TLS 1.2 support for SQL
After disabling TLS 1.0 on SQL Server, your SQL backups fail. The error messages states the SQL databases are offline.
----- Error Messages -----
Unable to perform a SQL database backup of database 'master', instance 'MyDatabase1': It appears that the database you are attempting to back up no longer exists or is offline. Please check backup schedule and remove it from the schedule, or restore the database to your SQL environment.
Error in getting volumes for Vss snapshot or application validation. Failing application backup.
Check the System and Application event log on the client server for more information.
The Unitrends agent aborted Microsoft SQL Server backup, because agent failed to complete a volume shadow copy operation (create a snapshot). Please review Windows System and Application Event Logs for more information.
----- End Error Messages -----
TLS 1.2 support for SQL was prior released in a hotfix agent version (10.2.0-3). Full TLS 1.2 support is included in agent versions 10.2.1 or later and no longer require a patch.
Update your appliance to release 10.2.1 or later and then update your agents on the windows servers. After updating the agent, additional manual configurations are required:
- Install Unitrends Agent.msi 10.2.1 or newer.
- Unitrends Client Agent uses ODBC client software to access all supported versions of MS SQL Server. On Windows, ODBC software is provided as part of the operating system setup. In order to support TLS 1.2 with Unitrends agent installation customer must use minimum SQL Server Native Client 11.0 client software to access all supported versions of MS SQL Server along with ODBC. Find out the SQL Server Native Client version string installed on the client by using ODBC Data Source Administrator (see figure 1).
- Open C:\PCBP\master.ini as seen in Fig 1 (Master.ini must be opened using notepad or equivalent app using ADMINISTRATOR permissions to edit) and add following parameters in the referenced section:
ODBCDriver=SQL Server Native Client 11.0
An inventory sync may be needed to see proper database detection however this will happen automatically on the next scheduled backup of that server.
TLS version 1.2 is supported for MS SQL Server versions 2016, 2014, 2012, 2008, and 2008 R2 as deployed on Windows Server 2008R2 and higher.
To use TLS v1.2 for secure connections between MS SQL Server and clients, Microsoft provides updates that must be installed on SQL server clients. Minimum requirements and required updates for installation are provided by Microsoft here
TLS v1.2 is not enabled by default in Windows versions prior to Windows 8.1 and Windows Server 2012.
Consult the table in the More Information section here
To determine if TLS v1.2 is enabled by default in your system or enable it:
Follow the instructions here to enable TLS v1.2 using registry entries
Some versions of SQL may require you to enable sysadmin and dbcreator roles for the NT Authority\SYSTEM account in SQL Management Studio to allow backups to work following this change.