provider: SSL Provider, error: 0 - An existing connection was forcibly closed by the remote host

Question

I wrote a console app that just calls a stored procedure in a SQL Server database. Then I set up a Windows Task Scheduler event to call the console app's .exe file every 5 minutes. Most of the time it works, however about 10 times a day or so we get the following sqlException as soon as the connection is opened to call the stored procedure:

System.Data.SqlClient.SqlException (0x80131904): A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - An existing connection was forcibly closed by the remote host.)

I've temporarily built in a try block with a simple 5 retries and a short pause between and it's helped some but there's still several times a day that fail out all 5 times. I'm thinking it's got to be some sort of communication issue but I'm not even sure where to look.

Most of the research I've done points toward TLS or firewall issues. I'm not an expert at either of those but I would think if either of those were the cause it would get the error every time consistently. Same thing with the reference to SSL. On the other hand for the same reason I don't see how it could be a coding issue with either the console app or the stored procedure so I'm out of ideas.

The SQL connection code is something like the following:

    Public Function GetDataTable(tsql As String, Optional ConnectionString As String = Nothing, Optional TryNum As Integer = 1) As DataTable
        Try
            Dim dt As DataTable
            Using conn As SqlConnection = New SqlConnection(If(Not ConnectionString Is Nothing, ConnectionString, SConn))
                conn.Open()
                Using dr As SqlDataReader = (New SqlCommand With {.CommandType = CommandType.Text, .CommandText = tsql, .Connection = conn, .CommandTimeout = SqlCommandTimeout}).ExecuteReader
                    dt = New DataTable()
                    dt.Load(dr)
                    dr.Close()
                End Using
                conn.Close()
            End Using
            Return dt
        Catch exSQL As System.Data.SqlClient.SqlException
            If exSQL.ToString.Contains("A connection was successfully established with the server, but then an error occurred during the login process.") AndAlso TryNum < MaxTries Then
                Threading.Thread.Sleep(RetryWaitMS)
                Return GetDataTable(tsql, ConnectionString, TryNum + 1)
            Else
                SendMsg(ERROR_EMAIL_GROUP, ERROR_EMAIL_GROUP, "CommonUtils - SQL Error", tsql & vbCrLf & exSQL.ToString)
                Throw exSQL
            End If
        End Try
    End Function

Answer 1

I had the same problem several times, and this was the cause each time:

This issue also occurs when an application running on Windows Server 2012 R2 tries to connect to SQL Server running on Windows Server 2019.

https://support.microsoft.com/en-us/help/4557473/errors-when-applications-try-to-connect-to-sql-server-in-windows

Answer 2

Yes, this happens randomly because it only happens when there is leading 0 in the TLS keys and one side of the connection pads the 0 while another side doesn't. If you cannot upgrade all your Windows to the latest, use this workaround:

Disable the following 2 TLS_DHE ciphers in Group policy editor:
Computer Configuration -> Administrative Templates -> Network -> SSL Configuration Settings\SSL Cipher Suite Order:

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

Note it is not to disable the whole suite (SSL Cipher Suite Order), rather it is to enable the suite order, then take away those 2 TLS_DHE ciphers from the Options. You need a restart to make it effective.

Answer 3

Here is another link describing the problem from microsoft . What helped me there was this tool IISCrypto which you can run both on client and server machines to see the differences in the first two tabs.