如何解决 Microsoft SQL Server.错误 233.提供程序:SSL 提供程序 [英] How to solve Microsoft SQL Server. Error 233. Provider: SSL Provider
问题描述
在全球 RansomeWare 攻击之后,我们更新了 Windows Server 2012 R2 却发现我们的 SQL Server Management Studio (SSMS) 停止工作.每当我们尝试在本地或远程连接到 SSMS 时,它都会为我们提供以下错误:
After the global RansomeWare attack, we updated our Windows Server 2012 R2 only to find out that our SQL Server Management Studio (SSMS) stopped working. Whenever we try to connect to SSMS locally or remotely it provides us the following Error:
已成功与服务器建立连接,但随后登录过程中发生错误.(提供商:SSL 提供商,错误:0 - 管道的另一端没有进程.)(Microsoft SQL服务器,错误:233)
A connection was successfully established with the server, but then an error occured during the login process. (Provider: SSL Provider, error: 0 - No process is on the other end of the pipe.) (Microsoft SQL Server, Error: 233)
我尝试使用Windows 身份验证"登录,但错误相同.我也尝试过类似 SQL 错误 233 问题的解决方案,但没有结果.我在 Stack Overflow 上遇到的所有 SQL 错误 233 问题都与共享内存提供程序有关,但与 SSL 提供程序无关.
I tried logging in with "Windows Authentication" and the error was same. I also tried solutions for similar SQL Error 233 issues but with no result. All the SQL Error 233 issues I came across on Stack Overflow are related to Shared Memory provider but not SSL Provider.
最后我看到了这个帖子:https://www.sqlservercentral.com/Forums/Topic1810025-3411-1.aspx 并尝试了以下解决方案:
Finally I came across this post: https://www.sqlservercentral.com/Forums/Topic1810025-3411-1.aspx and tried the following solutions:
- 启用密码 RC4 128/128、RC4 50/128、RC4 56/128
- 启用 TLS 1.0 服务器协议
- 禁用 SSL 2.0(注册表没有 SSL 3.0)[也尝试过
启用 SSL 2.0 但效果不佳] - 还启用了 TLS 1.0、1.1、1.2 协议.
但它们都不起作用,我们仍然无法登录 SQL Server Management Studio.任何帮助或建议都非常感谢.提前致谢.
But none of them worked and we still couldn't log in to SQL Server Management Studio. Any help or suggestion is highly appreciated. Thank you in advance.
推荐答案
经过多次修补,我发现 Windows 更新修改了错误的 TLS 和 SSL 设置.我必须专门对注册表中的密码套装和协议进行更改才能使其工作,现在我们可以成功登录到 SSMS(本地和远程登录).所以我对注册表的具体修改如下:
After much tinkering I found out that the Windows update have modified the TLS and SSL settings wrong. I had to specifically make changes to the Cipher Suits and Protocols in the registry in order to make it work and now we can log in to SSMS successfully (both locally and remote log in). So the specific changes I have made to registry is as follows:
Schannel 的变化::(包括客户端协议)
Changes in Schannel:: (Inlcuding Client Side Protocols)
启用的协议:多协议统一 Hello、PCT 1.0、TLS 1.0
Protocols Enabled: Multi-Protocol Unified Hello, PCT 1.0, TLS 1.0
禁用协议:SSL 2.0、SSL 3.0、TLS 1.1、TLS 1.2
Protocols Disabled: SSL 2.0, SSL 3.0, TLS 1.1, TLS 1.2
启用密码:NULL、DES 56/56、RC2 40/128、RC2 56/128、RC2 128/128、RC4 40/128、RC4 56/128、RC4 64/128、RC4 128/128、三重DES 168、AES128/128,AES 256/256
Ciphers Enabled: NULL, DES 56/56, RC2 40/128, RC2 56/128, RC2 128/128, RC4 40/128, RC4 56/128, RC4 64/128, RC4 128/128, Triple DES 168, AES 128/128, AES 256/256
启用哈希:MD5、SHA、SHA 256、SHA 384、SHA 512
Hashes Enabled: MD5, SHA, SHA 256, SHA 384, SHA 512
启用密钥交换:Diffie-Hellman、PKCS、ECDH
Key Exchanges Enabled: Diffie-Hellman, PKCS, ECDH
密码套件更改::
禁用:SSL_CK_RC4_128_WITH_MD5,SSL_CK_DES_192_EDE3_CBC_WITH_MD5
Disabled: SSL_CK_RC4_128_WITH_MD5, SSL_CK_DES_192_EDE3_CBC_WITH_MD5
启用:与 TLS 相关的所有其他内容
Enabled: Everything else realted to TLS
为了轻松实现这一点(更改安全性和修改注册表),我还使用了此工具 (IISCrypto):https://www.nartac.com/Products/IISCrypto
To achieve this easily (changes to security and modification of registry) I also used this tool (IISCrypto): https://www.nartac.com/Products/IISCrypto
一定要确保这里提到的每个密码或协议都专门启用或禁用,否则问题将无法解决.
Do make sure that each cipher or protocols mentioned here are specifically enabled or disabled, or else the issue won't be resolved.
希望这会有所帮助!
这篇关于如何解决 Microsoft SQL Server.错误 233.提供程序:SSL 提供程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
