TLS 1.2 with Weblink

replied on February 20, 2018

Thank you, Brian and Luke! I will check both and see what we come up with. We will be testing on Thursday when they have scheduled time to be down. From looking at their logs, they are not communicating with the SQL server 2016 so it could be it needs TLS 1.0. I will update with my findings.

0 0

View 8 previous replies

replied on February 20, 2018

I do think that not all releases of MSSQL support TLS 1.2, you may need to patch your installation. I took "WebLink becomes unavailable" to mean that the browser could no longer access the WebLink web server, if it's a problem with LFS connecting to MSSQL the errors in the event log should clarify that.

0 0

replied on February 20, 2018

I have found this article from Microsoft: https://support.microsoft.com/en-us/help/3135244/tls-1-2-support-for-microsoft-sql-server

They are on full SQL 2016. It looks to me like they have to have TLS 1.0 and 1.1 disabled on the SQL server in order to utilize TLS 1.2. We will test Thursday and I'll update with what worked.

0 0

replied on March 26, 2018

They are running SQL 2016 on its own server.

The web server has Weblink installed, security has disabled TLS 1.0 and 1.1. TLS 1.2 is enabled and everything works fine.

When disabling TLS 1.0 and 1.1 and enable TLS 1.2, on the Laserfiche server they get an error, 'Error executing SQL command' when trying to access Weblink (internal or external). So they also disabled TLS 1.0 and 1.1 and enabled TLS 1.2 on the SQL server with the same SQL error. They are also unable to open the client on the web server - which was installed for testing - and cannot log in to a client on a workstation.

This is the error on the workstation:

Client error from workstation:

Error Code: 9526

Error Message: Unknown error 9526 [9526]

------------ Technical Details: ------------

LFSO:

Call Stack: (Exception)

CLFConnection::Create

Additional Details:

HRESULT: 0xc0042536 (ProcessResponseHeaders, LFSession.cpp:4875)

(LFSO/9.1.1.601)

LF.exe (9.1.1.548):

Call Stack: (Exception)

CLoginDialog::AttemptLogin

CLoginDialog::LoginToServer

CLoginView::LoginHandler

Call Stack: (Current)

CLoginDialog::LoginToServer

CLoginView::LoginHandler

Additional Details:

Exception: 0x80042536 [9526] (Unknown error 9526) (CLoginDialog::AttemptLogin at LoginDialog.cpp:794)

Call History:

CLoginView::LoginHandler

CLoginDialog::LoginToServer

GetOptionString ([CityofIowaCitySettings]AdminNoPassword)

GetOptionString ([CityofIowaCitySettings]UserName)

GetOptionString ([Settings]UseWindowsAuth)

GetOptionString ([CityofIowaCitySettings]UseWindowsAuth)

CLoginDialog::AttemptLogin

GetOptionString ([Settings]CheckServerVersion)

Any ideas?

Thanks!

0 0

replied on March 26, 2018

Error 9526 is "The repository cannot be mounted at the current time because it is being mounted or unmounted. Please wait until the current operation completes." It doesn't suggest a communication problem between WebLink and LFS, it suggests a problem between LFS and SQL. Were you able to look in the LFS logs?

0 0

replied on March 27, 2018

No, but I will. Thank you!

0 0

replied on March 29, 2018

I am unable to find the lfs.log file. I thought it was at C:\Program Files\Laserfiche\Server. Am I looking in the wrong place? Does logging have to be turned on? Will the server logs have more information than the Event Viewer?

0 0

replied on March 29, 2018

Sorry, I meant the event viewer.

0 0

replied on April 2, 2018

No worries!

0 0

replied on June 24, 2021 • Show version history

i know this post is quite old, but were you able to find a solution Linda or Brian?

we are experiencing the same issue. working on a Wireshark session to determine the protocol being used. our issue seems to revolve around communications between the laserfiche application server/laserfiche admin console and SQL. if we run the secrecy script above on either the SQL server, application server, or both, Laserfiche will throw SQL comm errors.

interesting point:
if i open Laserfiche Admin console on my local workstation (which does have TLS 1.0, 1.1, and 1.2 enabled) and attempt to change DBMS to a SQL server which also has TLS 1.0, 1.1, and 1.2 enabled, i can refresh and see all databases. if i try to connect to a SQL server with TLS 1.0 and 1.1 disabled, i cannot see any database available. Also note that SSMS works to both SQL servers from my local workstation.

0 0

replied on June 28, 2021

The key to resolving this is figuring out which machine can't connect to the next one in the chain: client (Windows, web, Admin)/LFS/SQL. The logs should be pretty clear when it fails, and if it's due to TLS the message should say something suggestive about not establishing a secure connection.

0 0

replied on June 29, 2021 • Show version history

Thanks for responding Brian. The connection in question is the Laserfiche application server connecting to SQL. If we disable all protocols other than TLS 1.2, Laserfiche is unable to make a connection and we receive SQL errors.

After further testing, we used this article from Microsoft to determine we are able to make connections from the Laserfiche application server to SQL Servers with only TLS 1.2 enabled. In order to make these connections, we could only use the OLE DB Driver for SQL Server or SQL Native Client 11.0. All other providers failed.

Can you confirm which driver Laserfiche Server will use for establishing that connection? We were forced to re-enable TLS 1.0 on the Laserfiche application server and TLS 1.0 and TLS 1.1 on the SQL server in order for Laserfiche to work correctly.

See attached PDF for a list of troubleshooting steps we've completed.

laserfiche_sql_connection_testing_results.pdf (485.68 KB)

| Download

0 0

Question

Question

Replies

Sign in to reply to this post.