Edit

Share via

Intermittent connection errors occur when adding a node to the Always On environment in SQL Server

  • Article

You experience intermittent connection errors when you add a new node to the existing Always On environment.

Symptoms

When you try to connect to a server that's running Microsoft SQL Server, the following error message appears intermittently:

The connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - An existing connection was forcibly closed by the remote host.)

Cause

This error might occur if a there's a mismatch in security protocols between the database and the application servers.

Resolution

To fix this error, resolve the mismatch between the security protocols. Node1 encrypts information by using AES128/256. Node2 encrypts information by using RC4. To troubleshoot this error, follow these steps:

  1. Download IIS Crypto.

  2. Install the GUI version of the IIS Crypto tool on the server.

  3. Configure Cipher Suites.

  4. Open the IIS Crypto tool on the server.

  5. In the IIS Crypto interface, select Cipher Suites in the left panel.

  6. In the list, clear all checkboxes for ciphers that start with "TLS_DHE*".

    Note

    The list might not be in any particular order.

  7. After you clear the relevant cipher selections, select Apply to save the changes.

    Screenshot that shows clearing all ciphers that aren't required.

  8. Restart the server.

    After the changes have been applied, restart the server to make sure that the new cipher suite configuration takes effect.

Note

This troubleshooting process forces the client to communicate by using a different cipher suite that has an improved security implementation.

Always make sure that you have the appropriate backups available. Also, consider testing any changes in a controlled, staged, or test environment before you apply them to the production computers. If the issue persists or if you have any other concerns, contact your network team.

Third-party information disclaimer

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.

Third-party contact disclaimer

Microsoft provides third-party contact information to help you find additional information about this topic. This contact information may change without notice. Microsoft does not guarantee the accuracy of third-party contact information.