MDT Database using TLS 1.2 RRS feed

  • Question

  • We recently upgraded our MDT Database from 2008 to 2016 and the new server uses TLS 1.2 only.  When attempting to connect to the DB using TCP/IP on a specific port we receive this error in the BDD Logs while retrieving the location settings in bootstrap.ini.

    [DBNETLIB][ConnectionOpen SECDoClientHandshake()]SSL Security error

    Also, using a custom HTA front end, when trying to retrieve data from the DB we get the same message.

    sconn="Provider=SQLOLEDB;OLE DB Services=0;Data Source=SomeServerName\SomeInstance,SomePort;Initial Catalog=SomeDatabase;Network Library=DBMSSOCN;Integrated Security=SSPI"

    Searching the web I found that the older SQLOLEDB provider is not capable of supporting TLS 1.2

    Does anyone know what is required to make MDT communicate to the DB using TLS 1.2 only?

    Tuesday, June 18, 2019 5:34 PM

All replies

  • This issue has been going on a while. I have been looking for an answer. 

    Regards James Loker-Steele

    • Proposed as answer by Aniket U Jain Wednesday, July 29, 2020 4:43 AM
    • Unproposed as answer by Aniket U Jain Wednesday, July 29, 2020 4:43 AM
    Tuesday, June 16, 2020 11:54 AM
  • The provider used to connect to SQL is Microsoft OLE DB Provider for SQL Server (ZTIDataAccess.vbs, line 416). It has been deprecated & will not be updated to support TLS 1.2.

    I haven't tested this but changing SQLOLEDB to MSOLEDBSQL in the line noted above may fix the problem. You will probably need to add MDAC/ADO support to your boot wim to install the new provider (Deployment Share Properties - Windows PE - Features).

    Wednesday, July 29, 2020 4:50 AM