You may receive an error message when a SQL Server 2005 client requests encryption and connects to 127.0.0.1 on a Windows XP-based computer (916782)


The information in this article applies to:

  • Microsoft SQL Server 2005 Developer Edition
  • Microsoft SQL Server 2005 Enterprise Edition
  • Microsoft SQL Server 2005 Express Edition
  • Microsoft SQL Server 2005 Mobile Edition
  • Microsoft SQL Server 2005 Standard Edition
  • Microsoft SQL Server 2005 Enterprise Edition for Itanium Based Systems
  • Microsoft SQL Server 2005 Enterprise X64 Edition
  • Microsoft SQL Server 2005 Standard X64 Edition
  • SQL Server 2005 Standard Edition for Itanium-based Systems
  • Microsoft SQL Server 2005 Workgroup

Notice

Bug #: 429587 (SQLBUDT)
Bug #: 430805 (SQLBUDT)

SYMPTOMS

When a Microsoft SQL Server 2005 client requests encryption and connects to 127.0.0.1 on a Microsoft Windows XP-based computer, you may receive an error message that is similar to one or more of the following error messages:

Error message 1

CERT_E_CN_NO_MATCH

Error message 2

[SQL Native Client] SSL Provider: The certificate's CN name does not match the passed value.

Error message 3

[SQL Native Client] Client unable to establish connection
This issue occurs when the following conditions are true:
  • The SQL Server client requests protocol encryption.
  • The SQL Server client connects through the IPv4 loopback address.
  • The local loopback address is represented as IP address 127.0.0.1.
This issue affects all client libraries. Client libraries that are affected by this issue include the following:
  • The SQL Server .NET data provider (Sqlclient)
  • The SQL Native client
  • Microsoft Data Access Components (MDAC)
Additionally, this issue prevents successful dedicated administrator connections (DAC) to SQL Server 2005 on Windows XP.

WORKAROUND

To work around this issue, use an alternative representation of the name of the local host address instead of 127.0.0.1. The possible alternative representations include the following:
  • "."
  • "(local)"
  • HostName
Note This issue is expected behavior of the Windows secure sockets layer (SSL).

STATUS

This behavior is by design.

MORE INFORMATION

For more information about the ForceEncryption option in SQL Server 2005, click the following article number to view the article in the Microsoft Knowledge Base:

318605 How SQL Server uses a certificate when the Force Protocol Encryption option is turned on

For more information about how to encrypt connections to SQL Server 2005, visit the following Microsoft Developer Network (MSDN) Web site:

http://msdn2.microsoft.com/en-us/library/ms189067.aspx

Modification Type:MajorLast Reviewed:4/14/2006
Keywords:kbtshoot kbnofix kbprb KB916782 kbAudITPRO kbAudDeveloper
©2004 Microsoft Corporation. All rights reserved.