Question:I've upgraded an application with a built - in Database API . When attempting to establish a SQL Server database connection this error appears - Connection failed - SQL Server Error 772 - TCPIP Socket
Upon investigation the application was using the native drivers attempting to connect to a SQL Server 2016 \ windows 2016 .
Image may be NSFW.
Clik here to view.
As part of the testing I downloaded the ODBC 13.1 SQL Server drivers - independent of the application and tested a DSN connection to the same SQL Server - and it connected OK. I then created a DSN with native drivers and the error reappeared.
What is going on ? How can I fix this issue?
Answer:What's happening here is that the drivers being used by the application Database API do not support TLS 1.1 or TLS 1.2 and need to have TLS 1.0 enabled on the target Windows 2016 server supporting SQL Server 2016. When you tested with the ODBC 13.1 drivers - they worked as they support TLS 1.1 and TLS 1.2.
The first step is to check the target server and establish what levels of TLS are enabled\disabled. Work with your security team and\or windows administrators to enable TLS 1.0 , retry the connection test .
It is possible TLS 1.0 is disabled as a best practice - there were a number of vulnerabilities exploiting TLS 1.0. This may require you to progress with some sort of security exception within your organization.Consideration for what actions to take should be part of the SQL Server - Security Risk Analysis and database security
Work with the vendor to request the Database API in the application is updated to support the latest SQL Server drivers
Database Security Countermeasures against hacker attacks
Author: Jack Vamvas ( http://www.sqlserver-dba.com )