2021年8月28日 星期六

SQL Server 2012 Native Client - QFE才支援TLS 1.2

某次SQL Server伺服器作業系統關閉TLS 1.0和1.1之後,AP程式連DB有問題,後來發現是要安裝新版的SQL Server 2012 Native Client - QFE。原本是安裝舊版的11.0.2100.60(在2012年發佈的)。安裝後需要重新啟動伺服器。

下載Microsoft® SQL Server® 2012 Native Client - QFE (支援TLS 1.2)
https://www.microsoft.com/en-us/download/details.aspx?id=50402

Version:
11.0.7001.0

Date Published:
1/19/2018



升級成新版可以在AP伺服器建立一個 .udl檔案測試和資料庫連線,可參考以下網址
https://success.trendmicro.com/solution/1118930-using-tlsv1-1-or-tlsv1-2-for-communication-between-mssql-server-and-officescan

 
KB3135244 - TLS 1.2 support for Microsoft SQL Server(必看!)
https://support.microsoft.com/en-us/topic/kb3135244-tls-1-2-support-for-microsoft-sql-server-e4472ef8-90a9-13c1-e4d8-44aad198cdbe

 
 

sqlncli.msi安裝程式資訊(
QFE版支援TLS1.2)



sqlncli.msi安裝程式資訊(舊版,不支援TLS1.2)
 

 
 
AP程式的錯誤訊息(Crystal Report版本是11.5,AP伺服器安裝舊版sqlncli.msi,DB伺服器已關閉TLS 1.0和1.1):

System.Runtime.InteropServices.COMException (0x8004100F): Logon failed.

Details:  [Database Vendor Code: 10054 ]

Logon failed.

Details:  [Database Vendor Code: 10054 ]

Error in File C:\Windows\TEMP\XXXXX.rpt:

Unable to connect: incorrect log on parameters.

Details:  [Database Vendor Code: 10054 ]

   at CrystalDecisions.ReportAppServer.Controllers.DatabaseControllerClass.SetTableLocation(ISCRTable CurTable, ISCRTable NewTable)

   at CrystalDecisions.CrystalReports.Engine.Table.set_Location(String value)
 
 
 
Event Log的錯誤訊息:
 
 
 


如果有用到ODBC Driver 11 for SQL Server(msodbcsql.msi)也需要新版才支援TLS1.2
<最新版已經出到17)
https://docs.microsoft.com/zh-tw/sharepoint/security-for-sharepoint-server/enable-tls-1-1-and-tls-1-2-support-in-sharepoint-server-2016

1.1 - 安裝 ODBC Driver 11 for SQL Server 的 TLS 1.2 支援更新

ODBC Driver 11 for SQL Server (適用於 SQL Server 的 ODBC 驅動程式 11) 預設不支援 TLS 1.1 或 TLS 1.2。您必須安裝 ODBC Driver 11 for SQL Server 的 TLS 1.2 支援更新。

CheckClientUpdates.ps1
The PowerShell Script currently supports the following:

Check if SQL Server Native Client can support TLS 1.2
Check if Microsoft ODBC Driver for SQL Server can support TLS 1.2 This script is restricted to work on x64 and x86 platforms


在AP伺服器上檢測SQL Server資料庫驅動程式是否支援TLS 1.2?
支援TLS 1.2


不支援TLS 1.2

 
 
 
 
以下文章參考用,和升級TLS 1.2無關
https://docs.microsoft.com/en-us/sql/connect/oledb/oledb-driver-for-sql-server?view=sql-server-ver15

Different generations of OLE DB Drivers

There are three distinct generations of Microsoft OLE DB providers for SQL Server.

1. Microsoft OLE DB Provider for SQL Server (SQLOLEDB)

The Microsoft OLE DB Provider for SQL Server (SQLOLEDB) still ships as part of Windows Data Access Components. It is not maintained anymore and it is not recommended to use this driver for new development.

2. SQL Server Native Client (SNAC)

Starting in SQL Server 2005 (9.x), the SQL Server Native Client (SNAC) includes an OLE DB provider interface (SQLNCLI) and is the OLE DB provider that shipped with SQL Server 2005 (9.x) through SQL Server 2012 (11.x).

It was announced as deprecated in 2011 and it is not recommended to use this driver for new development. For more information about the SNAC lifecycle and available downloads, refer to SNAC lifecycle explained.

3. Microsoft OLE DB Driver for SQL Server (MSOLEDBSQL)

OLE DB was undeprecated and released in 2018.

The new OLE DB provider is called the Microsoft OLE DB Driver for SQL Server (MSOLEDBSQL). The new provider will be updated with the most recent server features going forward.

 Note

To use the new Microsoft OLE DB Driver for SQL Server in existing applications, you should plan to convert your connection strings from SQLOLEDB or SQLNCLI, to MSOLEDBSQL.

 

沒有留言:

張貼留言