NPS (Network Policy Server) SQL Logging failed if TLS 1.0 is disabled

Y

Yuh-Rong Leu

My customer wants us to disable TLS 1.0 on its NPS/SQL server. The NPS server is configured to use SQL Logging.

I run "netsh nps dump yes > c:\nps.txt" to dump the NPS settings, and I can see set sqllog connection = "Provider=SQLOLEDB.1;Password=sapasswd;Persist Security Info=True;User ID=sa;Initial Catalog=WinocDB;Data Source=.;Connect Timeout=30"

It means SQLOLEDB is used as the provider. However, SQLOLEDB does not support TLS 1.2, so I try to run netsh nps set sqllog connection = "Provider=MSOLEDBSQL;Server=.;Database=WinocDB;User ID=sa;Password=sapasswd" to change the provider to MSOLEDBSQL, which supports TLS 1.2.

NPS can connect to the SQL server as it passes the SQL connection test on the NPS MMC console.

However, SQL Logging does not work with this connection string. There is an NPS Event ID 4404 error stating that SQL Logging failed with error code 0x80040e5d ("Parameter name is unrecognized").

A stored procedure named "report_event (@doc ntext)" exists in the WinocDB database.

I believe the OLE DB client of NPS is not compatible with the new MSOLEDBSQL driver, and needs to be updated so that TLS 1.2 can be supported.

Is any workaround possible?

Continue reading...
 
You must log in or register to reply here.

Similar threads

D
OpenSSL Certificates used for NPS EAP - Reason Code 295 (CA certificates is not trusted by the policy provider)
Replies
0
Views
43
Dave Baddorf
D
J
Windows NPS (MD5-CHAP authentication) (Windows Server 2022)
Replies
0
Views
53
Jeffrey Mik
J
C
NPS Network Policy
Replies
0
Views
55
Chris Collins TUSD
C
C
Server 2019 NPS
Replies
0
Views
62
Chris Collins TUSD
C
K
Windows Server 2012 R2 unable to connect to SQL Server 2014 using stronger cipher suites
Replies
0
Views
48
Khoh Keng Guan Jimmy (NCS)
K
Back
Top Bottom