When Integrating Symantec Endpoint Protection Manager 14.x with MS SQL server 2016 database on Windows server 2016 datacenter edition OS, the integration fails with Error 11501.
Windows Event viewer system logs error reads "An TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The TLS connection request has failed." - Source- Schannel
Few facts:
1. TLS 1.2 is enabled through registry settings on Windows server 2016. TLS 1.0 and TLS 1.1 are not enabled for client/server options, both were disabled in the registry.
2. SQL server 2016 supports TLS1.2 by default. Microsoft lacks proper documentation on SQL Server 2016 TLS 1.2 specific settings. The Microsoft documentation is more specific and relevant for SQL 2014 and below.
3. Since the MS SQL 2016 and SEPM was on the same server ( though not the symantec best practice), the error on event viewer was TLS 1.2 cipher suites incompatibility issue.
4. On the Windows server 2016 datacenter edition only AES 256 bit cipher was allowed. Refer attached snapshot
5. Tried enabling "Force encryption" on SQL server configuration manager, with new certificate but did not work.
Error log in SEP manager tomcat/logs/ suggest the SSL handshake could not be established.
Upon further troubleshooting through IIS Crypto tool (Nartac Software), it appeared that customer had disabled PKCS key exchange, and only ECDH was allowed. Upon enabling PKCS the integration between SQL server 2016 and SEP Manager worked successfully.