Bobcares

How to fix SQL error 17835

by | Jul 15, 2020

SQL error 17835 triggers while users connect to the SQL server. This happens mainly due to issues with encryption.

As a part of our Server Management Services, we help our Customers to fix SQL related errors regularly.

Let us today discuss the possible causes and fixes for this error.


 

What causes the SQL error 17835?

A client computer trying to connect to the SQL server, may see an error message as shown below:

SQL error 17835

The possible reasons for this error include:

  1. Server hosting the SQL Server not configured to accept encrypted connections.
  2. Computer clients do not request encrypted connections
  3. Certificate not provisioned correctly.
  4. The client cannot verify the ownership of the server’s certificate.
  5. The ‘Enforce Encryption’ option enabled in SQL Server.

Let us now look at each of these reasons in detail and the steps to fix each of them
 

How to fix the SQL error 17835?

One of the prime reasons for the SQL error 17835 is that the SQL Server does not accept encrypted connections. To correct this, the SQL server needs to configure to accept encrypted connections. The steps for it include:

1. In SQL Server Configuration Manager, expand SQL Server Network Configuration, right-click Protocols for <server instance>, and then select Properties.
2. In the Protocols for<instance name> Properties dialog box, on the Certificate tab, select the desired certificate from the drop down for the Certificate box, and then click OK.
3. On the Flags tab, in the ForceEncryption box, select Yes, and then click OK to close the dialog box.
* If set to Yes, all client/server communication is encrypted and clients that cannot support encryption are denied access.
* If set to No, encryption can be requested by the client application but is not required.
4. Restart the SQL Server service.

 

Install a certificate on the server

As we saw earlier using an improperly provisioned certificate and not being able to verify the ownership of the certificate can also trigger this error.

Commonly, the certificates are stored locally for the users on the computer. To install a certificate for use by SQL Server, SQL Server Configuration Manager should be running under the same user account as the SQL Server service.

The steps to provision (install) a certificate on the server include

1. On the Start menu, click Run, and in the Open box, type MMC and click OK.
2. In the MMC console, on the File menu, click Add/Remove Snap-in.
3. In the Add/Remove Snap-in dialog box, click Add.
4. In the Add Standalone Snap-in dialog box, click Certificates, click Add.
5. In the Certificates snap-in dialog box, click Computer account, and then click Finish.
6. In the Add Standalone Snap-in dialog box, click Close.
7. In the Add/Remove Snap-in dialog box, click OK.
8. In the Certificates snap-in, expand Certificates, expand Personal, and then right-click Certificates, point to All Tasks, and then click Import.
9. Complete the Certificate Import Wizard, to add a certificate to the computer, and close the MMC console.

 

Configure the client to request encrypted connections

Another reason for the error 17835 is the client not configured to request encrypted connections. It can be set up using the steps below:

1. Copy either the original certificate or the exported certificate file to the client computer.
2. On the client computer, use the Certificates snap-in to install either the root certificate or the exported certificate file.
3. In the console pane, right-click SQL Server Native Client Configuration, and then click Properties.
4. On the Flags page, in the Force protocol encryption box, click Yes.

To encrypt a connection from SQL Server Management Studio, we could use the steps below:

1. On the Object Explorer toolbar, click Connect, and then click Database Engine.
2. In the Connect to Server dialog box, complete the connection information, and then click Options.
3. On the Connection Properties tab, click Encrypt connection.

 

Turn off forced encryption

An alternative to forcing the client to request for encrypted connections, this error can be fixed by disabling the forced encryption as well.

The traffic between the client and the SQL server is, by default, not encrypted. When the ‘Enforce Encryption’ option enabled in SQL Server, connections that are not encrypted will not be accepted by SQL Server.

The steps below will help to disable the forced encryption.

1. Open the SQL Server Configuration Manager
2. Click on SQL Server Network Configuration
3. Right-click on Protocols for <SQL server>, click on Properties
4. Change Force encryption value to No

[Need any further assistance in fixing SQL errors? – We’re available 24*7]

Conclusion

In short, the SQL error 17835 triggers while users connect to the SQL server. This happens mainly due to issues with encryption. Today, we saw how our Support Engineers fix this error.

 

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

2 Comments

  1. saradhi

    0

    I have two nodes Active / Passive in SQL Cluster. nodes are named A and B we are using a monitoring tool for SQL server. the monitoring tool is working when the SQL instance is on node A but not working when failed over to node B.

    The error message from Event viewer of not working node B is as below.

    Encryption is required to connect to this server but the client library does not support encryption; the connection has been closed.

    Reply
    • Maheen Aboobakkar

      1. In the start menu, [Microsoft SQL Server] – Select [SQL Server Configuration Manager] – [Configuration Tools].
      Select the [Properties] Right-click the protocol for the instance ISARS

      2) Expand the [SQL Server Network Configuration], [Flags] tab, check the configuration of the database engine [Force Encryption] option. If that is a “Yes”, it is configured to encrypt. Check if you can disable force encryption if it is set to True.

      3) restart the SQl instance and check the connectivity from the application.

      If the above steps mentioned above doesn’t help, please revert the changes.

      We’ll be happy to talk to you on chat (click on the icon at right-bottom).

      Reply

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

_reb2bgeo - The visitor's geographical location

_reb2bloaded - Whether or not the script loaded for the visitor

_reb2bref - The referring URL for the visit

_reb2bsessionID - The visitor's RB2B session ID

_reb2buid - The visitor's RB2B user ID

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid
_reb2bgeo, _reb2bloaded, _reb2bref, _reb2bsessionID, _reb2buid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF