Skip to content

Latest commit

 

History

History
54 lines (35 loc) · 2.88 KB

intermittent-connection-errors-when-a-new-node-is-added.md

File metadata and controls

54 lines (35 loc) · 2.88 KB
Raw
title description ms.date author ms.author ms.reviewer ms.custom
Connection error when adding node to Always On environment
This article helps you resolve the problem of intermittent connection errors in SQL Server when a new node is added to the Always On environment.
04/30/2024
prmadhes-msft
prmadhes
jopilov, haiyingyu, mastewa, v-jayaramanp
sap:Connection issues

Intermittent connection errors occur when adding a node to the Always On environment in SQL Server

You experience intermittent connection errors when you add a new node to the existing Always On environment.

Symptoms

When you try to connect to a server that's running Microsoft SQL Server, the following error message appears intermittently:

The connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - An existing connection was forcibly closed by the remote host.)

Cause

This error might occur if a there's a mismatch in security protocols between the database and the application servers.

Resolution

To fix this error, resolve the mismatch between the security protocols. Node1 encrypts information by using AES128/256. Node2 encrypts information by using RC4. To troubleshoot this error, follow these steps:

  1. Download IIS Crypto.

  2. Install the GUI version of the IIS Crypto tool on the server.

  3. Configure Cipher Suites.

  4. Open the IIS Crypto tool on the server.

  5. In the IIS Crypto interface, select Cipher Suites in the left panel.

  6. In the list, clear all checkboxes for ciphers that start with "TLS_DHE*".

    [!NOTE] The list might not be in any particular order.

  7. After you clear the relevant cipher selections, select Apply to save the changes.

    :::image type="content" source="media/intermittent-connection-errors-when-a-new-node-is-added/intermittent-connection-add-new-nodes.png" alt-text="Screenshot that shows clearing all ciphers that aren't required." lightbox="media/intermittent-connection-errors-when-a-new-node-is-added/intermittent-errors-when-adding-a-node-big.png":::

  8. Restart the server.

    After the changes have been applied, restart the server to make sure that the new cipher suite configuration takes effect.

Note

This troubleshooting process forces the client to communicate by using a different cipher suite that has an improved security implementation.

Always make sure that you have the appropriate backups available. Also, consider testing any changes in a controlled, staged, or test environment before you apply them to the production computers. If the issue persists or if you have any other concerns, contact your network team.

[!INCLUDE third-party-disclaimer]

[!INCLUDE Third-party disclaimer]