Skip to content

Connection when both "Force Enryption" and "Extended Protection" are active #963

Open
@michaelenglert

Description

@michaelenglert

Question

I'm trying to connect to a SQL Server (2012) using Windows Authentication where both Force Enryption is set to true and Extended Protection is set to required.

What I'm getting on the Client side is:

Login failed. The login is from an untrusted domain and cannot
be used with Windows authentication.
ClientConnectionId:<redacted>

Server side:

SSPI handshake failed with error code 0x80090346, state 46 while 
establishing a connection with integrated security; the connection 
has been closed. Reason: The Channel Bindings from this client are
missing or do not match the established Transport Layer Security (TLS) 
Channel. The service might be under attack, or the data provider
or client operating system might need to be upgraded to support
Extended Protection. Closing the connection. Client's supplied SSPI
channel bindings were incorrect
[CLIENT: <redacted>]

I've tried many different configuration options (client side) including:

  • sslProtocol all options
  • trustStore alongside trustStorePassword with a self signed cert
  • trustServerCertificate
  • serverSpn alongside corresponding server setting
  • encrypt

All results in the same error combination. OS instances are identical on Windows Sever 2012 R2 latest SP.

Any hints would be highly appreciated.

Thanks
Michael

Metadata

Metadata

Assignees

Labels

EnhancementAn enhancement to the driver. Lower priority than bugs.ExternalIssue is due to an external source we do not control.

Type

No type

Projects

Status

Backlog

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions