Hello support,

I have a request from a customer, by whom IT has mandated all the server and client applications to enable the TLS1.2 protocol.

After enabling this, the customer has been having trouble with HDS, with the following error :

2022/06/21,15:21:31.148,XX,USER,HDS,E,0,0,CSchDatabase::Connect __ Call TreatComError  ID = 'DATABASE'
2022/06/21,15:21:31.148,XX,USER,HDS,E,0,0,TreatComError __ ComError Source : 'Microsoft OLE DB Provider for SQL Server' Description : '[DBNETLIB][ConnectionOpen (SECDoClientHandshake()).]SSL Security error.' (80004005=E_FAIL)
2022/06/21,15:21:31.148,XX,USER,HDS,E,0,0,TreatComError __ ProviderError '80004005' : Description : '[DBNETLIB][ConnectionOpen (SECDoClientHandshake()).]SSL Security error.' SQLState : '08001'  NativeError : 18

I successfully encountered the error on my side with Windows Server 2016 and SQL Server 2019. I enabled TLS1.2 and disabled all other protocols.

2022/06/21,18:03:32.639,WIN-FKLTTGBTTAJ,Administrator,HDS,E,0,0,CSchDatabase::Connect __ Call TreatComError  ID = 'Database01'
2022/06/21,18:03:32.655,WIN-FKLTTGBTTAJ,Administrator,HDS,E,0,0,TreatComError __ ComError Source : 'Microsoft OLE DB Provider for SQL Server' Description : '[DBNETLIB][ConnectionOpen (SECCreateCredentials()).]SSL Security error.' (80004005=E_FAIL)
2022/06/21,18:03:32.670,WIN-FKLTTGBTTAJ,Administrator,HDS,E,0,0,TreatComError __ ProviderError '80004005' : Description : '[DBNETLIB][ConnectionOpen (SECCreateCredentials()).]SSL Security error.' SQLState : '08001'  NativeError : 18

So I searched online for some solution and encountered that it could be as easy as updating the connection string on the application side with the updated driver that supports TLS1.2, as well as specifying Trusted_Connection=yes in the connection string.
Reference 1
Reference 2

//string connectionString = "Driver={SQL Server};Server=SPACESHIP;Database=pubs;"; string connectionString = "DRIVER={ODBC Driver 17 for SQL Server};Server=SPACESHIP;Database=pubs;Trusted_Connection=yes;";

Now the problem is when we create a new database connection in PcVue using Database Creation Wizard, or manually, both will fail to connect to the database. This is because, under the hood, they seem to be using Provider SQLOLEDB which seems to be deprecated, and not supporting TLS1.2. This can be seen from another server that does not have TLS1.2 enabled, in HDSConf.dat.
Reference 3
Reference 4

According to the above links in References 3 and 4, the problem could be solved by updating in the connection string to MSOLEDBSQL instead of SQLOLEDB. I tested from my side on the test platform, and the HDS recording was able to resume again after updating the provider name in the connection string and start again PcVue :
1. I am able to add a new table in the existing database, restart PcVue, and the table is created automatically.
2. Data is able to be recorded in the database as per usual.
3. If I try to create a new database, it will fail at authentication with an error, so I am not able to create a new database.


So I have a few follow-up questions :
1. Do we officially support HDS with TLS1.2 enabled SQL Server for the time being? If not, does anybody know if we have a plan for that and maybe the estimated timeframe?
2. Is changing the provider name as above the right solution/workaround that can be suggested to the customer who needs to use HDS with TLS1.2 enabled SQL Server? Has someone made any validation or performance test with this?
3. Is there maybe another solution/workaround for this kind of request, especially for creating a new database in a system that already has TLS1.2 enforced? Or shall I create an SPR Wish?

Thanks,
Kantha