CA. Apparently the older certificates that are on the server are not capable of supporting TLS 1.2.

TLS 1.2 support for Microsoft SQL Server includes information regarding the client and server versions that are required to support TLS 1.2.

share|improve this answer

edited Jul 31 '18 at 13:57

answered Jul 30 '18 at 17:29

Tony HinkleTony Hinkle

3,0901725

add a comment | 

Build 10.50.6560.0 does support TLS 1.2. I was able to resolve the problem by installing a new certificate from our CA. Apparently the older certificates that are on the server are not capable of supporting TLS 1.2.

TLS 1.2 support for Microsoft SQL Server includes information regarding the client and server versions that are required to support TLS 1.2.

share|improve this answer

edited Jul 31 '18 at 13:57

answered Jul 30 '18 at 17:29

Tony HinkleTony Hinkle

3,0901725

share|improve this answer

edited Jul 31 '18 at 13:57

answered Jul 30 '18 at 17:29

Tony HinkleTony Hinkle

3,0901725

answered Jul 30 '18 at 17:29

Tony HinkleTony Hinkle

3,0901725

answered Jul 30 '18 at 17:29

Tony HinkleTony Hinkle

3,0901725

0

We have just moved to Exchange 2016 and our 2008 R2 servers were unable to send emails after that. I configured Database Mail for SSL and port 587 and gave it a trusted login but then found an error in the Eventlog that was to do with the system not being able to download a certificate. I therefore downloaded it manually and installed it and was able to send emails after that.

The certificate is:

http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/47BEABC922EAE80E78783462A79F45C254FDE68B.crt

share

answered 3 mins ago

RichardRichard

11

New contributor

Richard is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

0

We have just moved to Exchange 2016 and our 2008 R2 servers were unable to send emails after that. I configured Database Mail for SSL and port 587 and gave it a trusted login but then found an error in the Eventlog that was to do with the system not being able to download a certificate. I therefore downloaded it manually and installed it and was able to send emails after that.

The certificate is:

http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/47BEABC922EAE80E78783462A79F45C254FDE68B.crt

share

answered 3 mins ago

RichardRichard

11

New contributor

Richard is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

We have just moved to Exchange 2016 and our 2008 R2 servers were unable to send emails after that. I configured Database Mail for SSL and port 587 and gave it a trusted login but then found an error in the Eventlog that was to do with the system not being able to download a certificate. I therefore downloaded it manually and installed it and was able to send emails after that.

The certificate is:

http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/47BEABC922EAE80E78783462A79F45C254FDE68B.crt

share

answered 3 mins ago

RichardRichard

11

New contributor

Richard is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share

answered 3 mins ago

RichardRichard

11

New contributor

Richard is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

answered 3 mins ago

RichardRichard

11

New contributor

Richard is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

answered 3 mins ago

RichardRichard

11