仅启用TLS 1.2时Rs.exe无法发布报表问题求助
Problem
I'm using Rs.exe to automate deployment of report files. When I disable older SSL/TLS protocols and only enable TLS 1.2, the deployment fails with this error:
无法连接到服务器:https://ServerName/reportserver/ReportService2010.asmx
What I've Tried
I added the following registry keys to force .NET to use strong cryptography and system default TLS versions, but the issue persists:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319] "SchUseStrongCrypto"=dword:00000001 "SystemDefaultTlsVersions"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft.NETFramework\v4.0.30319] "SchUseStrongCrypto"=dword:00000001 "SystemDefaultTlsVersions"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v2.0.50727] "SystemDefaultTlsVersions"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft.NETFramework\v2.0.50727] "SystemDefaultTlsVersions"=dword:00000001
Environment Details
- OS: Windows Server 2016
- SQL Server: SQL Server 2016
- .NET Framework: 4.7.1
- The server has a valid certificate,
https://ServerName/reportserveris accessible via browser, and all RS Configuration Manager settings are properly configured.
Possible Solutions to Try
1. Force Rs.exe to Use .NET 4.7.1 with a Config File
Rs.exe shipped with SQL Server 2016 might default to an older .NET runtime that doesn't fully honor your registry settings. Create or edit a Rs.exe.config file in the same directory as the tool to explicitly target .NET 4.7.1 and enable TLS 1.2:
<?xml version ="1.0"?> <configuration> <startup> <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.1"/> </startup> <runtime> <AppContextSwitchOverrides value="Switch.System.Net.DontEnableSchUseStrongCrypto=false;Switch.System.Net.DontEnableSystemDefaultTlsVersions=false"/> </runtime> </configuration>
2. Upgrade Rs.exe to a Newer Version
The Rs.exe included with SQL Server 2017 or later has better built-in TLS 1.2 support. If possible, grab the tool from a newer SQL Server installation and test your deployment with it—this often resolves compatibility gaps in older versions.
3. Verify Server Cipher Suites & Certificate
Even with TLS 1.2 enabled, mismatched cipher suites or outdated certificates can break connections:
- Use a tool like IIS Crypto to confirm TLS 1.2 is enabled with modern cipher suites (avoid legacy ones like 3DES).
- Ensure your server's certificate uses a SHA-2 hash algorithm—SHA-1 certificates can cause TLS 1.2 handshake failures.
4. Enable Verbose Logging for Rs.exe
Add the /v flag to your Rs.exe command to get detailed error logs, which can reveal whether the issue is with TLS handshake, authentication, or endpoint configuration. Example:
rs.exe -i YourDeploymentScript.rss -s https://ServerName/reportserver/ReportService2010.asmx -u YourUsername -p YourPassword -v
5. Install the Latest SQL Server 2016 Cumulative Update
SQL Server 2016 has received multiple updates that improve TLS 1.2 support for its tools. Installing the latest cumulative update (CU) can patch underlying compatibility bugs affecting Rs.exe.
Let me know if any of these steps resolve your issue, or if you can share more details from the verbose logs to narrow things down further!
内容的提问来源于stack exchange,提问作者Karthik Karnam
