Automatic Site Upgrade to 2203 Prompts for Credentials if Forced Encryption Enabled on SQL Server

Automatic Site Upgrade to 2203 Prompts for Credentials if Forced Encryption Enabled on SQL Server

book

Article ID: CTX477259

calendar_today

Updated On:

Description

  • Environment upgraded from 1912 to 2203
  • While running the Automatic Site upgrade from the Studio, it prompts for the Database login credentials
  • Entering the credentials does not proceed further.
  • Test Site results in errors "Check database connection settings and user permissions. Database "databasename" on "SQL Server" cannot be reached"

 

Environment

Citrix is not responsible for and does not endorse or accept any responsibility for the contents or your use of these third party Web sites. Citrix is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement by Citrix of the linked Web site. It is your responsibility to take precautions to ensure that whatever Web site you use is free of viruses or other harmful items.

Resolution

1.Update the DB connection strings to use FQDN of the SQL server or the FQDN of the SQL listener (in case of cluster)
2.The SAN field of the certificate can either have a wildcard entry or the full FQDN.

Problem Cause

Issue is only seen on SQL servers where forced encryption is set, due to a code change in the Microsoft code which enforces validation of the server certificate. 

https://learn.microsoft.com/en-us/sql/database-engine/configure-windows/certificate-requirements?view=sql-server-2016#certificate-requirements-for-sql-server-encryption

image.png

The logs indicated that TLS handshake is failing due to server_name mismatch in the client and server certificate.


Snippet from Logs
 

2022/09/09 18:18:32:08011,12044,10504,Citrix.Monitor.exe,0,MonitorLog,,0,,1,Information,"EnvTests: /Citrix/DelegatedAdminContract/DelegatedAdminAPI/v1 caught WebException System.Net.WebException: The remote server returned an error: (400) Bad Request.

2022/09/09 18:18:32:12515,4188,10404,Citrix.Configuration.exe,0,ConfigurationLog,,0,,1,Error,"EnvTests: RunTest Configuration_SchemaNotModified raised exception Microsoft.SqlServer.Management.Common.ConnectionFailureException: Failed to connect to SQL server . ---> Microsoft.Data.SqlClient.SqlException: A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The target principal name is incorrect.) ---> System.ComponentModel.Win32Exception: The target principal name is incorrect

2022/09/09 18:18:32:94249,9444,11148,Citrix.EnvTest.exe,0,EnvTestLog,,0,,1,Information," UnexpectedTermination FatalError EnvTest An unexpected error occurred. Failed to connect to SQL server

 

Powered by Wolken Software