Nov 14, 2014

TDSSNIClient initialization failed with error 0x80090331, status code 0x80. Reason: Unable to initialize SSL support.

The other day our business intelligence guru came to me because she couldn't login to our test Microsoft Dynamics GP 2013 environment for some reason. After some digging I found it was because the SQL Server 2014 service wasn't running. When trying to manually start the service I got the following error in the event logs:

TDSSNIClient initialization failed with error 0x80090331, status code 0x80. Reason: Unable to initialize SSL support. The client and server cannot communicate, because they do not possess a common algorithm.


This was caused because I was testing encryption changes on the server using IISCrypto a few days earlier. I wanted to configure the server to only support TLS 1.1 and TLS 1.2 using only AES Ciphers. IIS Crypto looked like this:


Well I guess Micorsoft SQL 2014 doesn't like that too much, so I had to change it back to enable TLS 1.0 as well as Triple DES and RC4, so IIS Crypto looked like this:


After I applied that change in IISCrypto and rebooted the SQL server everything started up again as it should.

Do you know how I can better lock down SSL when it comes to SQL? I want to turn off the weaker protocols and ciphers. If you know how to do it, or have a link on how to make it work let me know in the comments!



Twitter Delicious Facebook Digg Stumbleupon Favorites More

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | stopping spam