MCITP

MCITP

Friday, December 1, 2017

TLS 1.2 enabled issue with sql server 2012 and 2014


When you try to install Microsoft SQL Server 2012 or SQL Server 2014 on a server that has Transport Layer Security (TLS) version 1.2 enabled, you may encounter the following issues:

TSL is new and advanced version of SSL and mostly added to new OS systems which causing compatibility issue with sql server connection during and after installation. Versions of TLS — v1.1 and v1.2 are significantly more secure and fix many vulnerabilities present in SSL v3.0 and TLS v1.0.



  • If the version of SQL Server that you're trying to install doesn't contain the fix to enable TLS 1.2 support, you receive the following error message:
    Wait on the Database Engine recovery handle failed. Check the SQL Server error log for potential causes.
  • If the version of SQL Server that you're trying to install does contain the fix to enable TLS 1.2 support, you receive the following error message:
    A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: Named Pipes Provider, error: 0 - No process is on the other end of the pipe.)
    In both of these situations, the installation fails.
     

Cause  :
This issue occurs because SQL Server Setup uses SqlClient for ADO.NET from the .NET Framework 2.0. By default, the .NET Framework 2.0 works with TLS 1.0.



To resolve this issue, install the hotfix rollup for the .NET Framework, and then restart the server. Based on the operating system and SQL Server version that you're running: eg : Hotfix rollup 3106993 for the .NET Framework 2.0 SP2 for Windows 2012 R2 and Windows 8.1.

 

To work around this issue, follow these steps:

Run the SQL Server 2012 or SQL Server 2014 Setup program, and update the SQL Server version to a build that supports TLS 1.2. (For more information about the updates that add support for TLS 1.2, see KB 3052404.)

Use slipstream method while using workaround method with Cumulative updated and sql full installation simultaneously, below are the sql updates that has compatibility with TLS 1.2



 

After this SQL server will start but won’t be able to connect locally using SSMS as client requires TLS1.0 and 1.1 should be enabled in below registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0]  

 If we don’t want to enable TLS 1.0 and TLS 1.1 for security reason the other option would be install .Net 4.6+ which can be found here and everything will work fine.