SSMS 19 issue with AWS RDS

Daniel W.

4/19/24, 3:23 PM

still pretty new to SQL administration so please bear with me. We recently updated to SQL Server Management Studio 19 and have been running into issues.

The long and short of it is I am trying to get our custom DNS for our Databases functioning on SQL Server Management Studio 19, its my understanding that SSMS 19 added some extra security layers that are causing some issues.

We have some custom DNS names setup to connect to our AWS RDS connections, this worked without issue in SSMS 18. Our users would use short-name.mycompany.com to connect to the DB instances in previous SSMS versions, but in while testing 19, I noticed I was getting the following error.

A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.) (Microsoft SQL Server, Error: -2146893019)

SSMS Error 01

Doing research I found that I could resolve the above error by installing an SSL cert on our server and that I could get it from AWS. I downloaded and installed the Cert which gave a new error message when trying to use short-name.mycompany.com

A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The target principal name is incorrect.) (Microsoft SQL Server, Error: -2146893022)

SSMS Error 02

When using the endpoint names as they show in AWS: AWS-Endpoint-name.xxxxxxx########.amazonaws.com works now that the cert is installed, but it is going to be unwieldy for our end users.

Endpoint Name

I've found the "work around" of selecting "trust certificate" in the connection settings for ssms 19, but I'd rather not rely on that.

Trust Certificate

That option also has the weird side effect of not allowing expired passwords to be reset by giving the same error message:

SSMS Error 03

It seems like we might be able to setup our own Cert that includes the short hand names and install that on the RDS databases, but before going down that path I want to know if I'm missing something obvious. Is there some way to get this to work or are my end users going to have to use the long endpoint names? Any help would be appreciated, please let me know if you have any questions.

153

0 + 1

sql

amazon-rds

ssms

windows-server-2019

Greg Askew

4/19/24, 5:09 PM

That's the deal with certificates. Everything has to match or the house of cards comes down.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: SSMS 19 issue with AWS RDS

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.