Upsizing i2 iBase 8.9.11 database to SQL server 2016 database result to an OLE DB error - DBNETLIB (Connection Open SeDoClient Handshake SSL) Security error.

Troubleshooting

Problem

An attempt to upsize i2 iBase database (both ids and idb files) to SQL server database lead to the following error message related to OLE DB and SSL handshake

"DBNETLIB (Connection Open SeDoClient Handshake SSL) Security error.
Error #-2147467259 occurred in:
Microsoft OLE DB Provider for SQL Server
CSFUPsize: Upsize SF
idDBEngine: Upsize security file
idDBSystem: Upsize security file
FMain: DoCommand(SecurityUpsize)

Symptom

The user attempts to upsize i2 iBase database (both ids and idb files) to SQL server database, and this error message appears:

Cause

The cause of this error is a mismatch of encryption protocol's version (TLS), between the client and the server.

i2 iBase 8.9.11 supports TLS 1.0 and TLS 1.1.

However, while Microsoft SQL server 2016 can support TLS 1.0, TLS 1.1, and TLS 1.2, but some sites will follow the Microsoft recommendation and disable TLS 1.0 and TLS 1.1 because of security concerns, leaving the SQL server 2016 set up for TLS 1.2 only. If this is the case, then i2 iBase 8.9.11 will not be able to negotiate a session with SQL server 2016, and therefore producing the SSL handshake error.

Environment

The user is using i2 iBase 8.9.11

The MS SQL Server version is 2016

Diagnosing The Problem

Using the following steps to identify that the cause is a version mismatch of TLS:

Step 1; Start iBase, then navigate to "Help" -> "About IBM i2 iBase 8", and then verify the version of the software is 8.9.11 (or lower).

Step 2: Check the TLS enablements for SQL server 2016 from the registry editor:

- Click "Start" -> Run, and then type in regedit, -> "ok". This will open the reigstry editor
- In Registry Editor, locate the following registry key:

HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders \SCHANNEL\Protocols\TLS 1.1\Server

And

HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders \SCHANNEL\Protocols\TLS 1.2\Server

Verify that TLS 1.1 is disabled but TLS 1.2 is enabled.

Alternatively, the user can also check the status of the TLS enablement on SQL server 2016, by using the powershell script. Following this Microsoft article to run the Powershell Script and gather the TLS enablement information.

https://gallery.technet.microsoft.com/scriptcenter/Detect-Cryptographic-eb5f5a98

Whether if the user check from the registry editor or by using the powershell script, the goal is to confirm that TLS 1.1 is disabled but TLS 1.2 is enabled.

Resolving The Problem

After confirming that:

1) The version of i2 iBase is indeed 8.9.11

and

2) The SQL Server 2016 has TLS 1.1 disabled but TLS 1.2 is enabled,

Then the user can confirm the problem is indeed caused by the TLS version mismatch between the client and the server. In this case, there are two solutions, either one should resolve the issue:

A) The user can upgrade to iBase 8.9.12, this is because starting from i2 iBase 8.9.12 it can now support TLS 1.2

B) The user can contact their administrator and enable TLS 1.1

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSXW43","label":"i2 iBase"},"Component":"","Platform":[{"code":"PF033","label":"Windows"}],"Version":"i2 iBase 8.9.11","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Tips

Upsizing i2 iBase 8.9.11 database to SQL server 2016 database result to an OLE DB error - DBNETLIB (Connection Open SeDoClient Handshake SSL) Security error.

Troubleshooting

Problem

Symptom

Cause

Environment

Diagnosing The Problem

Resolving The Problem

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?