Overview

You want to run your LM server on TLS 1.2, but after disabling TLS 1.0/1.1 and enabling TLS 1.2 on the Database and LM the LM service will not start and you find error messages in the logs similar to:

"lyrinitSQL.cpp, line:155", "Unable to connect to SQL database with settings
provided in configuration file. [DBNETLIB][ConnectionOpen (SECCreateCredentials()).]SSL
Security error. (source: Microsoft OLE DB Provider for SQL Server)"

Solution

Currently, LM uses OLE DB which only supports TLS 1.0. However, there is an alternative driver available, but you have to use a Connection String instead of the default database parameters.

Prepare the Servers

1. Disable TLS 1.0 and 1.1 in ListManager server and Database server
2. Enable TLS 1.2 on both servers
3. Install the SQL native client in order to use this in the lmcfg. This should be installed in the LM server

Stop ListManager Services

Stop your ListManager services in Windows as Services, in Windows from the webserver, or in Linux.

Stop ListManager Services in Windows as Services

1. As a Windows Administrator on your webserver, click Start and type "Services"
2. Right-click on the ListManager Service
3. Click Stop
4. Right-click on the ListManagerWeb Service
5. Click Stop

Stop ListManager Services in Windows From the Webserver

1. As a Windows Administrator on your webserver, open the ListManager window
2. Press CTRL+C and the window will close
3. Open the ListManager webserver window
4. Press CTRL+C and the window will close

Stop ListManager Services in Linux

1. As root on your ListManager webserver, navigate to your ListManager directory. e.g. /usr/local/lm/bin
2. Enter ./S96lm stop to stop ListManager
3. Enter ./S96httpd-lm stop to stop ListManager webserver

Add the SQL Connection String to the lmcfg.txt File

1. Open the file lmcfg.txt that is located in the ListManager installation folder. Depending on whether your SQL server is configured for authentication or not, use one of the following methods to add a Connection String parameter at the end of the file with the following format:
   • SQL Authentication Enabled
     

     $node_name="LYRIS";
     $sql_type="MSSQL";
     $sql_connection_string = "Provider=SQLNCLI11; Data Source=SQL_SERVER_NAME; Initial Catalog=SQL_DB_NAME; User ID=USERNAME; Password=PASSWORD;";
     $sql_pool="25";

   • SQL Authentication Not Enabled
     

     $node_name="LYRIS";
     $sql_type="MSSQL";
     $sql_connection_string = "Provider=SQLNCLI11; Data Source=SQL_SERVER_NAME;Initial Catalog=SQL_DB_NAME; Trusted_Connection=Yes";
     $sql_pool="25";

     
     Where:
     Data Source = The SQL server name
     Initial Catalog = The SQL database name
     User ID = The username to connect to the database
     Password = The password to connect to the database
     

Start ListManager Services

Start your ListManager services in Windows as Services, in Windows from the webserver, or in Linux.

Start ListManager Services in Windows as Services

If ListManager is running as Services, use this method.

1. As a Windows Administrator on your webserver, click Start and type "Services"
2. Right-click on the ListManager Service
3. Click Start
4. Right-click on the ListManagerWeb Service
5. Click Start

Start ListManager Services in Windows Manually

If ListManager is not installed as Windows Services, use this method.

1. As a Windows Administrator on your webserver, click Start and type "cmd" to open the Command Prompt
2. Navigate to the ListManager installation directory. e.g. C:\Program Files\ListManager\tclweb\bin
3. Enter httpd-lm.exe

Start ListManager Services in Linux

1. As root on your ListManager webserver, navigate to your ListManager directory. e.g. /usr/local/lm/bin
2. Enter ./S96lm start to start ListManager
3. Enter ./S96httpd-lm start to start ListManager webserver

After completing the restart, ListManager is able to operate on TLS 1.2 and connect to the database.