How to establish encrypted multiprotocol connections with SQL Server 7.0 (239894)

MORE INFORMATION

You can configure SQL Server 7.0 to allow all connections through Multiprotocol to be encrypted, or encrypt connections on a client basis. First, configure SQL Server to listen on Multiprotocol using the SQL Server Network Utility as follows:

1. Add or edit the Multiprotocol Library.
2. For server wide encryption, select the Enable Multiprotocol encryption check box.
3. Stop and then restart the MSSQLServer service.

Next, configure the client computer to make Multiprotocol connections. To do this, use the SQL Server Client Network Utility to add a new server alias as follows:

1. In the SQL Server Client Network Utility dialog box, select the General tab and then click Add.
2. Choose Multiprotocol as the Network library.
3. Type the SQL Server name in the Server alias text box.

If you want specific clients to make encrypted connections, then configure the server using the SQL Server Network Utility as follows:

1. Add or edit the Multiprotocol library.
2. Clear the Enable Multiprotocol encryption check box.
3. Stop and then restart the MSSQLServer service.

Next, make the following registry key entry on the client: Advanced Options Using the Multiprotocol Netlibrary

If you want to specify a protocol to use for the connection on each client, make the following changes using the SQL Server Client Network Utility:

• To force a Multiprotocol connection over TCP/IP enter the following as the computer name and leave the Additional parameters box empty:

  ncacn_ip_tcp:SQL IP Address
  							

  where SQL IP Address is the actual IP address of the SQL Server.
• To force a Multiprotocol connection over Named Pipes enter the following as the computer name and leave the Additional parameters box empty:

  ncacn_np:SQL Server Name
  							

  where SQL Server Name is the name of the SQL Server computer.
• For a client computer that does not have the SQL Server Client Network Utility, but has the Microsoft Data Access Components (MDAC) SQL Server ODBC Driver version 3.70.0623, you may execute the Windbver.exe file located in the \Winnt\System32 or the \Windows\System directory as follows:
  1. Select Start, click Run, and then type Windbver in the Run dialog box.
  2. In the SQL Server Client Configuration Utility dialog box, click the Advanced tab.
  3. In the Server text box, enter the SQL Server Name.
  4. In the Network Protocol dialog box, select MultiProtocol.
  5. Click Add/Modify.
  6. Next, click Done.
  For a client computer that has the MDAC SQL Server Driver version later than 3.70.0623:
  1. Either add a new ODBC data source name (DSN) or configure an existing ODBC DSN.
  2. Click the Client configuration button on the screen.
  3. Select Multiprotocol.
  4. Enter the connection string as the computer name.
  5. Click OK.
  6. Finish the ODBC DSN wizard.
  To force a Multiprotocol connection over TCP/IP, enter the following as the connection string:

  ncacn_ip_tcp:SQL IP Address
  							

  where SQL IP Address is the actual IP address of the SQL Server.
  
  To force a Multiprotocol connection over Named Pipes, enter the following as the connection string:

  ncacn_np:SQL Server Name
  							

  where SQL Server Name is the name of the SQL Server computer.
  
  To specify that a specific destination port is used, see the following article in the Microsoft Knowledge Base:

When you try to connect using Multiprotocol with Encryption across two computers that are not in the same domain, there are additional requirements. If the computers are not in the same domain, (for example computers across the internet), you need to pass an additional parameter from the client computer.

When you create a new DSN, select Client Configuration button, and then change the Multiprotocol alias to include a Windows NT username and password in the additional parameters text box. (Or use the SQL Client Network Utility to modify the Multiprotocol alias)

This Windows NT user must exist as an Windows NT user on the SQL Server computer. It doesn't have to be a SQL defined user, but just exist in Windows NT.

In the registry on the client computer you should have an entry similar to this: