If you are using an AdminStudio version before 2018R3, you may receive an error message stating that there is an SSL security error while connecting to the SQL database after enabling TLS 1.2 and disabling TLS 1.0 and TLS 1.1 on the server.

AdminStudio began supporting TLS 1.2 in versions 2018 R3 and above. If you’re using the AdminStudio version before 2018R3, you will not be able to connect to the SQL server where TLS 1.2 is enabled. However, if TLS 1.0 and TLS 1.1 are enabled, it will connect successfully to the SQL server. Follow the steps below to enable TLS 1.0 and 1.1.

Solution

• Navigate to the following paths in the SQL server and modify the values accordingly:
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0

  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1

• Or set the TLS 1.0 and 1.1 client and server using the following PowerShell script.

$protocols = @{

    'SSL 2.0'= @{

        'Server-Enabled' = $false

        'Client-Enabled' = $false

    }

    'SSL 3.0'= @{

        'Server-Enabled' = $false

        'Client-Enabled' = $false

    }

    'TLS 1.0'= @{

        'Server-Enabled' = $true

        'Client-Enabled' = $true

    }

    'TLS 1.1'= @{

        'Server-Enabled' = $true

        'Client-Enabled' = $true

    }

    'TLS 1.2'= @{

        'Server-Enabled' = $false

        'Client-Enabled' = $false

    }

}





$protocols.Keys | ForEach-Object {



    Write-Output "Configuring '$_'"



    # create registry entries if they don't exist

    $rootPath = "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\$_"

    if(-not (Test-Path $rootPath)) {

        New-Item $rootPath

    }



    $serverPath = "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\$_\Server"

    if(-not (Test-Path $serverPath)) {

        New-Item $serverPath



        New-ItemProperty -Path $serverPath -Name 'Enabled' -Value '1' -PropertyType 'DWord'

        New-ItemProperty -Path $serverPath -Name 'DisabledByDefault' -Value '0' -PropertyType 'DWord'

    }



    $clientPath = "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\$_\Client"

    if(-not (Test-Path $clientPath)) {

        New-Item $clientPath



        New-ItemProperty -Path $clientPath -Name 'Enabled' -Value '1' -PropertyType 'DWord'

        New-ItemProperty -Path $clientPath -Name 'DisabledByDefault' -Value '0' -PropertyType 'DWord'

    }



    # set server settings

    if($protocols[$_]['Server-Enabled']) {

        Set-ItemProperty -Path $serverPath -Name 'Enabled' -Value '1'

        Set-ItemProperty -Path $serverPath -Name 'DisabledByDefault' -Value '0'

    } else {

        Set-ItemProperty -Path $serverPath -Name 'Enabled' -Value '0'

        Set-ItemProperty -Path $serverPath -Name 'DisabledByDefault' -Value '1'

    }



    # set client settings

    if($protocols[$_]['Client-Enabled']) {

        Set-ItemProperty -Path $clientPath -Name 'Enabled' -Value '1'

        Set-ItemProperty -Path $clientPath -Name 'DisabledByDefault' -Value '0'

    } else {

        Set-ItemProperty -Path $clientPath -Name 'Enabled' -Value '0'

        Set-ItemProperty -Path $clientPath -Name 'DisabledByDefault' -Value '1'

    }

}