RE: [DBNETLIB][ConnectionOpen (SECDoClientHandshake()).]SSL Security error during CRM 2016 install
Hey Chris,
Thanks for reaching back.
There is another possibility that you have SchUseStrongCrypto enbled for .NET versions which forces apps to use strong cryptography.
HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node\]Microsoft\.NETFramework\<VERSION>: SchUseStrongCrypto
HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node\]Microsoft\.NETFramework\<VERSION>: SystemDefaultTlsVersions
docs.microsoft.com/.../tls
Also, what if the client (CRM server is client in this case) is trying to do the communication with the server (SQL) on some other secure channel protocols and the server (SQL server) doesn't have those cipher suites enabled and the SSL/TLS handshake fails.
The only way to identify if that's the case would be through running a packet sniffer like WireShark or NetMon. Or, the simplest way to avoid that would be to enable the older secure channel protocols like SSL 3.0, SSL 2.0 on each of these participating servers.
This third party tool can be used to check such configurations in one shot.
www.nartac.com/.../
I would also request you to check if the SQL server version being used over here can support these old protocols (They should, generally we see the otherwise scenario where newer protocols require some service packs).
If the above actions doesn't help, you may raise a support request with Microsoft so that this can be looked into from both SQL and CRM standpoint.
Thanks,
Saurabh
