Action Required: Update Microsoft SQL Server Security Settings Before February 2026

Dear Users,

We recently deployed security updates in Zoho Analytics that inadvertently caused connection failures for a few customers using Microsoft (MS) SQL Server hosted on older Windows versions (Windows Server 2012, 2012 R2, and 2014).

To restore connectivity, we have temporarily reverted these updates. However, these security changes are mandatory for long-term protection and compliance, and they will be permanently enforced by the end of February 2026.

If you are using MS SQL Server on the affected Windows versions, action is required to ensure uninterrupted connectivity once the security standards are re-applied.

Who Is Affected

This applies only to customers who:

• Use MS SQL Server as a data source in Zoho Analytics, and
• Host MS SQL Server on:
• Windows Server 2012
• Windows Server 2012 R2
• Windows Server 2014

If you are not using these operating systems, no action is required.

Note: This update applies only to SQL Server Cloud DB imports.
It does not affect local database imports configured using Zoho Databridge.

Issue Description

When modern security standards are enforced, applications connecting to MS SQL Server hosted on older Operating Systems (Windows Server 2012 / 2012 R2 / 2014) will fail with the following error:

"encrypt" property is set to "false" and "trustServerCertificate" property is set to "true" but the driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption: Error: SQL Server did not return a response.

Root Cause

1. Upcoming Security Standard:
   Modern security protocols require Forward Secrecy. Legacy TLS_RSA cipher suites are being deprecated industry-wide.
2. OS Limitation:
   Older Windows Servers rely on these deprecated ciphers by default. They do not offer modern Elliptic Curve (ECDHE) ciphers unless explicitly configured.
3. The Impact:
   Without the configuration below, your database will reject secure connections once we re-enable the security update.

Required Configuration: Enabling Modern Cipher Suites

To prepare your server, you must add the following modern cipher suites to the TOP of your Windows Server's configuration.

Implementation Methods

You can use one of the following methods.

Option A: GUI Method (Recommended)

Step 1: Download the Tool

Download IIS Crypto (GUI) from Nartac Software.

Note: This is a portable utility and does not require installation.

Step 2: Launch the Tool

• Copy IISCrypto.exe to the database server.
• Right-click the executable and select Run as Administrator.

Step 3: Configure TLS Protocols

• Open the Schannel tab.
• Ensure TLS 1.2 is enabled (checked).
• Verify that deprecated protocols (SSL, TLS 1.0, TLS 1.1) remain disabled in accordance with security policy.
  
  
  

Step 4: Prioritize Cipher Suites

• Navigate to the Cipher Suites list in the left-hand panel.
• Identify the following ECDHE cipher suites:
• TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
• TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
• TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384
• TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256
• TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384
• TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256
• Use the Up Arrow control to move these ECDHE cipher suites to the top of the list to ensure they are prioritized during TLS negotiation.
• Ensure that older TLS_RSA_* cipher suites remain enabled only for backward compatibility and are positioned below the ECDHE cipher suites with the lowest priority.

Step 5: Apply Configuration

• Click Apply to save the changes.

Step 6: Reboot

• Restart the Windows Server to ensure the changes take effect.
  

Option B: Group Policy Method (Native Windows)

Step 1: Open Group Policy Editor

• Press Win + R, type gpedit.msc, and press Enter.

Step 2: Navigate to SSL Configuration Settings

Go to: Computer Configuration→ Administrative Templates→ Network→ SSL Configuration Settings

Step 3: Edit Cipher Suite Order

• Double-click SSL Cipher Suite Order.
• Select Enabled.

Step 4: Prepend Secure Cipher Suites (Critical Step)

• Locate the SSL Cipher Suites text box.
• Do not delete the existing cipher list, as this may impact legacy application compatibility.
• Place the cursor at the very beginning (far left) of the text box.
• Paste the following cipher list before the existing entries:
  
  

  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256,
• Ensure there is a comma separating the newly added cipher block from the existing cipher list.

Step 5: Apply Configuration

Click OK to save the policy changes.

Step 6: Reboot

Restart the Windows Server for the Group Policy changes to take effect.

Verification: How to Install & Run Nmap

To confirm the server is ready for the future update, use the network scanning tool Nmap.

Step 1: Install Nmap

For Windows Users:

1. Download the Latest Stable Installer (.exe) from the Official Nmap Download Page.
2. Run the installer.
3. Critical Step: During installation, check the box for Install Npcap. This driver is required for the scan to work.
4. Finish the installation.

For Linux Users:

• Ubuntu/Debian: Run "sudo apt-get install nmap -y"
• RHEL/CentOS: Run "sudo yum install nmap -y"

Step 2: Run the Scan

Open your Command Prompt (Windows) or Terminal (Linux) and run:

nmap --script ssl-enum-ciphers -p 1433 <YOUR_DB_IP_ADDRESS>

(Replace 1433 with your specific SQL port if different).

Step 3: Interpret Results

• Look for the TLSv1.2 section in the output. Ensure TLS_ECDHE_... cipher suites appear at the top of the cipher list with Grade A.
• TLS_RSA_... cipher suites must not be removed, but should be kept only as fallback and configured with the lowest priority to avoid regression after re-applying the update.

Example of Successful Output:

What Happens If You Skip This Configuration?

If modern ciphers are not enabled before the security update is permanently enforced:

• Scheduled syncs will fail.
• You won't be able to add or manage existing connections/sources/tables.

Enforcement Timeline

These security standards will be permanently enforced by the end of February 2026.

Servers that do not meet the required cipher configuration will experience connection failures once enforcement begins.

Need Assistance?

If you need help with the configuration, contact us at support@zohoanalytics.com.

To help us resolve your issue faster, include the following details in your email:

• Windows Server version
• SQL Server version
• SQL port number
• Nmap scan output (if available)
• Screenshot of your cipher configuration (if applicable)

Providing this information upfront will help us diagnose and assist you more efficiently.

• Topic Participants

• Pradeepkumar R

  

• Sticky Posts

• What's New in Zoho Analytics - January 2026

  Hello Users! We are starting the year with a strong lineup of updates, marking the beginning of many improvements planned to enhance your analytics experience. Explore the latest improvements built to boost performance, simplify analysis, and help you

• What's New in Zoho Analytics - November 2025

  We're thrilled to announce a significant update focused on expanding your data connectivity, enhancing visualization capabilities, and delivering a more powerful, intuitive, and performant analytics experience. Here’s a look at what’s new. Explore What's

• What's New in Zoho Analytics - October 2025

  Hello Users! We're are back with a fresh set of updates and enhancements to make data analysis faster and more insightful. Take a quick look at what’s new and see how these updates can power up your reports and dashboards. Explore What's New! Extreme

• What’s New in Zoho Analytics – September 2025

  Hello Users!! In this month’s update, we’re raising the bar across multiple touchpoints, from how you bring in data, plan and track projects to how you design and brand your dashboards. We’ve added the all-new Gantt chart for project visualization, expanded

• Announcing Agentic AI - Ask Zia!

  We are delighted to roll out the new agentic AI capabilities in Ask Zia, where every stage of the BI workflow is assisted by AI. With a human-in-the-loop approach, Ask Zia ensures that you’re in command of the decision, while AI handles the complexity.

• Recent Topics

• Invoices not arriving and mail server settings

  I am having an issue where some clients are not receiving invoices. I have configured Zoho Books to send on my behalf and configured the appropriate SPF, DKIM and DMARC settings on my mail server and tested these as working. I get the CC'd copies so I

• UPLOAD A CREATED PDF AUTOMATICALLY

  Using the html header pdf+print button, I have managed to find a way to have a user create a pdf using entered form data. Using the schedule button, I can have a "file uploaded" pdf mailed to someone as an attachment. The missing piece is to be able to add the pdf, created in that html page to a file upload field automatically? Right now one has to save it to computer and then upload it in a FILE UPLOAD FIELD. Any help would appreciated !  

• Consolidated Department-wise Payroll Cost Summary Report

  Hello Zoho Payroll Team and Community, I am writing to discuss a reporting requirement regarding department-level expense tracking within Zoho Payroll. As we scale and manage salary distribution for employees across multiple departments, such as Accounts,

• How to remove chat icon from knowledge base?

  I have set up a knowledge base to hold FAQs and documentation. It is currently standalone, and not integrated into our website. On every page there is a chat button in the bottom left corner that says "We're offline, please leave a message." How can I

• [ZohoDesk] Improve Status View with a new editeble kanban view

  A kanban view with more information about the ticket and the contact who created the ticket would be valueble. I would like to edit the fields with the ones i like to see at one glance. Like in CRM where you can edit the canvas view, i would like to edit

• Automated Dismissal of Specific Notifications and Centralized Control of Toast Notification Settings

  Dear Zoho Team, I hope this message finds you well. We would like to request two enhancements related to notification handling within Zoho Desk: Automatic Dismissal of Specific Notifications: Currently, when certain actions are taken in the ticket list

• Show field in spreadsheet view depending on other field value

  Hello. Not sure if this is possible but let's say i have spreadsheet view in Creator with four different fields Field A, B, C and D Then i have a field named Response which for one record could contain only one of the pre-definde choices below A, B, C

• Intergrating multi location Square account with Zoho Books

  Hi, I have one Square account but has multiple locations. I would like to integrate that account and show aggregated sales in zoho books. How can I do that? thanks.

• Zoho Learn Zapier Integration

  Hello all, Is there any plan to integrate Zoho Learn with Zapier? It seems almost all Zoho products are in Zapier, with the exception of Learn and Marketing Automation.

• Notice: SalesIQ integration paused on Zoho Sites

  I have this notice on my Zoho Sites in the SalesIQ integration setup. Can someone assist? "This integration has been temporarily paused for users. Reconnecting SalesIQ after disconnection will not be possible until we provide further updates." thank

• Differences between Zoho Books and Zoho Billing

  Without a long drawn out process to compare these. If you were looking at these Books and Billing, what made you opt for one and not the other. Thanks

• New Feature : Copying tickets with all the contents such as conversations/history/attachments etc

  Sometimes our customers and distributors do create tickets (or send emails) which contain more than one incident in them and then also some of the further conversations which are either created by incorrect new tickets or replies to old tickets are being created as combined tickets. In such cases we require to "COPY" the contents of the tickets into separate tickets and merge them into their corresponding original tickets. The "CLONE" feature doesn't copy the contents (especially the conversations

• Como se agregan los empleados

  Necesito saber si para agregar empleados los mismos necesitan tener licencias

• Deluge Error Code 1002 - "Resource does not exist."

  I am using the following script in a Custom Button on a Sales Return. Basically, the function takes the information in the sales return (plus the arguments that are entered by the user when the button is pushed) and creates a return shipping label via

• Adding multiple Attendee email addresses when adding a Zoho Calendar event in Zoho Flow

  I am trying to integrate Notion and Zoho Calendar via Zoho Flow. However, the Attendee email address supported by Zoho Calendar - Create event only supports one email address, so I am having difficulty implementing automation to automatically register

• Graceful Handling of Exceeded Option Limits

  Hi Zoho SalesIQ team. I would like to submit a feature request to deal with a bug in salesIQ Current Behavior (Bug): When a dynamic list passed to the Single Select Option Card contains more than 20 options, the Zobot stops responding (freezes/hangs)

• System default SLA descriptions can't be modified

  The system default SLAs have identical descriptions for all SLA levels, but their settings differ. However, I am facing an issue where I cannot modify these descriptions and save the changes. The content of the description box can be edited but the changes

• Adding non-Indian billing address for my Zoho subscription

  Hey Need help with adding a non-Indian billing address for my Zoho subscription, trying to edit the address to my Singapore registered company. Won't let me change the country. Would appreciate the help. Regards, Rishabh

• How to create one ZohoCRM organisation out of a multi-organization?

  Hi, we have a multi-org including two different Zoho CRM organizations for two companies using respectively EUR and USD as default currency. I was wondering if there is any easy way to merge the two organizations into just one, so that users may access

• Gray screen while signing documents

  We are all getting a "gray" screen when trying to sign documents in Zoho sign. Anyone else having issues?

• Projects custom colors replaced by default orange

  Since yesterday, projects uploaded to Zoho, to which I had assigned a custom color, have lost the customization and reverted to the default color (orange). Has anyone else had the same problem? If so, how did you resolve it?

• Interview booked through Invite but no Notifications

  We have a workflow that was developed through a developer/partner that was tested and worked. Today, we pushed a candidate through the process and invited them to an in-office interview. They were sent the booking link (as usual and as tested before successfully)

• WebDAV support

  I need WebDAV support so that I can upload/download (and modify) documents from my local file system. Is anything planned in his direction?

• Automatiser la gestion des SLA dans Zoho Desk avec Zoho Contracts

  Les équipes du service client s’efforcent d’assurer un support rapide, régulier et fiable pour garantir la satisfaction de chaque client. Les accords de niveau de service (SLA) permettent de clarifier les engagements en définissant les termes et conditions

• iOS App doesn't refresh for Document Creation

  Hello Zoho team, I have created a workflow to be used on a mobile iOS device which starts in Zoho Creater and ends with a murge and store function that then opens the newly created document within the Zoho Writer app. This process is working great however

• Uploading a signed template from Sign to Creator

  Good day, Please help me on how to load a signed document back into Creator after the process has been completed in Sign. Below is the code that I am trying, pdfFile = response.toFile("SignedDocument_4901354000000372029.pdf"); info pdfFile; // Attach

• Zoho DataPrep and File Pattern configuration

  I'm using Zoho data prep to ingest data from One Drive into Zoho Analytics... The pipeline is super simple but I can't any way to get all the files that I need. Basically I need to bring all the files with a certain pattern and for that I'm using a regex

• Assistance needed: Activation of a domain

  Hello Zoho Support, I purchased the .com domain "primesolva.com" via Zoho 6 days ago. The domain is still pending, and I cannot access the DNS panel to add the TXT verification for domain ownership. Please confirm the registration status and help me activate

• Operation not permitted

  I am trying to add an email address to the list of user but I am getting error Operation not permitted

• Request to Permanently Delete Email User (info@mehbobgulf.com ) from Old Organization

  Please permanently delete the user email info@mehbobgulf.com It is still associated with my old Zoho organization. I cannot delete it because it shows ‘You cannot delete email. Zoho host’. I need to use this email in a new Zoho account.”

• Client host [89.36.170.5] blocked using Spamhaus

  Hello please make make actions for delist ..... "Client host [89.36.170.5] blocked using Spamhaus"

• Suggestion: Option to Re-run a migration

  As I'm going through a migration process, I like the IMAP migration tool, but it would be better if there were an option to re-run the same migration as configured. There's not even an option to copy/edit one that's already there. Just run if it hasn't

• Issue with "Add Your Mobile Number"

  Hello, I am trying to sign up for email service for a domain name, and I cannot finish the authentication. When I enter my mobile number, I receive the message "We’re unable to send OTP to this mobile number. Please contact support-as@zohocorp.com". I

• zoho mail non vérifié

  Bonjour, Il y'a un jour que j'ai acheté un domaine et toute les tentatives pour l'associé a mon compte shopify son vaine. j'ai essayé TXT sans suite après, j'ai essayer avec CNAME sans suite. j'aurais besoin de votre assistance pour associé mon mail.

• Unable to send message;Reason:553 Relaying disallowed. Invalid Domain

  i have facing the issue "Unable to send message;Reason:553 Relaying disallowed. Invalid Domain" if i verify domain evertthing i did but still face the same error.

• ZohoMail is so close to being Perfect BUT

  Why don’t you have HILIGHTING???!! I've been trying to find a substitute for Edison Mail but I want & need hilighting (preferably in more than just yellow)! Is this even on your To Do list? I’m so disappointed. 🙄

• Override Auto Number field?

  We are preparing to migrate from Salesforce. In Salesforce, we auto-generate a unique number on our Opportunities (Potentials). If the Opportunity results in a contract, we use that unique number as the Contract number. There are some situations where

• Using a third party service provider want to move directly with Zoho

  Hi good day I’m currently using Zoho but I’m using a third party service provider I want to move directly with you guys I’m using Zoho email and invoices and my domain please let me know if it’s possible to move away from the third party provider my email

• Request for Assistance Regarding Email Sending Issue (554 5.1.8 - Email Outgoing Blocked)

  Dear Zoho Support Team, I hope this message finds you well. I am writing to request assistance with an issue we are currently facing regarding our Zoho Mail account. Our email account, admin@tuyensinhcanuoc.com, is encountering the following error when

• Zoho Mail API returns empty inbox (0 messages) but webmail shows 37 unread emails

  Hello, I'm experiencing a discrepancy between Zoho Webmail and the Mail API (EU region). **Setup:** - Account: EU datacenter (mail.zoho.eu) - API: Self Client OAuth2 via api-console.zoho.eu - Scopes: ZohoMail.messages.READ, ZohoMail.messages.UPDATE, ZohoMail.folders.READ,

• Next Page