Microsoft KB Archive/916782

= You may receive an error message when a SQL Server 2005 client requests encryption and connects to 127.0.0.1 on a Windows XP-based computer =

Article ID: 916782

Article Last Modified on 11/20/2007

-

APPLIES TO


 * Microsoft SQL Server 2005 Developer Edition
 * Microsoft SQL Server 2005 Enterprise Edition
 * Microsoft SQL Server 2005 Express Edition
 * Microsoft SQL Server 2005 Standard Edition
 * Microsoft SQL Server 2005 Enterprise Edition for Itanium-based Systems
 * Microsoft SQL Server 2005 Enterprise X64 Edition
 * Microsoft SQL Server 2005 Standard X64 Edition
 * Microsoft SQL Server 2005 Standard Edition for Itanium-based Systems
 * Microsoft SQL Server 2005 Workgroup Edition

-



Notice
Bug #: 429587 (SQLBUDT)

Bug #: 430805 (SQLBUDT)



SYMPTOMS
When a Microsoft SQL Server 2005 client requests encryption and connects to 127.0.0.1 on a Microsoft Windows XP-based computer, you may receive an error message that is similar to one or more of the following error messages:

Error message 1

CERT_E_CN_NO_MATCH

Error message 2

[SQL Native Client] SSL Provider: The certificate's CN name does not match the passed value.

Error message 3

[SQL Native Client] Client unable to establish connection

This issue occurs when the following conditions are true:
 * The SQL Server client requests protocol encryption.
 * The SQL Server client connects through the IPv4 loopback address.
 * The local loopback address is represented as IP address 127.0.0.1.

This issue affects all client libraries. Client libraries that are affected by this issue include the following:
 * The SQL Server .NET data provider (Sqlclient)
 * The SQL Native client
 * Microsoft Data Access Components (MDAC)

Additionally, this issue prevents successful dedicated administrator connections (DAC) to SQL Server 2005 on Windows XP.



WORKAROUND
To work around this issue, use an alternative representation of the name of the local host address instead of 127.0.0.1. The possible alternative representations include the following:
 * &quot;.&quot;
 * &quot;(local)&quot;

Note This issue is expected behavior of the Windows secure sockets layer (SSL).



STATUS
This behavior is by design.



MORE INFORMATION
For more information about the ForceEncryption option in SQL Server 2005, click the following article number to view the article in the Microsoft Knowledge Base:

318605 How SQL Server uses a certificate when the Force Protocol Encryption option is turned on

For more information about how to encrypt connections to SQL Server 2005, visit the following Microsoft Developer Network (MSDN) Web site:

http://msdn2.microsoft.com/en-us/library/ms189067.aspx

Keywords: kbtshoot kbnofix kbprb KB916782

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.