We help IT Professionals succeed at work.

Windows 2008 r 2 sql server refuse tls 1.0 connexion

hello,

i have sql 2008 server on windows 2008 R2;

HAVE a windows 2003 server with an application connect to a database on the sql server.

after a maintenance on our datacenter and shut down all server, the application on windows 2003 server cannot conenct anymore on sql server.

on windows 2008 R2 server, i have this error:

system log
event id 36874
source Schannel
An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

i understand that my windows server refuse tls1.0 conenxion?? so i have look on registry and see only SSL 2.0 entry on :

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols

so i have add tls 1.0 key, client and server and add this dword:
"DisabledByDefault"=dword:00000001

reboot the server and still connexion refused:

thanks for help
Comment
Watch Question

Database Analyst
BRONZE EXPERT
Commented:
I believe this is because "The minimum operating system that will support TLS 1.2 is Windows Server 2008 R2.
Windows Server 2003 and 2008 are no longer supported by Microsoft.  The TLS 1.2 protocol is not available, so if you are still running on a Windows 2003 server, you need to upgrade to a newer server soon.  If you are using Server 2008, then you can upgrade to R2.
For more information, please see: Support for SSL/TLS protocols on Windows "

as stated here: http://help.ablecommerce.com/FAQs/AbleCommerceGold/Enabling_Support_for_TLS_1.2.htm

Author

Commented:
the problem is that the windows 2003 server can connect to windows 2008 R2 server with sql 2008 for many years, and suddently after reboot all it stop working. so i am sure we can deal with cipher or tls regkey on windows 2008 R2 server to accept tl1.0
lcohanDatabase Analyst
BRONZE EXPERT

Commented:
Sorry it wasn't clear enough that that's the point I was trying to make - I think that can no longer be done and you will have to try implement/use the TLS 1.2 as noted at link I posted above.