-
Title
Is SQL Server encryption supported? -
Description
SQL server has the option to encrypt Database connections.
This article explains different Active Roles installation and upgrade scenarios, what is supported and how to fix each one.
For reference, the following SQL query can be run on the SQL server to check encryption:SELECT encrypt_optionFROM sys.dm_exec_connectionsWHERE session_id = @@SPID -
Resolution
SCENARIO 1 - Plain installation
This scenario includes a plain installation on a machine which has been enforced with SQL encryption.
Observation:
On configuring the database, the SQL Server name should have the FQDN (fully qualified distinguished name) instead of hostname.
If the database is configured using hostname of the SQL server (Screenshot 1 below), an SSL error will be displayed at a later point while configuring the Web interface (Screenshots 2, 3).
Screenshot 1:
Screenshot 2:
Screenshot 3:
SCENARIO 2 - Upgrade Scenario 1
Upgrade from an older version of Active Roles to the latest version on a machine with SQL encryption already enforced.
This works fine.
SCENARIO 3 - Upgrade Scenario 2
An older version of Active Roles 7.x installed on a machine where SQL encryption was not enforced.
While configuring the database the SQL server name was given as hostname.
Perform upgrade of Active Roles to the latest version. The upgrade process hangs and the failure is reported in Event viewer, shown below.
Screenshot 4:
Screenshot 5:
WORKAROUND
- Close the Configuration Center
- Open Registry Editor (regedit)
- Go to location HKEY_LOCAL_MACHINE\SOFTWARE\One Identity\Active Roles\7.3\Configuration\Service (see Screenshot 6 below)
- Change Data Source value (For Both CHDatabaseConnectionString and DatabaseConnectionString) from hostname to FQDN. (Refer to Screenshot 7 below)
Open the Configuration Center and proceed with the upgrade process.
Screenshot 6:
Screenshot 7:
