Microsoft KB Archive/239894

From BetaArchive Wiki
Knowledge Base


How to establish encrypted multiprotocol connections with SQL Server 7.0

Article ID: 239894

Article Last Modified on 12/30/2003


APPLIES TO

  • Microsoft SQL Server 7.0 Standard Edition


This article was previously published under Q239894

SUMMARY

This article documents the steps necessary to establish an encrypted connection using the Multiprotocol Netlibrary.

MORE INFORMATION

You can configure SQL Server 7.0 to allow all connections through Multiprotocol to be encrypted, or encrypt connections on a client basis. First, configure SQL Server to listen on Multiprotocol using the SQL Server Network Utility as follows:

  1. Add or edit the Multiprotocol Library.
  2. For server wide encryption, select the Enable Multiprotocol encryption check box.
  3. Stop and then restart the MSSQLServer service.

Next, configure the client computer to make Multiprotocol connections. To do this, use the SQL Server Client Network Utility to add a new server alias as follows:

  1. In the SQL Server Client Network Utility dialog box, select the General tab and then click Add.
  2. Choose Multiprotocol as the Network library.
  3. Type the SQL Server name in the Server alias text box.

If you want specific clients to make encrypted connections, then configure the server using the SQL Server Network Utility as follows:

  1. Add or edit the Multiprotocol library.
  2. Clear the Enable Multiprotocol encryption check box.
  3. Stop and then restart the MSSQLServer service.

Next, make the following registry key entry on the client:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer\Client\RPCNetlib

Value Name: Security
Data Type: REG_SZ
String: Encrypt


'Advanced Options Using the Multiprotocol Netlibrary'

If you want to specify a protocol to use for the connection on each client, make the following changes using the SQL Server Client Network Utility:

  • To force a Multiprotocol connection over TCP/IP enter the following as the computer name and leave the Additional parameters box empty: 
    ncacn_ip_tcp:SQL IP Address
    where SQL IP Address is the actual IP address of the SQL Server.
  • To force a Multiprotocol connection over Named Pipes enter the following as the computer name and leave the Additional parameters box empty: 
    ncacn_np:SQL Server Name
    where SQL Server Name is the name of the SQL Server computer.
  • For a client computer that does not have the SQL Server Client Network Utility, but has the Microsoft Data Access Components (MDAC) SQL Server ODBC Driver version 3.70.0623, you may execute the Windbver.exe file located in the \Winnt\System32 or the \Windows\System directory as follows:
    1. Select Start, click Run, and then type Windbver in the Run dialog box.
    2. In the SQL Server Client Configuration Utility dialog box, click the Advanced tab.
    3. In the Server text box, enter the SQL Server Name.
    4. In the Network Protocol dialog box, select MultiProtocol.
    5. Click Add/Modify.
    6. Next, click Done.

    For a client computer that has the MDAC SQL Server Driver version later than 3.70.0623:

    1. Either add a new ODBC data source name (DSN) or configure an existing ODBC DSN.
    2. Click the Client configuration button on the screen.
    3. Select Multiprotocol.
    4. Enter the connection string as the computer name.
    5. Click OK.
    6. Finish the ODBC DSN wizard.

    To force a Multiprotocol connection over TCP/IP, enter the following as the connection string: 

    ncacn_ip_tcp:SQL IP Address

    where SQL IP Address is the actual IP address of the SQL Server.

    To force a Multiprotocol connection over Named Pipes, enter the following as the connection string: 

    ncacn_np:SQL Server Name

    where SQL Server Name is the name of the SQL Server computer.

    To specify that a specific destination port is used, see the following article in the Microsoft Knowledge Base:

164667 INF: Replication Setup Over a Firewall


When you try to connect using Multiprotocol with Encryption across two computers that are not in the same domain, there are additional requirements. If the computers are not in the same domain, (for example computers across the internet), you need to pass an additional parameter from the client computer.

When you create a new DSN, select Client Configuration button, and then change the Multiprotocol alias to include a Windows NT username and password in the additional parameters text box. (Or use the SQL Client Network Utility to modify the Multiprotocol alias)

This Windows NT user must exist as an Windows NT user on the SQL Server computer. It doesn't have to be a SQL defined user, but just exist in Windows NT.

In the registry on the client computer you should have an entry similar to this:

HKLM\Software\Microsoft\MSSQLServer\Client\ConnectTo:

DBMSRPCN,SQL_Server_NameHere,NTUser_NameHere,NTUserPasswordHere



Additional query words: link failure integrated Trusted rpc

Keywords: kbinfo KB239894



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/239894&oldid=131493
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki