7:00 AM
Paul B
The other day our business intelligence guru came to me because she couldn't login to our test Microsoft Dynamics GP 2013 environment for some reason. After some digging I found it was because the SQL Server 2014 service wasn't running. When trying to manually start the service I got the following error in the event logs:
TDSSNIClient initialization failed with error 0x80090331, status code 0x80. Reason: Unable to initialize SSL support. The client and server cannot communicate, because they do not possess a common algorithm.
This was caused because I was testing encryption changes on the server using IISCrypto a few days earlier. I wanted to configure the server to only support TLS 1.1 and TLS 1.2 using only AES Ciphers. IIS Crypto looked like this:
Well I guess Micorsoft SQL 2014 doesn't like that too much, so I had to change it back to enable TLS 1.0 as well as Triple DES and RC4, so IIS Crypto looked like this:
After I applied that change in IISCrypto and rebooted the SQL server everything started up again as it should.
Do you know how I can better lock down SSL when it comes to SQL? I want to turn off the weaker protocols and ciphers. If you know how to do it, or have a link on how to make it work let me know in the comments!
