Provider=MSOLEDBSQL;Data Source=sqlserver.contoso.com;Initial Catalog=MyDB;Integrated Security=ActiveDirectoryIntegrated;
As part of industry-wide security initiatives (PCI DSS, NIST, HIPAA) and Microsoft’s deprecation of older TLS protocols (TLS 1.0 and 1.1), it is mandatory to ensure that all Microsoft OLE DB Provider for SQL Server connections use . Failure to do so results in connection failures, security audit findings, and exposure to protocol-level vulnerabilities (e.g., POODLE, BEAST). This document details the requirements, provider limitations, and step-by-step remediation for systems using the legacy SQLOLEDB provider and its modern replacement, MSOLEDBSQL . microsoft ole db provider for sql server tls 1.2
| Feature | SQLOLEDB (legacy) | MSOLEDBSQL v18+ | |---------|------------------|------------------| | TLS 1.2 support | ❌ No | ✅ Yes | | TLS 1.3 support | ❌ No | ✅ Yes (Windows 11/Server 2022+) | | Azure AD Auth | ❌ No | ✅ Yes | | Always Encrypted | ❌ No | ✅ Yes | | Support status | Deprecated, no updates | Actively supported | Provider=MSOLEDBSQL;Data Source=sqlserver
Set conn = Server.CreateObject("ADODB.Connection") conn.Open "Provider=SQLOLEDB;Data Source=myServer;Initial Catalog=myDB;Integrated Security=SSPI;" | Feature | SQLOLEDB (legacy) | MSOLEDBSQL v18+
Registry keys (reboot required):
The legacy provider (MDAC 2.8 / Windows Data Access Components) shipped with Windows up to Server 2019/Windows 11 does not support TLS 1.2 . It only supports: