Azure AD Connect - Disabling SSL and TLS 1.0

Microsoft's Azure AD Connect is a great tool for syncing your user profiles up to Azure AD for use in Office 365, and other applications.  It works even better if you have completely filled out profiles, which is what Hyperfish helps with (contact us if you're interested in learning more).  Occasionally, we get some requests from clients that are a little out of the ordinary and this one was a first.  This client is a financial institute and they had a requirement to disable all weak protocols and hashes.  Mainly SSL2, SSL3, and TLS1.0.  Basically, we disabled everything except TLS1.1 and TLS1.2 for protocols and disabled MD5 hashes.  We used IISCrypto to do this and here is what our settings looked like...

IISCrypto Settings

When we rebooted, the Microsoft Azure AD Sync service failed to start.  When I checked the Event Log, I saw Event ID 6219 "A network-related or instance-specific error has occurred while establishing a connection to SQL Server.  Server is not found or not accessible."

Azure AD Sync Error

After engaging with Microsoft Support and ultimately getting the Azure AD Sync team involved, an update to the SQL Native Client was the fix.  Once you install the client, reboot and you should be good to go!  You can download it at

Recent Posts