The Community Event for Data Recovery Experts

Watch for FREE to expand your cloud and security skills

On-demand event

Watch now

Microsoft SQL Server Transaction Log are not truncated due to an error code 0x80004005 [TLS 1.0]

KB ID: 2998
Product: Veeam Backup & Replication | 9.0 | 9.5 | 10
Veeam Agent for Microsoft Windows | 2.0 | 3.0.2 | 4.0
Published: 2019-09-03
Last Modified: 2021-02-24
Get weekly article updates
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.

Cheers for trusting us with the spot in your mailbox!

Now you’re less likely to miss what’s been brewing in our knowledge base with this weekly digest

error icon

Oops! Something went wrong.

Please try again later.

Challenge

When backing up a machine running a Microsoft SQL server where TLS 1.0 has been disabled, a job may fail with the error code 0x80004005 [TLS 1.0].
 

The following warning will be found on the server that is being protected by either Veeam Backup & Replication or Veeam Agent for Microsoft Windows, the path to the file containing this warning is listed below.

  • For a VM being processed by Veeam Backup & Replication:
        %ProgramData%\Veeam\Backup\VeeamGuestHelper_<dd.mm.yyyy>.log
  • For a server being backed up using Veeam Agent for Microsoft Windows:
        %ProgramData%\Veeam\Endpoint\<job_name>\Job.Backup.log
INFO    Connecting to mssql, connection string: Provider='sqloledb';Data Source='(local)\SQLINSTANCENAME';Integrated Security='SSPI';Persist Security Info=False, timeout: 15 
WARN        Code = 0x80004005 WARN        Code meaning = Unspecified error 
WARN        Source = Microsoft OLE DB Provider for SQL Server 
WARN        Description = [DBNETLIB][ConnectionOpen (SECCreateCredentials()).]SSL Security error. 
WARN    COM error:  Code: 0x80004005

Cause

The SQL Server being protected by Veeam is using a SQL OLE DB provider which does not support TLS 1.2

Solution

Behavior Change Starting with Veeam Backup & Replication v11

Starting with Veeam Backup & Replication v11 the Microsoft OLE DB Provider (MSOLEDBSQL) will be used first to initiate communication. In all previous version only the SQLOLEDB provider was used. Also, starting with Veeam Backup & Replication v11 the software will first attempt to use MSOLEDBSQL first, then failover to Native SQL Client Provider, and then failover to using SQLOLEDB Provider. If Veeam Backup & Replication fails over to using SQLOLEDB provider the job will report "Using deprecated provider" warning.

It is therefore advisable if you are facing this issue to upgrade to Veeam Backup & Replication v11.

The direct solution to this situation is to review available updates for the SQL Server that is having this issue and ensure that TLS 1.2 is supported by the Microsoft OLE DB provider for SQL Server.

Please review: https://support.microsoft.com/en-us/help/3135244/tls-1-2-support-for-microsoft-sql-server
 


As a workaround, it is possible to force Veeam to request that the 'Native SQL Client Provider' be used instead of SQLOLEDB. This is done by adding a registry value to the Guest OS of the machine being protected by Veeam.

Please review the scenarios below and use the location and value specified:

  1. For a VM being protected by Veeam Backup & Replication:
    • Location: HKLM\SOFTWARE\Veeam\Veeam Backup and Replication
    • Value: UseSqlNativeClientProvider
    • Type: DWORD
    • Data: 1
       
  2. For machines being protected (managed or standalone) by Veeam Agent for Microsoft Windows:
    • Location: HKLM\SOFTWARE\Veeam\Veeam Endpoint Backup
    • Value: UseSqlNativeClientProvider
    • Type: DWORD
    • Data: 1
       
  3. For SQL Failover Clusters protected by Veeam Agent for Microsoft Windows via a job in Veeam Backup & Replication with the option Backup logs periodically an additional value must be specified (the value in  HKLM\SOFTWARE\Veeam\Veeam Endpoint Backup also still remains the place).
    • Location: HKLM\SOFTWARE\Veeam\Veeam Backup and Replication
    • Value: UseSqlNativeClientProvider
    • Type: DWORD
    • Data: 1


No server restart is required, registry key will be checked on next job run.

More Information

Schannel implementation of TLS 1.0 in Windows security status update: November 24, 2015
https://support.microsoft.com/en-us/help/3117336/schannel-implementation-of-tls-1-0-in-windows-security-status-update-n

Driver history for Microsoft SQL Server
https://docs.microsoft.com/en-us/sql/connect/connect-history?view=sql-server-ver15  
To submit feedback regarding this article, please click this link: Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.

Spelling error in text

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

Oops! Something went wrong.

Please try again later.

KB Feedback/Suggestion

This form is only for KB Feedback/Suggestions, if you need help with the software open a support case
By submitting, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Verify your email to continue your product download
We've sent a verification code to:
  • Incorrect verification code. Please try again.
An email with a verification code was just sent to
Didn't receive the code? Click to resend in sec
Didn't receive the code? Click to resend
Start using Veeam:
Download the product
&
Activate the license key
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

error icon

Oops! Something went wrong.

Please try again later.