Set conn = Server.CreateObject("ADODB.Connection") conn.Open "Provider=MSOLEDBSQL;Data Source=myServer;Initial Catalog=myDB;Integrated Security=SSPI;Use Encryption for Data=True;" Even in .NET, if you are forced to use System.Data.OleDb , change the connection string similarly:
Then ensure TLS 1.2 is enabled:
conn.Open();
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client] "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client] "Enabled"=dword:00000000
Registry keys (reboot required):
Provider=MSOLEDBSQL;Data Source=sqlserver.contoso.com;Initial Catalog=MyDB;Integrated Security=ActiveDirectoryIntegrated; (Use Integrated Security=SSPI if using classic NTLM/Kerberos instead of Azure AD) Append Encrypt=yes; and TrustServerCertificate=no; for production (with proper certificate validation). To strictly require TLS 1.2, you may need to configure Schannel system-wide or set the SSL Crypto context – but MSOLEDBSQL automatically negotiates TLS 1.2 if the server supports it. To disable older protocols system-wide:
using (OleDbConnection conn = new OleDbConnection( "Provider=MSOLEDBSQL;Data Source=myServer;Initial Catalog=myDB;Integrated Security=SSPI;")) microsoft ole db provider for sql server tls 1.2
[DBNETLIB][ConnectionOpen (SECDoClientHandshake()).]SSL Security error. [Microsoft OLE DB Provider for SQL Server] Cannot generate SSPI context. The only Microsoft-supported OLE DB provider that fully supports TLS 1.2 (and TLS 1.3 where applicable) is MSOLEDBSQL (Microsoft OLE DB Driver for SQL Server).