Install-Module -Name ReportingServicesTools
$sourceRsUri = 'http://reportginserver/Reportserver'
#Declare Proxy so we dont need to connect with every command
$proxy = New-RsWebServiceProxy -ReportServerUri $sourceRsUri
#Output ALL Catalog items to file system
Out-RsFolderContent -Proxy $proxy -RsFolder / -Destination 'c:\Backup_Reports' -Recurse
Showing posts with label SQL Server. Show all posts
Showing posts with label SQL Server. Show all posts
Monday, October 30, 2023
Download all Reports from SSRS reporting server
Thursday, May 10, 2018
How to force servers to communicate only on TLS 1.2
TLS 1.2 is a crytographic protocol of communication between computers.
The RFC link is below and more details on the protocol can be found on it.
https://tools.ietf.org/html/rfc5246#section-5
First of all you have to determine the tools that you would use to confirm TLS communication in your environment.
First I used netmon and wireshark to determine the communication. Both of them showed TLS 1.2 in the packet captures.
But microsoft message analyzer did not show TLS communication.It showed this.
If i look at a packet for RDP however I could see it using TLS 1.2.
Screenshot below is for an RDP session.
And that is how the communication between my IIS and SQL should have looked.
After a lot of searching and testing these were the things that were done to have servers communicate only on TLS 1.2.
1. Installing the right patches.
https://support.microsoft.com/en-us/help/3154520/support-for-tls-system-default-versions-included-in-the-net-framework
You can also upgrade the .net framework to 4.6 and above which is what I did.
2. Adding registry entries to disable protocols other than TLS 1.2.
3. Adding SQL certificate(pfx) in SQL server configuration manager to enable encrypted communications.
https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/enable-encrypted-connections-to-the-database-engine?view=sql-server-2017
After making the changes given above and restarting the servers. I was able to see the same behavior in Message Analyzer for the communication between our IIS and SQL.
Additional reading
https://blogs.perficient.com/2016/04/28/tsl-1-2-and-net-support/
Implications of turning off FIPS compliance policy.
https://blogs.technet.microsoft.com/secguide/2014/04/07/why-were-not-recommending-fips-mode-anymore/
Environment:
SQL 2016,Windows 2012 R2.
The RFC link is below and more details on the protocol can be found on it.
https://tools.ietf.org/html/rfc5246#section-5
First of all you have to determine the tools that you would use to confirm TLS communication in your environment.
First I used netmon and wireshark to determine the communication. Both of them showed TLS 1.2 in the packet captures.
But microsoft message analyzer did not show TLS communication.It showed this.
If i look at a packet for RDP however I could see it using TLS 1.2.
Screenshot below is for an RDP session.
And that is how the communication between my IIS and SQL should have looked.
After a lot of searching and testing these were the things that were done to have servers communicate only on TLS 1.2.
1. Installing the right patches.
https://support.microsoft.com/en-us/help/3154520/support-for-tls-system-default-versions-included-in-the-net-framework
You can also upgrade the .net framework to 4.6 and above which is what I did.
2. Adding registry entries to disable protocols other than TLS 1.2.
Windows
Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL
2.0]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL
2.0\Client]
"DisabledByDefault"=dword:00000001
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL
2.0\Server]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL
3.0]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL
3.0\Client]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL
3.0\Server]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS
1.0]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS
1.0\Client]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS
1.0\Server]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS
1.1]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS
1.1\Client]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS
1.1\Server]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS
1.2]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS
1.2\Client]
"Enabled"=dword:ffffffff
"DisabledByDefault"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS
1.2\Server]
"Enabled"=dword:ffffffff
"DisabledByDefault"=dword:000000003. Adding SQL certificate(pfx) in SQL server configuration manager to enable encrypted communications.
https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/enable-encrypted-connections-to-the-database-engine?view=sql-server-2017
After making the changes given above and restarting the servers. I was able to see the same behavior in Message Analyzer for the communication between our IIS and SQL.
Additional reading
https://blogs.perficient.com/2016/04/28/tsl-1-2-and-net-support/
Implications of turning off FIPS compliance policy.
https://blogs.technet.microsoft.com/secguide/2014/04/07/why-were-not-recommending-fips-mode-anymore/
Environment:
SQL 2016,Windows 2012 R2.
Subscribe to:
Posts (Atom)