From 9f9b33b34eebaf2d8ff569568559af61eb66f92e Mon Sep 17 00:00:00 2001
From: Zafer Balkan <zafer@zaferbalkan.com>
Date: Fri, 4 Aug 2023 12:37:40 +0300
Subject: [PATCH] Fixed MSOLEDBSQL encryption related errors

Adding `-Encrypt Optional` allows fallback to insecure channel, the default on WID
---
 Optimize-WsusServer.ps1 | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/Optimize-WsusServer.ps1 b/Optimize-WsusServer.ps1
index 6472ca0..dab4f2a 100644
--- a/Optimize-WsusServer.ps1
+++ b/Optimize-WsusServer.ps1
@@ -435,13 +435,19 @@ function Optimize-WsusDatabase {
     # Setting query timeout value because both of these scripts are prone to timeout
     # https://devblogs.microsoft.com/scripting/10-tips-for-the-sql-server-powershell-scripter/
 
+    # Microsoft made some changes in MSOLEDBSQL, enabling encrypted channel by default. Great for security!
+    # But WID is not affected and it is unencrypted by default. After the changes, if you run this function 
+    # without `-Encrypt Optional`, you will get an error like this:
+    # Invoke-Sqlcmd: The instance of SQL Server you attempted to connect to does not support encryption
+    # We went back to insecure channel because WID does not have that feature by default.
+
     Write-Host "Creating custom indexes in WSUS index if they don't already exist. This will speed up future database optimizations."
     #Create custom indexes in the database if they don't already exist
-    Invoke-Sqlcmd -query $createCustomIndexesSQLQuery -ServerInstance $serverInstance -QueryTimeout 120
+    Invoke-Sqlcmd -query $createCustomIndexesSQLQuery -ServerInstance $serverInstance -QueryTimeout 120 -Encrypt Optional
 
     Write-Host "Running WSUS SQL database maintenence script. This can take an extremely long time on the first run."
     #Run the WSUS SQL database maintenance script
-    Invoke-Sqlcmd -query $wsusDBMaintenanceSQLQuery -ServerInstance $serverInstance -QueryTimeout 40000
+    Invoke-Sqlcmd -query $wsusDBMaintenanceSQLQuery -ServerInstance $serverInstance -QueryTimeout 40000 -Encrypt Optional
 }
 
 function New-WsusMaintainenceTask($interval) {