3

I just installed SQL Server Management Studio, and I'm trying to connect to SQL Server 2014. It shows an error message "A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The client and server cannot communicate, because they do not possess a common algorithm.)"

My co-worker's SSMS connects with no issues, so I'm sure the server is working.

From what I've found so far, it's because of the TLS version issue, and I should upgrade SQL Server. Unfortunately, I don't control the server, just the client, and I have no idea when the DBA will get around to updating. I can't just wait around for them to find time to update.

I tried both SSMS 2016 version 13.0.16106.4 and SSMS v17.9.1 version 14.0.17289.0.

What can I do on my machine to make sure it connects to the server?

asked Feb 5, 2019 at 16:39
5
  • What version of TLS? SSMS? Commented Feb 5, 2019 at 17:05
  • @JacobH I just updated the question with SSMS versions. How do I check TLS versions? Commented Feb 5, 2019 at 17:24
  • 2
    I'm guessing that the server doesn't support TLS 1.2, and TLS 1.0 is disabled on the system where you're running SSMS, so see if you can enable TLS 1.0 on the system running SSMS: learn.microsoft.com/en-us/windows-server/security/tls/… Commented Feb 5, 2019 at 18:13
  • @TonyHinkle Enabling TLS 1.0 worked! Thanks! Commented Feb 5, 2019 at 19:00
  • Same problem, and I have encryption set as optional. Apparently Microsoft SSMS thinks the word "Optional" is the same as "Mandatory". Commented Jun 16 at 23:13

2 Answers 2

12

One issue that can cause this is if TLS 1.0 is disabled on the client as part of a security hardening process. Since the version of SQL Server you are trying to connect to doesn't support a version of TLS that is enabled on your system, the connection fails.

If you can't upgrade SQL Server, the only solution is to enable TLS 1.0 on the system where SSMS is running. This can be done by modifying the appropriate registry settings specified in Transport Layer Security (TLS) registry settings

Registry path: HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols

To enable the TLS 1.0 protocol, create an Enabled entry in either the Client or Server subkey as described in the following table. This entry does not exist in the registry by default. After you have created the entry, change the DWORD value to 1.

answered Feb 5, 2019 at 19:35
1
  • Encrypt: Optional ... QA forgot to test this Commented Jun 16 at 23:14
0 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001
answered Jan 5, 2023 at 14:23
1
  • You can make your answer better by explaining what this does and why you should do this. Commented Jan 5, 2023 at 20:28

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.