SAP Knowledge Base Article - Public

2269180 - Disabling TLS 1.0 may cause Crystal Reports Designer and .NET application to fail to connect to your MS SQL Server Database 2012/2014

Symptom

  • We are using Crystal Reports Designer and Crystal Reports for .NET RAS service in a C# application.
  • Is Crystal Reports Designer and Crystal Reports for Visual Studio compatible with TLS 1.x+ ?
  • Note: Due to recent Security and Compliance updates TLS 1.0 may be required to be disabled.

Environment

  • SAP Crystal Reports 2013
  • SAP Crystal Reports 2016
  • Crystal Reports for Visual Studio
  • MS SQL Server 2012
  • MS SQL Server 2014
  • MS SQL Server 2016

Cause

Please NOTE: Be aware that database connectiivity is all handled by the DB Client, as long as the client is configured properly, Crystal Reports application does not care what security protocol is configured

Resolution

Microsoft noted in this KBA there may be an issue when disabling TLS 1.0

https://msdn.microsoft.com/en-us/library/ff487261.aspx

Mentioned: SQL Server and Microsoft data providers for SQL Server support TLS 1.0 and SSL 3.0. If you enforce a different protocol (such as TLS 1.1 or TLS 1.2) by making changes in the operating system channel layer, your connections to SQL Server might fail.

MS also release a few patches to resolve this issue:

https://support.microsoft.com/en-us/kb/3052404

CR Designer and our CR for VS .NET SDK's do not use TLS to talk to the DB Server, they use the CORBA and TCP/IP protocals.

Microsoft has now un-deprecated their OLE DB providers and have plans to release an update the first quarter of 2018 to be TLS 1.2 Compliant and fully support TLS 1.2

To enable/disable TLS 1.x for the OS using registry keys see this MS KB article:

https://technet.microsoft.com/en-us/library/dn786418(v=ws.11).aspx#BKMK_SchannelTR_TLS12

Bottom line is as long as your Client is configured to use TLS 1.2 then CR and CR for VS applications will be able to connect using the typical connection properties within Crystal Reports Designer and your application.

A quick test is to use ODBC, Create a new System DSN and once the info is filled in Test the connection, if you get that far it should work. Possibly though it will fail when first attempting to get a list of Database to use.

See Also

Microsoft Knowledge base article on support for All versions of MS SQL Servers and disabling TLS 1.x:

https://support.microsoft.com/en-ca/help/3135244/tls-1-2-support-for-microsoft-sql-server

Keywords

TLS 1.0, Crystal Reports Designer, .NET, CRforVS, MS SQL Server Database , KBA , BI-DEV-NET , BI Software Development Kits (SDKs) - .NET or Other , BI-RA-CR , Crystal Reports designer or Business View Manager , Problem

Product

SAP Crystal Reports 2011 ; SAP Crystal Reports 2013 ; SAP Crystal Reports 2016 ; SAP Crystal Reports, developer version for Microsoft Visual Studio