SQL error 17835 triggers while users connect to the SQL server. This happens mainly due to issues with encryption.
As a part of our Server Management Services, we help our Customers to fix SQL related errors regularly.
Let us today discuss the possible causes and fixes for this error.
What causes the SQL error 17835?
A client computer trying to connect to the SQL server, may see an error message as shown below:
The possible reasons for this error include:
- Server hosting the SQL Server not configured to accept encrypted connections.
- Computer clients do not request encrypted connections
- Certificate not provisioned correctly.
- The client cannot verify the ownership of the server’s certificate.
- The ‘Enforce Encryption’ option enabled in SQL Server.
Let us now look at each of these reasons in detail and the steps to fix each of them
How to fix the SQL error 17835?
One of the prime reasons for the SQL error 17835 is that the SQL Server does not accept encrypted connections. To correct this, the SQL server needs to configure to accept encrypted connections. The steps for it include:
1. In SQL Server Configuration Manager, expand SQL Server Network Configuration, right-click Protocols for <server instance>, and then select Properties.
2. In the Protocols for<instance name> Properties dialog box, on the Certificate tab, select the desired certificate from the drop down for the Certificate box, and then click OK.
3. On the Flags tab, in the ForceEncryption box, select Yes, and then click OK to close the dialog box.
* If set to Yes, all client/server communication is encrypted and clients that cannot support encryption are denied access.
* If set to No, encryption can be requested by the client application but is not required.
4. Restart the SQL Server service.
Install a certificate on the server
As we saw earlier using an improperly provisioned certificate and not being able to verify the ownership of the certificate can also trigger this error.
Commonly, the certificates are stored locally for the users on the computer. To install a certificate for use by SQL Server, SQL Server Configuration Manager should be running under the same user account as the SQL Server service.
The steps to provision (install) a certificate on the server include
1. On the Start menu, click Run, and in the Open box, type MMC and click OK.
2. In the MMC console, on the File menu, click Add/Remove Snap-in.
3. In the Add/Remove Snap-in dialog box, click Add.
4. In the Add Standalone Snap-in dialog box, click Certificates, click Add.
5. In the Certificates snap-in dialog box, click Computer account, and then click Finish.
6. In the Add Standalone Snap-in dialog box, click Close.
7. In the Add/Remove Snap-in dialog box, click OK.
8. In the Certificates snap-in, expand Certificates, expand Personal, and then right-click Certificates, point to All Tasks, and then click Import.
9. Complete the Certificate Import Wizard, to add a certificate to the computer, and close the MMC console.
Configure the client to request encrypted connections
Another reason for the error 17835 is the client not configured to request encrypted connections. It can be set up using the steps below:
1. Copy either the original certificate or the exported certificate file to the client computer.
2. On the client computer, use the Certificates snap-in to install either the root certificate or the exported certificate file.
3. In the console pane, right-click SQL Server Native Client Configuration, and then click Properties.
4. On the Flags page, in the Force protocol encryption box, click Yes.
To encrypt a connection from SQL Server Management Studio, we could use the steps below:
1. On the Object Explorer toolbar, click Connect, and then click Database Engine.
2. In the Connect to Server dialog box, complete the connection information, and then click Options.
3. On the Connection Properties tab, click Encrypt connection.
Turn off forced encryption
An alternative to forcing the client to request for encrypted connections, this error can be fixed by disabling the forced encryption as well.
The traffic between the client and the SQL server is, by default, not encrypted. When the ‘Enforce Encryption’ option enabled in SQL Server, connections that are not encrypted will not be accepted by SQL Server.
The steps below will help to disable the forced encryption.
1. Open the SQL Server Configuration Manager
2. Click on SQL Server Network Configuration
3. Right-click on Protocols for <SQL server>, click on Properties
4. Change Force encryption value to No
[Need any further assistance in fixing SQL errors? – We’re available 24*7]
Conclusion
In short, the SQL error 17835 triggers while users connect to the SQL server. This happens mainly due to issues with encryption. Today, we saw how our Support Engineers fix this error.
0
I have two nodes Active / Passive in SQL Cluster. nodes are named A and B we are using a monitoring tool for SQL server. the monitoring tool is working when the SQL instance is on node A but not working when failed over to node B.
The error message from Event viewer of not working node B is as below.
Encryption is required to connect to this server but the client library does not support encryption; the connection has been closed.
1. In the start menu, [Microsoft SQL Server] – Select [SQL Server Configuration Manager] – [Configuration Tools].
Select the [Properties] Right-click the protocol for the instance ISARS
2) Expand the [SQL Server Network Configuration], [Flags] tab, check the configuration of the database engine [Force Encryption] option. If that is a “Yes”, it is configured to encrypt. Check if you can disable force encryption if it is set to True.
3) restart the SQl instance and check the connectivity from the application.
If the above steps mentioned above doesn’t help, please revert the changes.
We’ll be happy to talk to you on chat (click on the icon at right-bottom).