Blog about software development


Installing PDO_SQLSRV on Debian 10

18 Feb 2021 - by 'Maurits van der Schee'

Installing the PHP SQL Server driver (PDO_SQLSRV) on a Debian 10 Linux system requires several steps, starting with the installation of the Microsoft ODBC Driver. Note that Debian requires TLS 1.2 and if your SQL Server does not support that you will run into "Error code 0x2746". This post will explain how to resolve that issue.

First we make sure to install the Microsoft ODBC Driver for SQL Server on Linux.

sudo apt -y install curl
curl -s https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add -
sudo bash -c "curl -s https://packages.microsoft.com/config/debian/10/prod.list > /etc/apt/sources.list.d/mssql-release.list"
sudo apt -y update
sudo ACCEPT_EULA=Y apt -y install msodbcsql17 mssql-tools
sudo apt -y install unixodbc-dev

After this installation you need to compile and install the drivers:

sudo apt -y install gcc g++ make autoconf libc-dev pkg-config
sudo apt -y install php-pear php-dev
sudo pecl install sqlsrv
sudo pecl install pdo_sqlsrv

To enable the drivers we need to register the drivers as available mods and enable them:

echo "extension=sqlsrv.so" | sudo tee /etc/php/7.3/mods-available/sqlsrv.ini
echo "extension=pdo_sqlsrv.so" | sudo tee /etc/php/7.3/mods-available/pdo_sqlsrv.ini
sudo phpenmod sqlsrv pdo_sqlsrv

If you then run into the following error message:

SQLSTATE[08001]: [Microsoft][ODBC Driver 17 for SQL Server]TCP Provider: Error code 0x2746

This means you need to upgrade (or patch) your SQL Server installation to support TLS 1.2. Some people suggest downgrading the OpenSSL package (from 1.1.1 to 1.0.x), but I recommend against that. If you really cannot upgrade, then you may have to change the CipherString of OpenSSL to allow for (older) SQL Server compatibility (Note that this is a system-wide default):

sudo sed -i 's/DEFAULT@SECLEVEL=2/DEFAULT@SECLEVEL=1/' /etc/ssl/openssl.cnf

Alternatively, you can manually look for 'CipherString' in the file '/etc/ssl/openssl.cnf' and adjust it's value:

#lower seclevel for (old) sqlserver
#CipherString = DEFAULT@SECLEVEL=2

This should get you started. If you want more information, check out the links below.


PS: Liked this article? Please share it on Facebook, Twitter or LinkedIn.