When I migrated a set of linked servers from SQL Server 2022 to SQL Server 2025, a few of them started failing immediately during connection initialization. The root cause surprised me at first: SQL Server 2025 tightens the encryption defaults for linked servers, so a linked server that worked fine on 2022 can fail on 2025 unless you explicitly define the encryption behavior in the provider string.
What changed in SQL Server 2025
- SQL Server 2025 introduces an encryption-related breaking change that can cause linked server connections to fail after an upgrade.
- If the connection ends up requiring encryption with certificate validation, and the target server certificate isn’t trusted (or you connect by IP that doesn’t match the certificate name), the linked server can fail.
- The quickest “get it working” mitigation I’ve used is to add
@provstr = N'Encrypt=Yes;TrustServerCertificate=yes'when creating the linked server. - Best practice is still to use a proper CA-signed certificate and keep certificate validation enabled, but in real migrations you sometimes need the fast, pragmatic fix first.
SQL Server 2022 (working without explicit encryption settings)
USE [master]
GO
EXEC master.dbo.sp_addlinkedserver
@server = N'MyLinkedServer1',
@srvproduct = N'',
@provider = N'SQLNCLI',
@datasrc = N'123.123.123.123,1433'
GO
SQL Server 2025 script (explicit encryption in @provstr is required)
On SQL Server 2025, adding an explicit provider string makes the intent clear and prevents the upgrade from breaking existing linked servers. I also recommend switching away from the legacy SQLNCLI provider to MSOLEDBSQL if you still have old scripts around.
USE [master]
GO
EXEC master.dbo.sp_addlinkedserver
@server = N'MyLinkedServer1',
@srvproduct = N'',
@provider = N'MSOLEDBSQL',
@datasrc = N'123.123.123.123,1433',
@provstr = N'Encrypt=Yes;TrustServerCertificate=yes'
GO