0

After diabling lower security protocol versions SSL3.0, TLS1.0, TLS1.1 and enabling TLS 1.2, I am not able to connect to BizTalk group or use BizTalk server. The BizTalk server version I am using is 2013R2. Following is the error:

An attempt to connect to "BizTalkMgmtDb" SQL Server database on server "XXXXXX" failed.

Internal Error from OLEDB provider: "[DBNETLIB][ConnectionOpen (SECCreateCredentials()).]SSL Security error."

Also when I enable TLS 1.2 without disabling the lower versions I don't see any problems and everything seems working fine

Please suggest what can be done to make the server compatible while disabling lower versions

Dijkgraaf
  • 11,049
  • 17
  • 42
  • 54
Ravali
  • 1
  • 1
  • Hi Ravali. Did my answer below resolve your issue? – Dijkgraaf Jul 13 '20 at 00:09
  • Hi.We are in process to make all the external systems that are communicating with BizTalk agree upon to enable TLS 1.2 post which the CU8 is planned.Manwhile can you please let me know what can be the other impacts or changes required post CU8 installation: – Ravali Jul 20 '20 at 06:57
  • 1.We are using MQSeries adapter in one of the aplications to receive messages, so is it thst the MQSAgent.dll must be updated on the IBM WebSphere MQ server to the same cumulative update level that’s on BizTalk Server(found on some soures) 2.I am also encountering the error:[DBNETLIB][ConnectionOpen (SECDoClientHandshake()).]SSL Security error. on the send port using SQL adapter .What fix does this need 3.Does this CU8 update only includes updating .dll files or it also contains SQL(.sql) script? – Ravali Jul 20 '20 at 07:13
  • See https://support.microsoft.com/en-nz/help/4052527 1. Yes, I believe so. 2. You need to make sure that the SQL server has SQL Server 2012 Native Client version 11 or above and also supports TLS 1.2 3. CU8 contains multiple .sql scripts. BizTalkMsgBoxDbSps.sql, BTS_Deployment_Logic.sql, BTS_Tracking_Editor.sql, BTS_Tracking_Logic.sql, LogShipping_Destination_Logic.sql, msgboxlogic.sql Not sure if they are the same or different from previous CUs – Dijkgraaf Jul 20 '20 at 20:57
  • I've added some more details to my answer. Are you still having issues? – Dijkgraaf Jul 23 '20 at 21:22

2 Answers2

1

You need to install CU 8 and and also the prerequisite SQL Server 2012 Native Client version 11 as per Support for TLS 1.2 protocol in BizTalk Server

See also BizTalk: Configure TLS 1.2 on BizTalk Server

For BizTalk 2013 R2 we also installed .Net 4.6 and updated the BAM connection strings to use the SQL Server Native Client 11.

You will also have to ensure that any other endpoints that BizTalk communicates with or that communicates with BizTalk is capable of TLS 1.2, for anything using either HTTPS, FTPS or SQL.

So any SQL server you connect to also need to have SQL Server 2012 Native Client version 11 or above, and .NET 4.5 or greater.

Dijkgraaf
  • 11,049
  • 17
  • 42
  • 54
  • Thanks @Dijkgraaf for all the info.We tried to install the CU8 but ran into an error regarding adapter pack.It was asking to insert the Microsoft BizTalk Adapter pack disk and click OK", for the Adapter Pack x86 and x64?It was basically asking for file of type AdaptersSetup.msi .Can you please suggest how to go forward – Ravali Aug 18 '20 at 16:47
  • @Ravali You should have the adapter pack .msi somewhere as it was obviously installed. If not, someone who has a Enterprise MSDN licence in your company needs to download it. – Dijkgraaf Aug 18 '20 at 20:47
0

Are you added this key on regedit? Going to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319 then Add--> New DWORD --> SchUseStrongCrypto with value 1

Needing to do same operation on HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft.NETFramework\v4.0.30319

Emilio Marino
  • 26
  • 7