-
Title
NM: Supported TLS version for Notes Migrator -
Description
NM: Supported TLS version for Notes Migrator -
Resolution
Issue
When installing on a server that has TLS1.1 and TLS1.2 enabled as default, the installation will continue until you are asked to enter the SQL server details. An error message will be returned:
Error 27502. Could no connect to Microsoft SQL server '(local)\SQLEXPRESS'.
[DBNETLIB][ConnectionOpen (SECDoClientHandshake()).]SSL Security error. (18)
Solution
Notes Migrator requires TLS1.0 to be enabled.
Verify the registry entry value for Server subkey.
Registry path: HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
To enable the TLS 1.0 protocol, create an Enabled entry in the Server. This entry does not exist in the registry by default. After you have created the entry, change the DWORD value to 1.
Example of registry entry for Server subkey with TLS 1.0 enabled:
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server
Per Microsoft:
Enabled TLS 1.0 set to the following four lines:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server] "Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server] "DisabledByDefault"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client] "Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client] "DisabledByDefault"=dword:00000000Should you need to Disable again in the future:
Disable TLS 1.0:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server] "Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server] "DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client] "Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client] "DisabledByDefault"=dword:00000001