Start a conversation
  1. AEM Lyris LM
  2. Lyris LM - Configuration
  3. Articles

Disabling TLS 1.0 and 1.1 to Run LM on TLS 1.2 Results in "Unable to connect to SQL" Error

Overview

You want to run your LM server on TLS 1.2, but after disabling TLS 1.0/1.1 and enabling TLS 1.2 on the Database and LM the LM service will not start and you find error messages in the logs similar to:

"lyrinitSQL.cpp, line:155", "Unable to connect to SQL database with settings
provided in configuration file. [DBNETLIB][ConnectionOpen (SECCreateCredentials()).]SSL
Security error. (source: Microsoft OLE DB Provider for SQL Server)"

Solution

Important for ListManager 12.4.11 and later: ListManager 12.4.11 is compatible with Microsoft SQL Server 2022 and resolves this issue for modern SQL Server deployments. It now supports multiple OLE DB providers with automatic fallback (MSOLEDBSQL, SQLNCLI11, and others), so it is no longer limited to the legacy SQLOLEDB driver that only supported TLS 1.0.

To enable an encrypted SQL Server connection in ListManager 12.4.11, add the following to your lmcfg.txt and restart ListManager:

$sql_encrypted = "true";
# For self-signed or untrusted SQL Server certificates, also add:
$sql_trust_server_certificate = "true";

For the strongest encryption support, install the Microsoft OLE DB Driver for SQL Server (MSOLEDBSQL) on the ListManager server. ListManager will automatically select the best available provider. See the Supported OS and Database Platforms article for the full platform matrix.

If you are running an older version of ListManager (prior to 12.4.11) and encounter the SQL error shown above after disabling TLS 1.0/1.1 on your servers, use the connection string workaround below.

Currently, LM uses OLE DB which only supports TLS 1.0. However, there is an alternative driver available, but you have to use a Connection String instead of the default database parameters.

Prepare the Servers

  1. Disable TLS 1.0 and 1.1 in ListManager server and Database server
  2. Enable TLS 1.2 on both servers
  3. Install the SQL native client in order to use this in the lmcfg. This should be installed in the LM server

Stop ListManager Services

Stop your ListManager services in Windows as Services, in Windows from the webserver, or in Linux.

Stop ListManager Services in Windows as Services

  1. As a Windows Administrator on your webserver, click Start and type "Services"
  2. Right-click on the ListManager Service
  3. Click Stop
  4. Right-click on the ListManagerWeb Service
  5. Click Stop

Stop ListManager Services in Windows From the Webserver

  1. As a Windows Administrator on your webserver, open the ListManager window
  2. Press CTRL+C and the window will close
  3. Open the ListManager webserver window
  4. Press CTRL+C and the window will close

Stop ListManager Services in Linux

  1. As root on your ListManager webserver, navigate to your ListManager directory. e.g. /usr/local/lm/bin
  2. Enter ./S96lm stop to stop ListManager
  3. Enter ./S96httpd-lm stop to stop ListManager webserver

Add the SQL Connection String to the lmcfg.txt File

  1. Open the file lmcfg.txt that is located in the ListManager installation folder. Depending on whether your SQL server is configured for authentication or not, use one of the following methods to add a Connection String parameter at the end of the file with the following format:
    • SQL Authentication Enabled
      $node_name="LYRIS";
      $sql_type="MSSQL";
      $sql_connection_string = "Provider=SQLNCLI11; Data Source=SQL_SERVER_NAME; Initial Catalog=SQL_DB_NAME; User ID=USERNAME; Password=PASSWORD;";
      $sql_pool="25";
    • SQL Authentication Not Enabled
      $node_name="LYRIS";
      $sql_type="MSSQL";
      $sql_connection_string = "Provider=SQLNCLI11; Data Source=SQL_SERVER_NAME;Initial Catalog=SQL_DB_NAME; Trusted_Connection=Yes";
      $sql_pool="25";

      Where:
      Data Source = The SQL server name
      Initial Catalog = The SQL database name
      User ID = The username to connect to the database
      Password = The password to connect to the database

Start ListManager Services

Start your ListManager services in Windows as Services, in Windows from the webserver, or in Linux.

Start ListManager Services in Windows as Services

If ListManager is running as Services, use this method.

  1. As a Windows Administrator on your webserver, click Start and type "Services"
  2. Right-click on the ListManager Service
  3. Click Start
  4. Right-click on the ListManagerWeb Service
  5. Click Start

Start ListManager Services in Windows Manually

If ListManager is not installed as Windows Services, use this method.

  1. As a Windows Administrator on your webserver, click Start and type "cmd" to open the Command Prompt
  2. Navigate to the ListManager installation directory. e.g. C:\Program Files\ListManager\tclweb\bin
  3. Enter httpd-lm.exe

Start ListManager Services in Linux

  1. As root on your ListManager webserver, navigate to your ListManager directory. e.g. /usr/local/lm/bin
  2. Enter ./S96lm start to start ListManager
  3. Enter ./S96httpd-lm start to start ListManager webserver

After completing the restart, ListManager is able to operate on TLS 1.2 and connect to the database.

Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted
  3. Updated

Comments