search

johanclasson / vso-agent-tasks

Build and Release Tasks for Visual Studio Online and Team Foundation Server
MIT License
20 stars 16 forks source link

what protocol does dbup.dll use to connect to sql server 2012/ 2014. Is the driver using old TLS 1.0 protocol #39

Closed aartiroshan closed 6 years ago

aartiroshan commented 6 years ago

We see error . The error goes away when we enable SSL 3.0 & TLS 1.0. We should be using TLS 1.1 or TLS 1.2

2018-06-07T13:54:35.9275423Z ##[section]Starting: DbUp Migration 2018-06-07T13:54:35.9500315Z ============================================================================== 2018-06-07T13:54:35.9501453Z Task : DbUp Migration 2018-06-07T13:54:35.9501613Z Description : Runs SQL Server change scripts, and only those which have not been run already. 2018-06-07T13:54:35.9501754Z Version : 1.1.3 2018-06-07T13:54:35.9501872Z Author : Johan Classon 2018-06-07T13:54:35.9502034Z Help : More Information 2018-06-07T13:54:35.9502184Z ============================================================================== 2018-06-07T13:54:35.9777221Z Preparing task execution handler. 2018-06-07T13:54:40.2102867Z Executing the powershell script: C:\vstsagent\A1_work_tasks\UpdateDatabaseWithDbUp_4182dbda-71db-4d18-89b3-75255b7802eb\1.1.3\Update-Database.ps1 2018-06-07T13:54:40.2195669Z ##[error]System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive. ---> System.ComponentModel.Win32Exception: The client and server cannot communicate, because they do not possess a common algorithm 2018-06-07T13:54:40.2205444Z at System.Net.SSPIWrapper.AcquireCredentialsHandle(SSPIInterface SecModule, String package, CredentialUse intent

johanclasson commented 6 years ago

Thanks for the feedback.

I wonder if inserting the following line into Update-DatabaseWithDbUp.ps1 will fix your issue.

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

I will need some help to reproduce this... If you have access to the build server running this, you can try to insert the change directly under the agents _work/_task/UpdateDatabaseWithDbUp. If not, I can build a beta extension with this change that you can test out.

aartiroshan commented 6 years ago

yes i have access to the server. where do you want me to add it in the file? Or if you want send me updated file.

johanclasson commented 6 years ago

Your System.Net.WebException hints that it is not DbUp that throws but rather something else. There are some functionality before DbUp is invoked that actually downloads DbUp from NuGet. My guess is that it fails there rather than when communicating with SQL server.

Just put the line as the first line in the file.

aartiroshan commented 6 years ago

I have not been able to reproduce this for now. maybe the issue is related to sql server 2012. i will try again in couple of days and get back to you.

johanclasson commented 6 years ago

My best guess is that your issue was due to that the task downloaded DbUp through NuGet. If no nuget.exe was present in PATH, the task downloaded it with Invoke-Webrequest. PowerShell has lately been prone to fail regarding the deprecation of TLS 1.0.

With the latest release (1.1.4) the task comes with a bundled version of DbUp, which will fix your issue.