Showing posts with label Microsoft SQL Server. Show all posts
Showing posts with label Microsoft SQL Server. Show all posts

Tuesday, November 26, 2024

SQL error when connecting to server using servername\instance.

SQL error when connecting to server using servername\instance. 

Error:

A network-related or instance-specific error occurred when establishing a connection to SQL server. the server was not found or was not accessible.Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: SQL Network Interfaces, error:26 - Error Locating Server/Instance Specified) (Microsoft SQL Server)

 


 Solution:

The UDP port 1434  on destination server was being  blocked in  the firewall.


Posted by at No comments:
Labels: , , , ,

Friday, February 25, 2022

Cannot open backup device. Operating system error 5(Access is denied.). RESTORE HEADERONLY is terminating abnormally. (Microsoft SQL Server, Error: 3201)

Came across this error while trying to restore a SQL database backup which was stored in a container to Azure SQL managed instance.

Operating system error 5(Access is denied.).
RESTORE HEADERONLY is terminating abnormally. (Microsoft SQL Server, Error: 3201)

The blob would connect properly and show the backup file.

Solution:

Deleted the stored credentials in the database and did the process again for restoring backup.





Posted by at No comments:
Labels: , , , , , , , , , ,

Thursday, May 10, 2018

How to force servers to communicate only on TLS 1.2

TLS 1.2 is a crytographic protocol of communication between computers.

The RFC link is below and more details on the protocol can be found on it.

https://tools.ietf.org/html/rfc5246#section-5

First of all you have to determine the tools that you would use to confirm TLS communication in your environment.


First I used netmon and wireshark to determine the communication. Both of them showed TLS 1.2 in the packet captures.



But microsoft message analyzer did not show TLS communication.It showed this.
 


If i look at a packet for RDP however I could see it using TLS 1.2.

Screenshot below is for an RDP session.



 

And that is how the communication between my IIS and SQL should have looked.

After a lot of searching and testing these were the things that were done to have servers communicate only on TLS 1.2.

1. Installing the right patches.
https://support.microsoft.com/en-us/help/3154520/support-for-tls-system-default-versions-included-in-the-net-framework
You can also upgrade the .net framework to 4.6 and above which is what I did.

2. Adding registry entries to disable protocols other than  TLS 1.2.


Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client]
"DisabledByDefault"=dword:00000001
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"Enabled"=dword:ffffffff
"DisabledByDefault"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"Enabled"=dword:ffffffff
      "DisabledByDefault"=dword:00000000



3. Adding SQL certificate(pfx) in SQL server configuration manager to enable encrypted communications.
https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/enable-encrypted-connections-to-the-database-engine?view=sql-server-2017



After making the changes given above and restarting the servers. I was able to see the same behavior in Message Analyzer for the communication between our IIS and SQL.





Additional reading
https://blogs.perficient.com/2016/04/28/tsl-1-2-and-net-support/
Implications of turning off FIPS compliance policy.
https://blogs.technet.microsoft.com/secguide/2014/04/07/why-were-not-recommending-fips-mode-anymore/

Environment:
SQL 2016,Windows 2012 R2.


Posted by at No comments:
Labels: , , , , , , , , ,
Subscribe to: Posts (Atom)