SAP Knowledge Base Article - Public

2269180 - Disabling TLS 1.0 and 1.1 causes Crystal Reports and .NET application to fail to connect to MS SQL Server

Symptom

  • Error when refreshing reports connecting to SQL Server after disabling TLS 1.0 and 1.1
  • Is Crystal Reports and Crystal Reports for Visual Studio compatible with TLS 1.x ?
  • After disabling the TLS 1.0 and 1.1, Crystal Reports and application using the SDK, fails to connect to MS SQL Server with error like:

         "Logon failed.
          Details: ADO error Code: 0x80004005
          Source: Microsoft OLE DB Provider for SQL Server
          Description: [DBNETLIB][ConnectionOpen
          (SECDoClientHandshake().] SSL Security error. SQL State: 08001
          Native Error: 18 [Database Vendor Code:18]"

Environment

  • SAP Crystal Reports 2013
  • SAP Crystal Reports 2016
  • SAP Crystal Reports 2020
      
  • Crystal Reports for Visual Studio
      
  • MS SQL Server 2012
  • MS SQL Server 2014
  • MS SQL Server 2016
  • MS SQL Server 2017
  • MS SQL Server 2019

Cause

  • The Microsoft SQL Server is not configured to use TLS 1.2; or
  • The version of the OLE DB Provider, or ODBC driver used to connect to MS SQL Server does not support TLS 1.2

    For example:

    If you are using the Microsoft OLE DB Provider for SQL Server, or the SQL Server ODBC driver, it will fail because those version does not support TLS 1.2 
       
  • It is not a Crystal Reports issue, but an issue with the OLEDB Provider, or ODBC driver version used that does not support TLS 1.2

Resolution

  • Use a Microsoft ODBC driver, or OELDB Provider to MS SQL Server that support TLS 1.2:
      
    1. On the Microsoft website search for the latest ODBC driver, or OLEDB Provider to MS SQL Server.
              
    2. Download and install the ODBC driver, or OLEDB Provider to MS SQL Server.

      For your convenience, below are links to download the OLEDB and ODBC driver from the Microsoft website:
         
    3. Depending on how you are connecting to MS SQL Server, perform the following step:
        
      • For ODBC connection:
        Go to the Microsoft ODBC Administrator, rename the previous ODBC DSN, and then create a new ODBC DSN using the same DSN name used on the report, to MS SQL Server using the newer ODBC Driver to MS SQL Server. 
        ( For example: Select the ODBC Driver 18 for SQL Server )
          
      • For OLE DB connection:
        Open the report in Crystal Reports, and perform a set data source location to OLE DB, and select the newer OLE DB Provider.
        ( For example: Select the Microsoft OLE DB Driver 18 for SQL Server )
          

    • Notes: 
      • For general steps on how to perform a set datasource location, see the SAP Knowledge Base Article: 1215396
      • There is no options in Crystal Reports to perform change on multiple reports at once, therefore there is no option to change the data source of multiple reports at once. Each report needs to be edited one by one. 
          
          
  • Further information:

    See the Microsoft website regarding issue when disabling TLS 1.0
       
    https://msdn.microsoft.com/en-us/library/ff487261.aspx

    Where it mentioned: SQL Server and Microsoft data providers for SQL Server support TLS 1.0 and SSL 3.0. If you enforce a different protocol (such as TLS 1.1 or TLS 1.2) by making changes in the operating system channel layer, your connections to SQL Server might fail.

    Microsoft also release a few patches to resolve this issue:

    https://support.microsoft.com/en-us/kb/3052404

    Crystal Reports and our Ceystal Reports for Visual Studio .NET SDK's do not use TLS to connect to the Database, it use CORBA and TCP/IP protocals.
      
    Microsoft has now un-deprecated their OLE DB providers and have plans to release an update the first quarter of 2018 to be TLS 1.2 Compliant and fully support TLS 1.2 
      
    To enable/disable TLS 1.x for the OS using registry keys see this Microsoft article:
      
    https://technet.microsoft.com/en-us/library/dn786418(v=ws.11).aspx#BKMK_SchannelTR_TLS12
        
    Bottom line is as long as your client is configured to use TLS 1.2 then Crystal Reports and Crystal Reports for Visual Studio applications will be able to connect to MS SQL Server. 

    A quick test is to use ODBC, create a new ODBC DSN and test the connection, if it is successfull, then it will work in Crystal Reports as well.

See Also

Keywords

TLS 1.0, Crystal Reports Designer, .NET, CRforVS, MS SQL Server Database , KBA , BI-DEV-NET , BI Software Development Kits (SDKs) - .NET or Other , BI-RA-CR , Crystal Reports designer or Business View Manager , Problem

Product

SAP Crystal Reports 2013 ; SAP Crystal Reports 2016 ; SAP Crystal Reports 2020 ; SAP Crystal Reports, developer version for Microsoft Visual Studio