Adventures in System Administration

Category: Microsoft SQL Server

Articles dealing with Microsoft SQL Server.

SQL Server – Secure By Default

Enhancements to SQL Server Network Connection Security Through Breaking Changes

With the introduction of SQL Server 2022, Microsoft began a new initiative known as secure by default. This was done in response to vulnerabilities discovered in the Tabular Data Stream (TDS) protocol by Summit Security Group that allowed a man-in-the-middle attack. The goal is to protect the network connection between the client and SQL Server. Unfortunately, these are breaking changes that can cause existing code and applications to be unable to connect to SQL Server.

Secure by default requires client drivers to enable encryption for the connection by default unless explicitly disabled, and this can cause the connection to fail. It’s not the use of encryption itself that causes problems. Rather it’s because the certificate used by SQL Server to encrypt the connection is validated by the client to ensure it’s a trusted certificate. A trusted certificate is one issued by a trusted certificate authority. Since most SQL Server instances use a self-signed certificate – which, by definition, is not a trusted certificate – this validation process fails with the result that the connection is not allowed.

Loading SQL Server PowerShell Module: SqlServer or SQLPS

I recently created a PowerShell script to restore SQL Server databases. A customer migration required that I restore 2800 plus databases. As the data directory was in a different location on the new server, this meant using the MOVE clause in the RESTORE DATABASE command to place the data files in the correct directory. This was far too many databases to do this manually. But using PowerShell also meant using a SQL Server module.

Two modules are available for SQL Server: SQLPS and SqlServer. SQLPS is the original module. Although no longer updated, it is still included with SQL Server which Microsoft says is for backwards compatibility. It is also the module that SQL Server Agent automatically loads when a job type (or subsystem) is PowerShell. SqlServer is the new and supported module and is installed from the PowerShell gallery. This is the module Microsoft recommends you use for all new development.

Copyright © 2025 Charles Rutledge

Powered by WordPress & Theme by Anders Norén