A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Product:

Planning Analytics 2.0.9

Microsoft Windows 2019 server

Issue:

After change in Windows registry to prevent use of TLS 1.0 and TLS 1.1 communication, the ODBC driver to SQL server does not work.

ODBCOpen ( vSource, vClient, vPassword );  does not work.

Error can be: DCOM was unable to communicate with the computer SQLserver using any of the configured protocols; requested by PID

SQLState: 01000
SQL Server Error:1
Microsoft ODBC SQL Server Driver DBNETLIB ConnectionOpen SECCreateCredentials()
Connection Failed
SQLState: 08001
SQL Server Error:18
SSL Security Error

Solution:

Change the ODBC driver from Microsoft SQL Server ODBC Driver Version 10.00.14393 to a new, like Microsoft SQL Server Native Client Version 11.00.7462.

Backup the registry values under [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\ODBC\ODBC.INI\ODBC Data Sources], to be able to restore it.

Go to Control Panel – Administrative tools – ODBC Data Sources (32-bit), to add the new driver with the same name and selected database.

 

You can run below commands to set the values for disabled TLS 1.0 and TLS 1.1 on the server:

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server" /v Enabled /t REG_DWORD /d 0 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server" /v DisabledByDefault /t REG_DWORD /d 1 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client" /v Enabled /t REG_DWORD /d 0 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client" /v DisabledByDefault /t REG_DWORD /d 1 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server" /v Enabled /t REG_DWORD /d 0 /f 

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server" /v DisabledByDefault /t REG_DWORD /d 1 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client" /v Enabled /t REG_DWORD /d 0 /f 

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client" /v DisabledByDefault /t REG_DWORD /d 1 /f

 

More Information:

https://thesecmaster.com/how-to-enable-tls-1-2-and-tls-1-3-on-windows-server/

https://support.microsoft.com/en-us/topic/kb3135244-tls-1-2-support-for-microsoft-sql-server-e4472ef8-90a9-13c1-e4d8-44aad198cdbe

https://support.microsoft.com/en-us/topic/october-20-2020-kb4580390-os-build-17763-1554-preview-ac4799c9-838f-8665-a968-0f19b6cb1049

https://think.unblog.ch/en/how-to-use-tls-1-2-and-tls-1-3-on-windows-server/ 

https://support.site24x7.com/portal/en/kb/articles/how-to-check-if-tls-1-2-is-enabled