Skip to content

Configure SQL Server on Linux with mssql-conf

    mssql-conf is a configuration script that installs with SQL Server 2019 (15.x) for Red Hat Enterprise Linux, SUSE Linux Enterprise Server, and Ubuntu. You can use this utility to set the following parameters:

    ParameterDescription
    AgentEnable SQL Server Agent
    CollationSet a new collation for SQL Server on Linux.
    Customer feedbackChoose whether or not SQL Server sends feedback to Microsoft.
    Database Mail ProfileSet the default database mail profile for SQL Server on Linux.
    Default data directoryChange the default directory for new SQL Server database data files (.mdf).
    Default log directoryChanges the default directory for new SQL Server database log (.ldf) files.
    Default master database file directoryChanges the default directory for the master database files on existing SQL installation.
    Default master database file nameChanges the name of master database files.
    Default dump directoryChange the default directory for new memory dumps and other troubleshooting files.
    Default error log directoryChanges the default directory for new SQL Server ErrorLog, Default Profiler Trace, System Health Session XE, and Hekaton Session XE files.
    Default backup directoryChange the default directory for new backup files.
    Dump typeChoose the type of dump memory dump file to collect.
    High availabilityEnable Availability Groups.
    Local Audit directorySet a directory to add Local Audit files.
    LocaleSet the locale for SQL Server to use.
    Memory limitSet the memory limit for SQL Server.
    Microsoft Distributed Transaction CoordinatorConfigure and troubleshoot MSDTC on Linux.
    MLServices EULAsAccept R and Python EULAs for mlservices packages. Applies to SQL Server 2019 only.
    Network settingsAdditional network settings for SQL Server.
    outboundnetworkaccessEnable outbound network access for mlservices R, Python, and Java extensions.
    TCP portChange the port where SQL Server listens for connections.
    TLSConfigure Transport Level Security.
    TraceflagsSet the traceflags that the service is going to use.

    Usage tips

    • For Always On Availability Groups and shared disk clusters, always make the same configuration changes on each node.
    • For the shared disk cluster scenario, do not attempt to restart the mssql-server service to apply changes. SQL Server is running as an application. Instead, take the resource offline and then back online.
    • These examples run mssql-conf by specifying the full path: /opt/mssql/bin/mssql-conf. If you choose to navigate to that path instead, run mssql-conf in the context of the current directory: ./mssql-conf.

    Enable SQL Server Agent

    The sqlagent.enabled setting enables SQL Server Agent. By default, SQL Server Agent is disabled. If sqlagent.enabled is not present in the mssql.conf settings file, then SQL Server internally assumes that SQL Server Agent is disabled.

    To change this setting, use the following steps:

    1. Enable the SQL Server Agent:

    Bash

    sudo /opt/mssql/bin/mssql-conf set sqlagent.enabled true

    • Restart the SQL Server service:

    Bash

    sudo systemctl restart mssql-server

    Set the default database mail profile for SQL Server on Linux

    The sqlpagent.databasemailprofile allows you to set the default DB Mail profile for email alerts.

    Bash

    sudo /opt/mssql/bin/mssql-conf set sqlagent.databasemailprofile <profile_name>

    SQL Agent error logs

    The sqlpagent.errorlogfile and sqlpagent.errorlogginglevel settings allows you to set the SQL Agent log file path and logging level respectively.

    Bash

    sudo /opt/mssql/bin/mssql-conf set sqlagent.errorfile <path>

    SQL Agent logging levels are bitmask values that equal:

    • 1 = Errors
    • 2 = Warnings
    • 4 = Info

    If you want to capture all levels, use 7 as the value.

    Bash

    sudo /opt/mssql/bin/mssql-conf set sqlagent.errorlogginglevel <level>

    Change the SQL Server collation

    The set-collation option changes the collation value to any of the supported collations.

    1. First backup any user databases on your server.
    2. Then use the sp_detach_db stored procedure to detach the user databases.
    3. Run the set-collation option and follow the prompts:

    Bash

    sudo /opt/mssql/bin/mssql-conf set-collation

    • The mssql-conf utility will attempt to change to the specified collation value and restart the service. If there are any errors, it rolls back the collation to the previous value.
    • Restore your user database backups.

    For a list of supported collations, run the sys.fn_helpcollations function: SELECT Name from sys.fn_helpcollations().

    Configure customer feedback

    The telemetry.customerfeedback setting changes whether SQL Server sends feedback to Microsoft or not. By default, this value is set to true for all editions. To change the value, run the following commands:

     Important

    You can not turn off customer feedback for free editions of SQL Server, Express and Developer.

    1. Run the mssql-conf script as root with the set command for telemetry.customerfeedback. The following example turns off customer feedback by specifying false.

    Bash

    sudo /opt/mssql/bin/mssql-conf set telemetry.customerfeedback false

    • Restart the SQL Server service:

    Bash

    sudo systemctl restart mssql-server

    Change the default data or log directory location

    The filelocation.defaultdatadir and filelocation.defaultlogdir settings change the location where the new database and log files are created. By default, this location is /var/opt/mssql/data. To change these settings, use the following steps:

    1. Create the target directory for new database data and log files. The following example creates a new /tmp/data directory:

    Bash

    sudo mkdir /tmp/data

    • Change the owner and group of the directory to the mssql user:

    Bash

    sudo chown mssql /tmp/data

    sudo chgrp mssql /tmp/data

    • Use mssql-conf to change the default data directory with the set command:

    Bash

    sudo /opt/mssql/bin/mssql-conf set filelocation.defaultdatadir /tmp/data

    • Restart the SQL Server service:

    Bash

    sudo systemctl restart mssql-server

    • Now all the database files for the new databases created will be stored in this new location. If you would like to change the location of the log (.ldf) files of the new databases, you can use the following “set” command:

    Bash

    sudo /opt/mssql/bin/mssql-conf set filelocation.defaultlogdir /tmp/log

    • This command also assumes that a /tmp/log directory exists, and that it is under the user and group mssql.

    Change the default master database file directory location

    The filelocation.masterdatafile and filelocation.masterlogfile setting changes the location where the SQL Server engine looks for the master database files. By default, this location is /var/opt/mssql/data.

    To change these settings, use the following steps:

    1. Create the target directory for new error log files. The following example creates a new /tmp/masterdatabasedir directory:

    Bash

    sudo mkdir /tmp/masterdatabasedir

    • Change the owner and group of the directory to the mssql user:

    Bash

    sudo chown mssql /tmp/masterdatabasedir

    sudo chgrp mssql /tmp/masterdatabasedir

    • Use mssql-conf to change the default master database directory for the master data and log files with the set command:

    Bash

    sudo /opt/mssql/bin/mssql-conf set filelocation.masterdatafile /tmp/masterdatabasedir/master.mdf

    sudo /opt/mssql/bin/mssql-conf set filelocation.masterlogfile /tmp/masterdatabasedir/mastlog.ldf

    • Stop the SQL Server service:

    Bash

    sudo systemctl stop mssql-server

    • Move the master.mdf and masterlog.ldf:

    Bash

    sudo mv /var/opt/mssql/data/master.mdf /tmp/masterdatabasedir/master.mdf

    sudo mv /var/opt/mssql/data/mastlog.ldf /tmp/masterdatabasedir/mastlog.ldf

    • Start the SQL Server service:

    Bash

    sudo systemctl start mssql-server

    Change the name of master database files

    The filelocation.masterdatafile and filelocation.masterlogfile setting changes the location where the SQL Server engine looks for the master database files. You can also use this to change the name of the master database and log files.

    To change these settings, use the following steps:

    1. Stop the SQL Server service:

    Bash

    sudo systemctl stop mssql-server

    • Use mssql-conf to change the expected master database names for the master data and log files with the set command:

    Bash

    sudo /opt/mssql/bin/mssql-conf set filelocation.masterdatafile /var/opt/mssql/data/masternew.mdf

    sudo /opt/mssql/bin/mssql-conf set filelocation.mastlogfile /var/opt/mssql/data/mastlognew.ldf

    • Change the name of the master database data and log files

    Bash

    sudo mv /var/opt/mssql/data/master.mdf /var/opt/mssql/data/masternew.mdf

    sudo mv /var/opt/mssql/data/mastlog.ldf /var/opt/mssql/data/mastlognew.ldf

    • Start the SQL Server service:

    Bash

    sudo systemctl start mssql-server

    Change the default dump directory location

    The filelocation.defaultdumpdir setting changes the default location where the memory and SQL dumps are generated whenever there is a crash. By default, these files are generated in /var/opt/mssql/log.

    To set up this new location, use the following commands:

    1. Create the target directory for new dump files. The following example creates a new /tmp/dump directory:

    Bash

    sudo mkdir /tmp/dump

    • Change the owner and group of the directory to the mssql user:

    Bash

    sudo chown mssql /tmp/dump

    sudo chgrp mssql /tmp/dump

    • Use mssql-conf to change the default data directory with the set command:

    Bash

    sudo /opt/mssql/bin/mssql-conf set filelocation.defaultdumpdir /tmp/dump

    • Restart the SQL Server service:

    Bash

    sudo systemctl restart mssql-server

    Change the default error log file directory location

    The filelocation.errorlogfile setting changes the location where the new error log, default profiler trace, system health session XE and Hekaton session XE files are created. By default, this location is /var/opt/mssql/log. The directory in which SQL errorlog file is set becomes the default log directory for other logs.

    To change these settings:

    1. Create the target directory for new error log files. The following example creates a new /tmp/logs directory:

    Bash

    sudo mkdir /tmp/logs

    • Change the owner and group of the directory to the mssql user:

    Bash

    sudo chown mssql /tmp/logs

    sudo chgrp mssql /tmp/logs

    • Use mssql-conf to change the default errorlog filename with the set command:

    Bash

    sudo /opt/mssql/bin/mssql-conf set filelocation.errorlogfile /tmp/logs/errorlog

    • Restart the SQL Server service:

    Bash

    sudo systemctl restart mssql-server

    The errorlog.numerrorlogs setting will allow you to specify the number of error logs maintained before cycling the log.

    Change the default backup directory location

    The filelocation.defaultbackupdir setting changes the default location where the backup files are generated. By default, these files are generated in /var/opt/mssql/data.

    To set up this new location, use the following commands:

    1. Create the target directory for new backup files. The following example creates a new /tmp/backup directory:

    Bash

    sudo mkdir /tmp/backup

    • Change the owner and group of the directory to the mssql user:

    Bash

    sudo chown mssql /tmp/backup

    sudo chgrp mssql /tmp/backup

    • Use mssql-conf to change the default backup directory with the “set” command:

    Bash

    sudo /opt/mssql/bin/mssql-conf set filelocation.defaultbackupdir /tmp/backup

    • Restart the SQL Server service:

    Bash

    sudo systemctl restart mssql-server

    Specify core dump settings

    If an exception occurs in one of the SQL Server processes, SQL Server creates a memory dump.

    There are two options for controlling the type of memory dumps that SQL Server collects: coredump.coredumptype and coredump.captureminiandfull. These relate to the two phases of core dump capture.

    The first phase capture is controlled by the coredump.coredumptype setting, which determines the type of dump file generated during an exception. The second phase is enabled when the coredump.captureminiandfull setting. If coredump.captureminiandfull is set to true, the dump file specified by coredump.coredumptype is generated and a second mini dump is also generated. Setting coredump.captureminiandfull to false disables the second capture attempt.

    1. Decide whether to capture both mini and full dumps with the coredump.captureminiandfull setting.

    Bash

    sudo /opt/mssql/bin/mssql-conf set coredump.captureminiandfull <true or false>

    Default: false

    • Specify the type of dump file with the coredump.coredumptype setting.

    Bash

    sudo /opt/mssql/bin/mssql-conf set coredump.coredumptype <dump_type>

    Default: miniplus

    The following table lists the possible coredump.coredumptype values.

    TypeDescription
    miniMini is the smallest dump file type. It uses the Linux system information to determine threads and modules in the process. The dump contains only the host environment thread stacks and modules. It does not contain indirect memory references or globals.
    miniplusMiniPlus is similar to mini, but it includes additional memory. It understands the internals of SQLPAL and the host environment, adding the following memory regions to the dump:
    – Various globals
    – All memory above 64TB
    – All named regions found in /proc/$pid/maps
    – Indirect memory from threads and stacks
    – Thread information
    – Associated Teb’s and Peb’s
    – Module Information
    – VMM and VAD tree
    filteredFiltered uses a subtraction-based design where all memory in the process is included unless specifically excluded. The design understands the internals of SQLPAL and the host environment, excluding certain regions from the dump.
    fullFull is a complete process dump that includes all regions located in /proc/$pid/maps. This is not controlled by coredump.captureminiandfull setting.

    High Availability

    The hadr.hadrenabled option enables availability groups on your SQL Server instance. The following command enables availability groups by setting hadr.hadrenabled to 1. You must restart SQL Server for the setting to take effect.

    Bash

    sudo /opt/mssql/bin/mssql-conf set hadr.hadrenabled  1

    sudo systemctl restart mssql-server

    Set local audit directory

    The telemetry.userrequestedlocalauditdirectory setting enables Local Audit and lets you set the directory where the Local Audit logs are created.

    1. Create a target directory for new Local Audit logs. The following example creates a new /tmp/audit directory:

    Bash

    sudo mkdir /tmp/audit

    • Change the owner and group of the directory to the mssql user:

    Bash

    sudo chown mssql /tmp/audit

    sudo chgrp mssql /tmp/audit

    • Run the mssql-conf script as root with the set command for telemetry.userrequestedlocalauditdirectory:

    Bash

    sudo /opt/mssql/bin/mssql-conf set telemetry.userrequestedlocalauditdirectory /tmp/audit

    • Restart the SQL Server service:

    Bash

    sudo systemctl restart mssql-server

    Change the SQL Server locale

    The language.lcid setting changes the SQL Server locale to any supported language identifier (LCID).

    1. The following example changes the locale to French (1036):

    Bash

    sudo /opt/mssql/bin/mssql-conf set language.lcid 1036

    • Restart the SQL Server service to apply the changes:

    Bash

    sudo systemctl restart mssql-server

    Set the memory limit

    The memory.memorylimitmb setting controls the amount physical memory (in MB) available to SQL Server. The default is 80% of the physical memory.

    1. Run the mssql-conf script as root with the set command for memory.memorylimitmb. The following example changes the memory available to SQL Server to 3.25 GB (3328 MB).

    Bash

    sudo /opt/mssql/bin/mssql-conf set memory.memorylimitmb 3328

    • Restart the SQL Server service to apply the changes:

    Bash

    sudo systemctl restart mssql-server

    Additional memory settings

    The following options are available to the memory settings.

    OptionDescription
    memory.disablememorypressureSQL Server disable memory pressure. Values can be true or false.
    memory.memory_optimizedEnable or disable SQL Server memory optimized features – persistent memory file enlightenment, memory protection. Values can be true or false.

    Configure MSDTC

    The network.rpcport and distributedtransaction.servertcpport settings are used to configure the Microsoft Distributed Transaction Coordinator (MSDTC). To change these settings, run the following commands:

    1. Run the mssql-conf script as root with the set command for “network.rpcport”:

    Bash

    sudo /opt/mssql/bin/mssql-conf set network.rpcport <rcp_port>

    • Then set the “distributedtransaction.servertcpport” setting:

    Bash

    sudo /opt/mssql/bin/mssql-conf set distributedtransaction.servertcpport <servertcpport_port>

    In addition to setting these values, you must also configure routing and update the firewall for port 135.

    There are several other settings for mssql-conf that you can use to monitor and troubleshoot MSDTC. The following table briefly describes these settings.

    CONFIGURE MSDTC
    mssql-conf settingDescription
    distributedtransaction.allowonlysecurerpccallsConfigure secure only RPC calls for distributed transactions
    distributedtransaction.fallbacktounsecurerpcifnecessaryConfigure security only RPC calls for distributed transactions
    distributedtransaction.maxlogsizeDTC transaction log file size in MB. Default is 64MB
    distributedtransaction.memorybuffersizeCircular buffer size in which traces are stored. This size is in MB and default is 10MB
    distributedtransaction.servertcpportMSDTC rpc server port
    distributedtransaction.trace_cmTraces in the connection manager
    distributedtransaction.trace_contactTraces the contact pool and contacts
    distributedtransaction.trace_gatewayTraces Gateway source
    distributedtransaction.trace_logLog tracing
    distributedtransaction.trace_miscTraces that cannot be categorized into the other categories
    distributedtransaction.trace_proxyTraces that are generated in the MSDTC proxy
    distributedtransaction.trace_svcTraces service and .exe file startup
    distributedtransaction.trace_traceThe trace infrastructure itself
    distributedtransaction.trace_utilTraces utility routines that are called from multiple locations
    distributedtransaction.trace_xaXA Transaction Manager (XATM) tracing source
    distributedtransaction.tracefilepathFolder in which trace files should be stored
    distributedtransaction.turnoffrpcsecurityEnable or disable RPC security for distributed transactions

    Accept MLServices EULAs

    Adding machine learning R or Python packages to the database engine requires that you accept the licensing terms for open-source distributions of R and Python. The following table enumerates all available commands or options related to mlservices EULAs. The same EULA parameter is used for R and Python, depending on what you installed.

    Bash

    # For all packages: database engine and mlservices

    # Setup prompts for mlservices EULAs, which you need to accept

    sudo /opt/mssql/bin/mssql-conf setup

    # Add R or Python to an existing installation

    sudo /opt/mssql/bin/mssql-conf setup accept-eula-ml

    # Alternative valid syntax

    # Adds the EULA section to the INI and sets acceptulam to yes

    sudo /opt/mssql/bin/mssql-conf set EULA accepteulaml Y

    # Rescind EULA acceptance and removes the setting

    sudo /opt/mssql/bin/mssql-conf unset EULA accepteulaml

    You can also add EULA acceptance directly to the mssql.conf file:

    ini

    [EULA]

    accepteula = Y

    accepteulaml = Y

    Enable outbound network access

    Outbound network access for R, Python, and Java extensions in the SQL Server Machine Learning Services feature is disabled by default. To enable outbound requests, set the “outboundnetworkaccess” Boolean property using mssql-conf.

    After setting the property, restart SQL Server Launchpad service to read the updated values from the INI file. A restart message reminds you whenever an extensibility-related setting is modified.

    Bash

    # Adds the extensibility section and property.

    # Sets “outboundnetworkaccess” to true.

    # This setting is required if you want to access data or operations off the server.

    sudo /opt/mssql/bin/mssql-conf set extensibility outboundnetworkaccess 1

    # Turns off network access but preserves the setting

    sudo /opt/mssql/bin/mssql-conf set extensibility outboundnetworkaccess 0

    # Removes the setting and rescinds network access

    sudo /opt/mssql/bin/mssql-conf unset extensibility.outboundnetworkaccess

    You can also add “outboundnetworkaccess” directly to the mssql.conf file:

    ini

    [extensibility]

    outboundnetworkaccess = 1

    Change the TCP port

    The network.tcpport setting changes the TCP port where SQL Server listens for connections. By default, this port is set to 1433. To change the port, run the following commands:

    1. Run the mssql-conf script as root with the “set” command for “network.tcpport”:

    Bash

    sudo /opt/mssql/bin/mssql-conf set network.tcpport <new_tcp_port>

    • Restart the SQL Server service:

    Bash

    sudo systemctl restart mssql-server

    • When connecting to SQL Server now, you must specify the custom port with a comma (,) after the hostname or IP address. For example, to connect with SQLCMD, you would use the following command:

    Bash

    sqlcmd -S localhost,<new_tcp_port> -U test -P test

    Specify TLS settings

    The following options configure TLS for an instance of SQL Server running on Linux.

    SPECIFY TLS SETTINGS
    OptionDescription
    network.forceencryptionIf 1, then SQL Server forces all connections to be encrypted. By default, this option is 0.
    network.tlscertThe absolute path to the certificate file that SQL Server uses for TLS. Example: /etc/ssl/certs/mssql.pem The certificate file must be accessible by the mssql account. Microsoft recommends restricting access to the file using chown mssql:mssql <file>; chmod 400 <file>.
    network.tlskeyThe absolute path to the private key file that SQL Server uses for TLS. Example: /etc/ssl/private/mssql.key The certificate file must be accessible by the mssql account. Microsoft recommends restricting access to the file using chown mssql:mssql <file>; chmod 400 <file>.
    network.tlsprotocolsA comma-separated list of which TLS protocols are allowed by SQL Server. SQL Server always attempts to negotiate the strongest allowed protocol. If a client does not support any allowed protocol, SQL Server rejects the connection attempt. For compatibility, all supported protocols are allowed by default (1.2, 1.1, 1.0). If your clients support TLS 1.2, Microsoft recommends allowing only TLS 1.2.
    network.tlsciphersSpecifies which ciphers are allowed by SQL Server for TLS. This string must be formatted per OpenSSL’s cipher list format. In general, you should not need to change this option.
    By default, the following ciphers are allowed:
    ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA
    network.kerberoskeytabfilePath to the Kerberos keytab file

    Network settings

    The following options are additional network settings configurable using mssql-conf.

    NETWORK SETTINGS
    OptionDescription
    network.disablesssdDisable querying SSSD for AD account information and default to LDAP calls. Values can be true or false.
    network.enablekdcfromkrb5confEnable looking up KDC information from krb5.conf. Values can be true or false.
    network.forcesecureldapForce using LDAPS to contact domain controller. Values can be true or false.
    network.ipaddressIP address for incoming connections.
    network.kerberoscredupdatefrequencyTime in seconds between checks for kerberos credentials that need to be updated. Value is an integer.
    network.privilegedadaccountPrivileged AD user to use for AD authentication. Value is <username>.
    uncmappingMaps UNC path to a local path. For example, sudo /opt/mssql/bin/mssql-conf set uncmapping //servername/sharename /tmp/folder.

    Enable/Disable traceflags

    This traceflag option enables or disables traceflags for the startup of the SQL Server service. To enable/disable a traceflag, use the following commands:

    1. Enable a traceflag using the following command. For example, for Traceflag 1234:

    Bash

    sudo /opt/mssql/bin/mssql-conf traceflag 1234 on

    • You can enable multiple traceflags by specifying them separately:

    Bash

    sudo /opt/mssql/bin/mssql-conf traceflag 2345 3456 on

    • In a similar way, you can disable one or more enabled traceflags by specifying them and adding the off parameter:

    Bash

    sudo /opt/mssql/bin/mssql-conf traceflag 1234 2345 3456 off

    • Restart the SQL Server service to apply the changes:

    Bash

    sudo systemctl restart mssql-server

    Remove a setting

    To unset any setting made with mssql-conf set, call mssql-conf with the unset option and the name of the setting. This clears the setting, effectively returning it to its default value.

    1. The following example clears the network.tcpport option.

    Bash

    sudo /opt/mssql/bin/mssql-conf unset network.tcpport

    • Restart the SQL Server service.

    Bash

    sudo systemctl restart mssql-server

    View current settings

    To view any configured settings, run the following command to output the contents of the mssql.conf file:

    Bash

    sudo cat /var/opt/mssql/mssql.conf

    Any settings not shown in this file are using their default values. The next section provides a sample mssql.conf file.

    mssql.conf format

    The following /var/opt/mssql/mssql.conf file provides an example for each setting. You can use this format to manually make changes to the mssql.conf file as needed. If you do manually change the file, you must restart SQL Server before the changes are applied. To use the mssql.conf file with Docker, you must have Docker persist your data. First add a complete mssql.conf file to your host directory and then run the container.

    ini

    [EULA]

    accepteula = Y

    accepteulaml = Y

    [coredump]

    captureminiandfull = true

    coredumptype = full

    [distributedtransaction]

    servertcpport = 51999

    [filelocation]

    defaultbackupdir = /var/opt/mssql/data/

    defaultdatadir = /var/opt/mssql/data/

    defaultdumpdir = /var/opt/mssql/data/

    defaultlogdir = /var/opt/mssql/data/

    [hadr]

    hadrenabled = 0

    [language]

    lcid = 1033

    [memory]

    memorylimitmb = 4096

    [network]

    forceencryption = 0

    ipaddress = 10.192.0.0

    kerberoskeytabfile = /var/opt/mssql/secrets/mssql.keytab

    rpcport = 13500

    tcpport = 1401

    tlscert = /etc/ssl/certs/mssql.pem

    tlsciphers = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA

    tlskey = /etc/ssl/private/mssql.key

    tlsprotocols = 1.2,1.1,1.0

    [sqlagent]

    databasemailprofile = default

    errorlogfile = /var/opt/mssql/log/sqlagentlog.log

    errorlogginglevel = 7

    [telemetry]

    customerfeedback = true

    userrequestedlocalauditdirectory = /tmp/audit

    [traceflag]

    traceflag0 = 1204

    traceflag1 = 2345 traceflag = 3456