dbnetlib connectionopen secdoclienthandshake ошибка безопасности ssl

SSL Security error [DBNETLIB]ConnectionOpen (SECDoClientHandshake())

This particular resolution is one of its own kind their could have been other possibilites for his error message to raise, generally it comes if you have Expired Certificates or invalid Certificates on the Server for the user account or the computer account, delete the unwanted Certificates on the server and then try to start SQL or Connect should work

Other times this message comes if you had encryption enabled for the Server sometime but no more now, but then internally we are still finding the certificate somehow, though you anyways dont need the SSL certificate, so go to the following Registry and check for the Certificate value it should be EMPTY, but if it has ThumbPrint value of the Certifcate it is a problem, go ahead and make the change for Certificate value set to 0

HKLMSOFTWAREMicrosoftMSSQLServerMSSQLServerSuperSocketNetLib REG_SZ Certificate=0

Coming back to this unique problem:

Problem Description:
=================
Trying to enable SSL encryption for sql server connections on server
Went through the steps detailed in article 276553 ( http://support.microsoft.com/? >).

From one client we were unable to connect to the SQL Server 2000 using encrypted connections . From our own desktop workstation , along with that of one of the other Clients box they are unable to connect to the SQL Server through encrypted connections.

Consistently receive the following error:
[DBNETLIB]SSL Security error[DBNETLIB]ConnectionOpen (SECDoClientHandshake()).

The certificate chains are identical on both machines.

We Enabled odbc tracing and attempted to login again from his local box. The log of that attempt is enclosed. It contains the following information:

osql -Sact-dd01 2764-1a88 EXIT SQLDriverConnectW with return code -1 (SQL_ERROR) HDBC 009A1830 HWND 00000000 WCHAR * 0x74329A38 [ -3] «****** 0» SWORD -3 WCHAR * 0x74329A38 SWORD 2 SWORD * 0x00000000 UWORD 0
DIAG [08001] [Microsoft][ODBC SQL Server Driver][DBNETLIB]SSL Security error (18)
DIAG [01000] [Microsoft][ODBC SQL Server Driver][DBNETLIB]ConnectionOpen (SECDoClientHandshake()). (271)
Operating System:Windows 2003 : where the Encrypted Client connections are working
Operating System: Windows XP Sp2 and Windows 2000 SP4 where the Client connections are not working using Encryption, though if the encryption is not enabled the connections will flow fine

Cause
=====
The cause is a DBNETLIB.DLL , the version compatibility of this DLL on the XP and Windows 2000 is the possible culprit, i dont think it is a BUG

2) Now Check the Version for the same DLL on the Windows XP Sp2 and Windows 2000 Sp4 box

In My case the Windows XP SP2 had the following version of the DBNETLIB.DLL
Version: 2000.85.1117.0

The Windows 2000 SP4 box had the follwoing DLL version in my case
Version: 2000.85.1064.0

4) So what i did was, i copied the DLL Version: 2000.86.1830.0 from the Windows 2003 SP1 box to the Windows Xp SP2 box and also to the Windows 2000 SP4 Box

Went to the following location on the Windows XP Sp2 box:

C:windowssystem32 and renamed the existing DBNETLIB.DLL to DBNETLIB.DLL.OLD
After that pasted the copied DLL version 2000.86.1830.0 on the XP Sp2 box in the following location c:windowssystem32DBNETLIB.DLL <2000.86.1830.0>after that did a refresh and saw that the Version got back to the older version that is 2000.85.1117.0. Made a check in the DLLCACHE and saw that the DBNETLIB.DLL was present there and was having the Version 2000.85.1117.0 , hence First paste the DBNETLIB.DLL in the DLLCACHE and then replace the actual DLL inside the c:windowssystem32.

Do a refresh and see if the DLL version is Showing as 2000.86.1830.0 on the XP Sp2 Box.

The above resolved the issue with the SSL encryption errors, and the Secured channel is established

5) Repeat the above Steps for a Windows 2000 SP4 box, and this should help in getting past through the problem

NOTE: Never try to Register this DLL, also it wont let you as well, as it is not a COM DLL, also replacing this DLL will never break anything as it is a System DLL and the version is upgraded through MDAC

can this article be re written by someone who actually speaks english? The grammer is so bad is difficult to understand what they mean.

I don’t care if this blog is written in English or not!! Hats off to this guy! thank you, this solution actually works!! ��

@ber5ien | IT Professional | Personal Blog

I have recently have this issue on SQL Server 2012 with Windows Server 2012 R2.

The error was displayed one using OLE DP Provider in the VB script connection strings.
After looking at various google post explaining this issue nothing has worked.

To confirm the server is PCI DSS compliant and TLS 1.0

this is to use native SQL Client Drivers to connect.

This has worked and no more issues the script complained.

Our ASP/IIS web server talks to a SQL 2005 db server.

Eventually, without a pattern, some pages start showing error instead of the page content:

[DBNETLIB][ConnectionOpen (SECDoClientHandshake()).]SSL Security error.

Rebooting web server resolves it.

Anyone know about it?

2 Answers 2

Some things you should look at:

  • Low bandwidth to the DB server (see http://support.microsoft.com/kb/322144)
  • Problematic certificates on the DB server, e.g. self-signed certificates
  • SQL Authentication mode — Windows only, or SQL and Windows

In case others happen to come across this when their certs expire and wonder why their SQL Server is giving SSL errors.

This worked for me after removing unwanted certs. setting Certificate=0 in registry:

HKLMSOFTWAREMicrosoftMSSQLServerMSSQLServerSuperSocketNetLib REG_SZ Certificate=0

Not the answer you’re looking for? Browse other questions tagged iis asp-classic ado ssl-security or ask your own question.

Hot Network Questions

To subscribe to this RSS feed, copy and paste this URL into your RSS reader.

site design / logo © 2019 Stack Exchange Inc; user contributions licensed under cc by-sa 4.0 with attribution required. rev 2019.11.15.35459

Оцените статью