Connect to MS SQL Server 2014 database (OS Windows Server 2012 R2) from Azure App service

%3CLINGO-SUB%20id%3D%22lingo-sub-2711289%22%20slang%3D%22en-US%22%3EConnect%20to%20MS%20SQL%20Server%202014%20database%20(OS%20Windows%20Server%202012%20R2)%20from%20Azure%20App%20service%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2711289%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20Everyone%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20a%20task%20to%20connect%20the%20Azure%20App%20service%20to%20an%20MS%20SQL%20Server%20database%20working%20inside%20an%20Azure%20VM.%20The%20VM%20with%20MS%20SQL%20Server%20and%20the%20Azure%20App%20are%20connected%20to%20the%20same%20local%20network%20and%20have%20access%20to%20each%20other.%20The%20VM%20has%20Windows%20Server%202012%20R2%20and%20MS%20SQL%20Server%202014.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20created%20a%20self-signed%20certificate%20and%20configured%20MS%20SQL%20server%20to%20use%20SSL.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20added%20a%20connection%20string%20to%20the%20DB%20to%20the%20Azure%20App%20configuration.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOn%20the%20app%20side%2C%20I%20receive%20an%20error%20when%20I%20connect%20to%20the%20DB%20from%20the%20app%3A%3C%2FP%3E%3CP%3EMicrosoft.Data.SqlClient.SqlException%20(provider%3A%20SSL%20Provider%2C%20error%3A%2031%20-%20Encryption(ssl%2Ftls)%20handshake%20failed)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOn%20the%20server%20side%2C%20I%20also%20see%20the%20error%3A%3CBR%20%2F%3EA%20TLS%201.2%20connection%20request%20was%20received%20from%20a%20remote%20client%20application%2C%20but%20none%20of%20the%20cipher%20suites%20supported%20by%20the%20client%20application%20are%20supported%20by%20the%20server.%20The%20SSL%20connection%20request%20has%20failed%20(event%20id%2036874).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETo%20collect%20more%20information%2C%20I%20captured%20traffic%20between%20the%20DB%20server%20and%20the%20app%20using%20Wireshark.%20But%20I%20did%20not%20find%20the%20TLS%20version%20and%20cipher%20suites%20negotiation%20in%20the%20results.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFor%20the%20test%2C%20I%20created%20a%20new%20VM%20(Windows%20Server%202019%2C%20MS%20SQL%20Server%202019)%20and%2C%20in%20his%20case%2C%20I%20successfully%20connect%20to%20the%20DB%20from%20the%20Azure%20App%20service.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20need%20help%20to%20find%20a%20way%20to%20configure%20my%20server%20(Windows%20Server%202012%20R2%2C%20MS%20SQL%20Server%202014)%20to%20work%20with%20an%20Azure%20App%3F%20Or%20understand%20what%20SSL%20connection%20parameters%20the%20Azure%20App%20wants%20to%20use.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2726694%22%20slang%3D%22en-US%22%3ERe%3A%20Connect%20to%20MS%20SQL%20Server%202014%20database%20(OS%20Windows%20Server%202012%20R2)%20from%20Azure%20App%20service%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2726694%22%20slang%3D%22en-US%22%3EYour%20connection%20problem%20is%20related%20to%20the%20TLS%20version%20requested%20by%20your%20application%20and%20the%20TLS%20version%20used%20by%20the%20server.%3CBR%20%2F%3E%3CBR%20%2F%3EOn%20this%20link%20you%20find%20some%20details%20about%20TLS%20version%20support%20on%20SQL%202014%2C%20you%20need%20to%20ensure%20you%20have%20the%20correct%20service%20packs%2FCU's%20to%20support%20TLS%201.2%2C%20if%20that's%20what%20you%20would%20like%3A%20%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Ftopic%2Fkb3135244-tls-1-2-support-for-microsoft-sql-server-e4472ef8-90a9-13c1-e4d8-44aad198cdbe%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Ftopic%2Fkb3135244-tls-1-2-support-for-microsoft-sql-server-e4472ef8-90a9-13c1-e4d8-44aad198cdbe%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EOn%20this%20other%20link%20you%20find%20details%20about%20how%20to%20configure%20TLS%20in%20the%20server%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fsql%2Fdatabase-engine%2Fconfigure-windows%2Fenable-encrypted-connections-to-the-database-engine%3Fview%3Dsql-server-ver15%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fsql%2Fdatabase-engine%2Fconfigure-windows%2Fenable-encrypted-connections-to-the-database-engine%3Fview%3Dsql-server-ver15%3C%2FA%3E%3C%2FLINGO-BODY%3E
Frequent Visitor

Hello Everyone,

 

I have a task to connect the Azure App service to an MS SQL Server database working inside an Azure VM. The VM with MS SQL Server and the Azure App are connected to the same local network and have access to each other. The VM has Windows Server 2012 R2 and MS SQL Server 2014.

 

I created a self-signed certificate and configured MS SQL server to use SSL.

 

I added a connection string to the DB to the Azure App configuration.

 

On the app side, I receive an error when I connect to the DB from the app:

Microsoft.Data.SqlClient.SqlException (provider: SSL Provider, error: 31 - Encryption(ssl/tls) handshake failed)

 

On the server side, I also see the error:
A TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed (event id 36874).

 

To collect more information, I captured traffic between the DB server and the app using Wireshark. But I did not find the TLS version and cipher suites negotiation in the results.

 

For the test, I created a new VM (Windows Server 2019, MS SQL Server 2019) and, in his case, I successfully connect to the DB from the Azure App service.

 

I need help to find a way to configure my server (Windows Server 2012 R2, MS SQL Server 2014) to work with an Azure App? Or understand what SSL connection parameters the Azure App wants to use.

1 Reply
Your connection problem is related to the TLS version requested by your application and the TLS version used by the server.

On this link you find some details about TLS version support on SQL 2014, you need to ensure you have the correct service packs/CU's to support TLS 1.2, if that's what you would like: https://support.microsoft.com/en-us/topic/kb3135244-tls-1-2-support-for-microsoft-sql-server-e4472ef...

On this other link you find details about how to configure TLS in the server: https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/enable-encrypted-connections-...