This Blog will provide information about running SAP applications on SQL Server and Windows. The Blog is written by folks of Microsoft who are working with SAP and SQL Server for more than a decade.
If you are using the Microsoft JDBC driver 1.2 for your NetWeaver AS Java, you can get the following error message when your application server tries to connect to SQL Server:
SEVERE: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: The TDS protocol stream is not valid. at com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(Unknown Source) at com.microsoft.sqlserver.jdbc.TDSChannel.throwSSLConnectionFailed(Unknown Source) at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(Unknown Source) at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(Unknown Source) at com.microsoft.sqlserver.jdbc.SQLServerConnection.loginWithoutFailover(Unknown Source) at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(Unknown Source) at com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(Unknown Source)
This is a known issue of this version of the Microsoft JDBC driver. This version of the driver cannot use SSL if the SQL Server uses a certificate that is larger than 4KB. Even if the NetWeaver AS Java does not use SSL to connect to your SQL Server, the login information (user and password) are still encrypted.
The recommendation is to switch to a newer version of the Microsoft JDBC driver. This solution is valid for SAP systems based on NetWeaver 7.1 and higher.
This blog entry is an addendum to SAP Note 1428134.
Some releases of NetWeaver 7.1 are still using the Microsoft JDBC 1.2 driver. If you get the error above, update your driver to Microsoft JDBC 2.0. For details on how to update your driver, see SAP Note 1433363
Since these systems are using Java 1.4, you cannot update your Microsoft JDBC driver because the newer JDBC drivers will require at least Java 1.5.
If you configured SQL Server to use a specific certificate you can either use another certificate, or reset the configuration to the default.
If you have not configured SQL Server to use a specific certificate, SQL Server might still use an installed certificate if the certificate fulfills the requirements.
To prevent SQL Server from automatically loading an installed certificate, you can remove the certificate if you are sure that you do not need the certificate, or you can remove the access permissions on the certificate for the SQL Server service account user.