TLS 1.2 Support for MSSQL

Like many people, you’re still running Windows 2008 R2. You removed SSL and TLS 1.0 and other various security related connection configurations and protocols and you want to now install Microsoft SQL Server 2008 R2!

Note: if you have not disabled these open wounds of Internet communication you should do so now!

Note: there are many things to can go wrong here. I am assuming that you have managed to install it, but it won’t start from Services. In Events, you probably have this after trying to start it (you might have other errors, as well):

 

Log Name:      Application
Source:        MSSQLSERVER
Date:          10/24/2016 3:54:34 PM
Event ID:      17182
Task Category: Server
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      XXXXXXXXXXXXXXXXXXXX
Description:
TDSSNIClient initialization failed with error 0x80090331, status code 0x80. Reason: Unable to initialize SSL support. The client and server cannot communicate, because they do not possess a common algorithm.

Here’s how I did it. This might save you some pain:

  1. Install MSSQL 2008 R2 as you would normally.
    1. Say yes to continue to everything. You will get failure messages when it tries to start itself
  2. Download and install Service Pack 3 (If your download package doesn’t have it already – run it anyway to make sure because it’s difficult to get the SQL version when it can’t start itself)
    1. Windows update, for some reason, wasn’t picking up SP3 for my installation
  3. Next, you will need a patch that applies to just about all versions of MS SQL. Microsoft was pretty sloppy about not supporting higher TLS out the box. I don’t know why. Download the patch from here. You will need to send yourself an email with the link. Make sure you know exactly which version you are running! So, when I said above that you should run the SP3 installation to make sure, that is what I recommend.
  4. After running the patch, I rebooted (don’t think that is necessary, though) and the everything ran perfectly.

Done!

Add a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.