Antarctica
Posts: 110
Joined: Tue Jul 08, 2014 9:24 am

SQL Server is TLS 1.2 only - ODBC connection timeout

Mon Aug 20, 2018 2:34 pm

Hello Advanced Installer team,

TLS 1.0 is deprecated since June 30, 2018, and use of TLS 1.2 is strongly encouraged. Eventually, some customers have started to switch to TLS 1.2 only.

I am using ODBC Connection Test in an installer built with AI 15.1.
When the SQL server's SCHANNEL.DLL is configured to only support TLS 1.2, the connection test fails with "Connection timeout". I can, however, connect through SSMS using encrypted TCP/IP, so TLS 1.2 seems to be working server-side.
Our .NET app had the same problem, which I have already fixed using the lines:

Code: Select all

            ServicePointManager.SecurityProtocol =
                SecurityProtocolType.Tls11 |
                SecurityProtocolType.Tls12;
For your reference, the registry file used by our customer to enforce TLS 1.2 is as follows:

Code: Select all

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"Enabled"=dword:00000001
"DisabledByDefault"=dword:00000000
(Server reboot required for changes to take effect)

Kind regards,

Alexander

Daniel
Posts: 8237
Joined: Mon Apr 02, 2012 1:11 pm
Contact:  Website

Re: SQL Server is TLS 1.2 only - ODBC connection timeout

Tue Aug 28, 2018 2:49 pm

Hello Alexander,

First of all I apologize for my delayed reply.

Analyzing your scenario this could happen if you are using the old "SQL Server" as the ODBC Driver to be used by our TestODBC custom action. Please note that this driver became deprecated and does not have TLS 1.2 support.

To avoid this issue I recommend you to use the newer "ODBC Driver 13 for SQL Server" ODBC driver which supports TLS 1.2.

Let us know if this helped.

All the best,
Daniel
Daniel Radu - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube

jdixon
Posts: 18
Joined: Sat Jan 04, 2014 8:50 pm

Re: SQL Server is TLS 1.2 only - ODBC connection timeout

Sun Dec 09, 2018 6:09 pm

So are you saying we need to make sure we deploy "ODBC Driver 13 for SQL Server" with Advanced Installer and make sure that is being used in Advanced Installer as the driver?

Daniel
Posts: 8237
Joined: Mon Apr 02, 2012 1:11 pm
Contact:  Website

Re: SQL Server is TLS 1.2 only - ODBC connection timeout

Mon Dec 10, 2018 1:01 pm

Hello,

Yes, in case the driver is not already installed you can simply download its setup package and add it as a pre-install prerequisite to your setup package.

All the best,
Daniel
Daniel Radu - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube

abarry
Posts: 4
Joined: Thu Dec 15, 2016 3:48 pm

Re: SQL Server is TLS 1.2 only - ODBC connection timeout

Tue Oct 29, 2019 4:54 pm

For elaboration, refer to the following post: viewtopic.php?t=32277

Catalin
Posts: 6541
Joined: Wed Jun 13, 2018 7:49 am

Re: SQL Server is TLS 1.2 only - ODBC connection timeout

Wed Oct 30, 2019 11:16 am

Hello,

Thank you for contributing to our forums.

I am sure the link will be useful for further users facing a similar scenario and finding this topic.

Best regards,
Catalin
Catalin Gheorghe - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube

neki
Posts: 1
Joined: Wed Nov 13, 2019 1:07 pm

Re: SQL Server is TLS 1.2 only - ODBC connection timeout

Wed Nov 13, 2019 1:22 pm

Hello

We have also a problem with the installer to connect to a sql server, that has disabled TLS 1.0.
We are working on AI version 16.4.1, have installed ODBC driver 13 on destination computer, using the default testconnection dialog from AI for browse database, have changed the "ODBC Driver:" string to the following 5 strings but it doesn't work with any of that strings.
1. [\{]ODBC Driver 13 for SQL Server[\}]
2. {ODBC Driver 13 for SQL Server}
3. ODBC Driver 13 for SQL Server
4. "ODBC Driver 13 for SQL Server"
5. "{ODBC Driver 13 for SQL Server}"

Is there a special format we have to insert the ODBC driver string or what we are doing wrong?

Catalin
Posts: 6541
Joined: Wed Jun 13, 2018 7:49 am

Re: SQL Server is TLS 1.2 only - ODBC connection timeout

Tue Nov 19, 2019 4:31 pm

Hello and welcome to Advanced Installer forums,

First of all, please accept my apologies for the delayed reply.

From what I can see, the first option is the correct one. The SQLConnectionString could look like this:

Driver=[\{]ODBC Driver 13 for SQL Server[\}];Server=[SERVER_PROP];Uid=[USERNAME_PROP];Pwd=[PASSWORD_PROP];

However, the server browse may still try to use the "SQL Server" driver. Could you please go to "SQL Databases" page --> under "Database server" section click on your predefined connection and make sure that the ODBC Driver is also set to "ODBC Driver 13 for SQL Server"?
ODBCDriver.png
ODBCDriver.png (133.68KiB)Viewed 52641 times
Hope this helps.

Best regards,
Catalin
Catalin Gheorghe - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube

narsingani
Posts: 23
Joined: Thu Sep 12, 2013 4:59 am

Re: SQL Server is TLS 1.2 only - ODBC connection timeout

Wed Jul 29, 2020 7:32 am

Hi there,
I am facing the similar issue with the vesion 11.4.1. I have changed the SQL Database connection to "ODBC Driver 13 for SQL Server". However, do I also need to change the "sqlConnectionString" to "Driver=[\{]ODBC Driver 13 for SQL Server[\}];Server=[SERVER_PROP];Port=[PORT_PROP];Uid=[USERNAME_PROP];Pwd=[PASSWORD_PROP];Database=[DATABASE_PROP];" in my case?

Thanks in Advance for your assistance
Upendra Narsingani

Catalin
Posts: 6541
Joined: Wed Jun 13, 2018 7:49 am

Re: SQL Server is TLS 1.2 only - ODBC connection timeout

Fri Jul 31, 2020 4:15 pm

Hello Upendra,
However, do I also need to change the "sqlConnectionString" to "Driver=[\{]ODBC Driver 13 for SQL Server[\}];Server=[SERVER_PROP];Port=[PORT_PROP];Uid=[USERNAME_PROP];Pwd=[PASSWORD_PROP];Database=[DATABASE_PROP];" in my case?
Yes, this being the case, you should also change the event to set the driver accordingly.

Best regards,
Catalin
Catalin Gheorghe - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube

Return to “Common Problems”