Understanding the relationship between ODBC and TLS
When IIS reaches out to SQL for information from the database, it uses the ODBC driver to communicate with the SQL server. This communication needs to be encrypted for security reasons. The ODBC driver will use TLS to do the encryption. The latest version of TLS is 1.2.
If mismatched versions of TLS are installed on the two servers you will have communication issues because the encryption breaks.
If an older version of the ODBC driver is on one of the servers it will try to use TLS 1.0 and break the encryption.
This is why you need to install the latest version of the ODBC driver so that it will use TLS1.2. This is also why you need to be sure TLS 1.2 is activated on both servers.
It should also be noted that by default SQL uses port 1433 to send and receive the communication with IIS.
How to update the ODBC Driver
How to Test TLS version on the server
- Download the attached TestTLS.psm1 file
- Open Powershell as admin, import the psm1 file using import-module c:\file path\testTLS.psm1
- Run the test using "server name" | Test-ServerSSLSupport (change server name to the name of the server you are testing)
How to change TLS:
- You can use https://www.nartac.com/Products/IISCrypto/
- Or you can manually change it in the registry
How to check your .NET version
- Open a Command prompt and run "HKLM\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4" /s