When attempting a Network Discover database scan of a SQL Azure instance with TLS 1.2 enforce, the following error is returned in the FileReader logs, and is also displayed in the Scan Status page in the Enforce Console:

 "Unable to create connection: jdbc:jtds:sqlserver://<fqdn>:1433/<InstanceName>, Reason: Reason: Login failed due to client TLS version being less than minimal TLS version allowed by the server"

DLP 15.x

This is caused by the default jTDS driver version 1.2.2 not supporting TLS 1.2.

1. Download a Microsoft JDBC driver that supports JRE 8 and TLS 1.2 Microsoft JDBC
2. Copy the jdbc jar file to the jdbc directory on the discover server:
   

   [Windows] C:\Program Files\Symantec\DataLossPrevention\DetectionServer\<version>\Protect\lib\jdbc
   [Linux] /opt/Symantec/DataLossPrevention/DetectionServer/<version>/Protect/lib/jdbc

3. Edit the sqldatabasecrawler.properties file:
   

   [Windows] C:\Program Files\Symantec\DataLossPrevention\DetectionServer\<version>\Protect\config\sqldatabasecrawler.properties
   [Linux] /opt/Symantec/DataLossPrevention/DetectionServer/<version>/Protect/config/sqldatabasecrawler.properties

4. Update the following parameters:
   
   # Microsoft SQL Server
   driver_class.sqlserver = com.microsoft.sqlserver.jdbc.SQLServerDriver 
   driver_subprotocol.sqlserver = jdbc:sqlserver
   driver_table_query.sqlserver = SELECT  table_schema + '.' + table_name FROM INFORMATION_SCHEMA.TABLES
   driver_row_selector.sqlserver = SELECT TOP {2} {1}  FROM {0}
   driver_jar.sqlserver = mssql-jdbc-8.4.1.jre8.jar
   quote_table_names.sqlserver = true
5. From the Enforce Console navigate to Manage -> Discover Scanning -> Discover Targets -> New Target -> SQL Database.
   1. On the Scanned Content tab, provide credentials and configure the content root using the following syntax:
      
      sqlserver://<fqdn>\<instancename>:<port>