SSB – Connection handshake failed

SSB – Connection handshake failed

The following shows you some kinds of SSB exception when enabling Transport Security and Dialog Security in the cross-server Service Broker conversation.

1. Connection handshake failed. The certificate used by the peer is invalid due to the following reason: Certificate not found.

HINT: Usually this error is related to the EndPoint authentication, so the problem is from the certificates in MASTER DBs in two SQL SERVER instances. Please make sure that the right certificates are deployed and referenced. Look into master.sys.certificates in two respectively SQL SERVERS and validate the certificate cert_serial_number or thumbprint matches between two instances.

2. Connection handshake failed. The certificate used by the peer is invalid due to the following reason: The database principal has no mapping to a server principal..

HINT: You are using certificates for adjacent transport security. The certificate used by the peer belongs to a user in master DB who is not mapped to a login. This could happen for the following cases:

(1) You created a user in master without login.

(2) You created a user in master with login, but later dropped that login, thus orphaning that user.

The fix would be to create a SQL login, then create a user in master for this login and alter authorization of the peer’s certificate to be owned by this user. Next grant connection permission on the service broker endpoint to the newly created login.

You can refer to the following SQL SCRIPT for help.

-- Create a new login & user in the MASTER system database

Create Login Demo_Login

With password=’YOURPASSWORD’

Create User Demo_User

For Login Demo_Login

-- Give authorization permissions

Create Certificate YOURCERTIFICATENAME

Authorization Demo_User

From File=’THE PEERS CERTIFICATE FILE’

-- Grant CONNECT permissions to the associated endpoint

Grant Connect on EndPoint::DB_ENDPOINT to Demo_Login