When you try to install Dynamics CRM Server 2016, the Environment Diagnostics Wizard fails with this error message:
Error| Check SqlServerValidator : Failure: Could not connect to the following SQL Server: 'Server Name'. Verify that the server is up and running and that you have SQL Server administrative credentials. [DBNETLIB][ConnectionOpen (SECDoClientHandshake()).]SSL Security error.
The Dynamics CRM Server 2016 wizard requires connectivity check through Microsoft OLE DB Provider for SQL Server to start database creation. The installation documentation lists software installed during the setup. This includes the Microsoft SQL Server Native Client. The setup uses this native client and during the phase of the configuration database creation, OLE DB connection is required.
This connectivity failure reproduces when a test connection is created for the given SQL Server through a UDL file.
Save the file as 'Connectivity Test.udl' and file type as 'All Files'
Open the saved file
Select Microsoft OLE DB Provider for SQL Server as the provider
Provide server connection and authentication details
Test the connection or open list of databases
The connection fails with same error message
This fails because the secured connection between the Dynamics CRM Server 2016 and the SQL Server needs TLS 1.0 to be enabled for the OLE DB Provider for SQL Server. And the SQL Server may not have TLS 1.0 enabled for secure channel communication.
The connectivity may fail even if TLS 1.1 or 1.2 is enabled on the SQL Server as the OLE DB Provider for SQL Server supports only TLS 1.0. Support for TLS 1.2 is provided for the providers listed in this article.
Enable TLS 1.0 for Microsoft OLE DB Provider for SQL Server on SQL Server. TLS 1.0 can be enabled with the following registry changes:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server] "Enabled"=dword:00000001
If the organization policy requires TLS 1.0 to be disabled, this can be done after the installation completes:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server] "Enabled"=dword:00000000
TLS 1.0 may also need to be enabled on Dynamics CRM Server 2016 as client.
TLS 1.0 can be disabled on SQL Server and Dynamics CRM Server 2016 after the installation completes if the organization policy needs TLS 1.0 disabled.