got this annoying error when trying to connect new local mssql data source in intellij .
( getting same error when trying to connect from code )
[08S01] The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "Server chose TLSv1, but that protocol version is not enabled or not supported by the client.". ClientConnectionId:ffbe4d7e-70b5-4123-ad9a-36decc62858a javax.net.ssl.SSLHandshakeException: Server chose TLSv1, but that protocol version is not enabled or not supported by the client.
some details :
all mssql services are running .
intellij 2019.3 (can connect to remote mssql but cannot to one defined locally )
mssql installed locally 2014
project jdk jdk1.8.0_241
mssql driver - 7.4.1
spring-jdbc:5.1.2
connection string - jdbc:sqlserver://localhost:1433;database=local-test
another thing :
i got this error when trying to connect to remote mssql and by adding the port the issue was fixed ( doesnt work locally ) .
Thanks .
Related
When I try to connect to datasource in WildFly, it says Bad Handshake in MySQL error log and WildFly says:
Failed to add datasource of sql server in wildfly [org.jboss.jca.core.connectionmanager.pool.strategy.OnePool] (XNIO-1 task-2) IJ000604: Throwable while attempting to get a new connection: null: javax.resource.ResourceException: Could not create connection
The reason is because my TLS version was incompatible, it was trying to use TLS 2, but my MySQL could only accept TLS 1.2. I've just started my job and the project is using legacy software, so for now were forced to use old software.
So my JDBC SQL connection was:
jdbc:mysql://localhost:3306/DATABASE_NAME
And this didn't work, but this did work:
jdbc:mysql://localhost:3306/DATABASE_NAME?enabledTLSProtocols=TLSv1.2
?enabledTLSProtocols=TLSv1.2 is what fixed my issue. Because my MySQL did not support TLS 2, it just didn't communicate well with my version of MySQL.
I am using 14.04 ubuntu linux and for some reason I had to install mysql 5.7.34 version, then the project I was working on gave me a Badhandshake error, I fixed my problem by adding the following in mysqld.cnf.
enabledTLSProtocols=TLSv1.2
Check out the following note from MySQL DEVS.
Note: As of MySQL 5.7.35, the TLSv1 and TLSv1.1 connection protocols
are deprecated and support for them is subject to removal in a future
version of MySQL. See Deprecated TLS Protocols.
I am trying to connect Pentaho to my local MSSQL server.
I start Microsoft SQL Server Management Studio and I am promted with this window and then just click Connect:
I am using Java 8 Update 261 and Pentaho 7.1. I have downloaded MSSQL JDBC driver from following link:
https://learn.microsoft.com/en-us/sql/connect/jdbc/download-microsoft-jdbc-driver-for-sql-server?view=sql-server-ver15
and put mssql-jdbc-8.4.1.jre8.jar into pdi-ce-7.1.0.0-12\data-integration\lib folder. Also I have coppied file mssql-jdbc_auth-8.4.1.x64.dll into C:\Program Files\Java\jre1.8.0_261\bin...
Now when I start Pentaho via Spoon.bat file, and try to add MSSQL connection, I get errors, furthermore I have no idea what I am supposed to enter into fields:
HOSTNAME: ?
DATABASE NAME: (name of database is PROFIT)
INSTANCE NAME: ?
PORT: 1433
USERNAME: ?
PASSWORD: ?
From the picture you can see what I have entered. I also checked Use Integrated Security box.
I get following error:
Error connecting to database: (using class com.microsoft.sqlserver.jdbc.SQLServerDriver)
The TCP/IP connection to the host DESKTOP-CS70NHL, port 1433 has failed. Error: "Socket operation on nonsocket: configureBlocking. Verify the connection properties. Make sure that an instance of SQL Server is running on the host and accepting TCP/IP connections at the port. Make sure that TCP connections to the port are not blocked by a firewall.".
Background:
Application Server:
Java Based Application is running on Windows Server 2008 R2 Enterprise.
Java Version on this Server is Version 6 Update 32.
JDBC Driver Version: 4.0
Database Server:
The database server has been recently upgraded(Side by side upgrade with the same servername as the one before that the application use to connect to) from Windows 2016 to Windows 2019 and SQL Server 2012 to SQL Server 2016 and there is no Java on this server. Is this a problem??
History:
When we did the database server upgrade last time from SQL Server 2008 to SQL Server 2012, we followed the same method and the application worked fine.
But this time it is throwing the following error into the Application logs:
org.jboss.resource.JBossResourceException: Could not create connection; - nested throwable: (com.microsoft.sqlserver.jdbc.SQLServerException:
The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed.".)
We did not touch the application server at all, expecting that when the database server is up, since it is the same servername, it would start back up fine, but the application is failing with the above error.
There is no logon failure because we tested the application login and password and it worked fine.
I looked at the following:
SQL Server JDBC Error on Java 8: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption
but we cant seem to understand what is causing this issue since nothing on the Application Server has changed.
I looked at the compatibility between the JDBC Version and the SQL Server matrix here https://learn.microsoft.com/en-us/sql/connect/jdbc/microsoft-jdbc-driver-for-sql-server-support-matrix?view=sql-server-2017 and it looks like JDBC 4.0 works with SQL Server 2016.
Any ideas as to what could be going on?
Try adding "trustServerCertificate=true;" to the connection string example:
jdbc:sqlserver://NEUTRON\SQL2017;user=sa;password=password123;integratedSecurity=false;trustServerCertificate=true;
Ok, so we worked with Microsoft Support on this issue and this is the understanding that we came to.
Microsoft added/enabled TLS 1.0 and TLS 1.1 to the Database Server for testing purposes only since Microsoft does not support TLS 1.0 anymore. This lowered the security protocol to a lower state but were able to establish SQL Connectivity between the Application server and the Database Server, but still the Application initially couldn't connect. Microsoft thinks that it is because of the current connection provider/driver that is being used by the application and they wouldn't support that part of it since that is Java/Oracle's JDBC driver.
In our case, the application did connect after enabling the TLS 1.0 and TLS 1.1 after sometime.
This may or may not work in your case.
So the recommended solutions if you have the resources to modify the application, are to update the drivers for the application, test and redeploy.
If you don't have the resources to the application then the options are these:
1.Rollback to older Servers for SQL Server. This could work but there is no guarantee.
Also another thing to note is that SQL Server 2008 and 2008R2 are out of support, so the oldest we could go (and still stay supported) would be SQL Server 2012 which may not resolve the issue.
2.Open the security wide open. This will very likely solve the issue, but is most definitely not recommended. It is likely that the issue has to do with extremely outdated security providers, that are no longer supported. So, opening your security wide open will likely resolve the issue, but this is not recommended.
3.Rewrite the application which is not the easiest option, but is the only one that is fully recommended by Microsoft.
See this https://serverfault.com/questions/649052/do-i-have-to-enable-tls-1-0-in-windows-2008-r2 and this https://www.youtube.com/watch?v=vUuR_M3biDU if you'd like to enable TLS by yourself. The server will require reboot after you make this change.
I was connecting to Sql Server 2008 & 2008+ via Java program with
Java 8
Sql jdbc microsoft driver 4.1
Connection string: DriverManager.getConnection("jdbc:sqlserver://<Ip>;instance=MSSQLSERVER;domain=<domain>;IntegratedSecurity=true;ssl=request;", "administrator", "password");
I was able to connect successfully.
However when I enabled Force encryption to true in the sql server via sql server configuration manager.
I started getting following error.
com.microsoft.sqlserver.jdbc.SQLServerException: An existing connection was forcibly closed by the remote host ClientConnectionId:xxxx
FYI:
I have already tried adding below parameters in connection string.
ssl=request
ssl=require
encrypt=true
trustServerCertificate=true
Also I have tried upgrading the driver to 4.2 & mssql driver 7.0
Tried jtds driver as well
Point to be noted: I am able to connect to instance via ssms
EDIT 1
- Another important point - It's happening only for windows authentication (enabled via IntegratedSecurity=true; in connection string).
So this case is happening only when Force encryption is set to true and we try to connect in windows authentication mode.
#Vivien #MarkRotteveel Thanks for your answers which gave me directions.
It turned out that sql server with version less then 11.0 were having troubles and various improvements were done as part of 11.0 version of sql server which rectified errors of windows authentication + encrypted connections connectivity.
So Sql server 2012 and above will support windows authentication with TLSv1.2, windows authentication along with encrypted connections seamlessly.
Now I am using
Java 8
Sql server driver 4.2
Windows 10
No extra parameters in connection string.
Just for reference: Found on Microsoft website.
It's unclear from your original question wether you have already done this, but if not, try setting both at the same time: encrypt=true;trustServerCertificate=true
Also, what do the SQL Server logs say?
I think Mark Rotteveel has right.
You need to check your version of both Java and SQL Server 2008.
TLS 1.2 has been enable by default in Java 8 since the u122, and appear in SQL Server 2008 only in the service pack 4 (version 10.0.6547.0, select ##VERSION; for check it)
If you don't meet the requierment, you have to choose between update the server or downgrade your jdk.
Perhaps their is an option in the JDK to retrieve the behavior prior to the update 122, but if it's the case, I don't know it.
And, for information, the mssql-jdbc driver has stop the support of SQL Server 2008 after the version 6.2.
I have installed DB2 Express-C 9.7.5. It was installed on a Windows 7 (64-bit) machine and I created a database, TESTXA. The connection mechanism used in my application is:
Class.forName("com.ibm.db2.jcc.DB2Driver").newInstance();
Connection conn = DriverManager.getConnection("jdbc:db2://ABCCOMPUTER:50000/TESTXA", db2UserName, db2PassWord);
The connection successfully created on ABCCOMPUTER with the above Java code. But when I use the same Java code to create a DB2 connection from another system over LAN, for example, XYZCOMPUTER (Windows 7 machine) with the same db2UserName/db2PassWord, throws an exception:
com.ibm.db2.jcc.am.io: DB2 SQL Error: SQLCODE=-204, SQLSTATE=42704, SQLERRMC=USER.XA4APP, DRIVER=3.57.82
Which indicates "Connection authorization failure occurred. Reason: User ID or Password invalid."
In my application, I need to create a database in DB2 which can be accessed from other systems on a LAN. What should be looked into on XYZCOMPUTER to resolve this issue?
(FYI: This is no issue of DB2 database sharing in Windows XP machines. The above mechanism works properly.)
This should be no issue of Java JDBC. It must be the case of a Windows 7 security issue because the DB2 type 4 driver uses the same format of the connection string whether it's a case of your own system or a remote system. You can try to run your application/tool as 'Run as Administrator'.