I have to deploy my java server app to a Debian 8 server. It tries to connect to the MySQL server via unix domain socket or tcp (depending on connection string). It works fine on my Debian 9 development server, but gives (as i think) useless error messages on the live server. I have root access to both servers but not allowed to do much on the live server. As i had version troubles compiling java on D9 and running it on D8, i have installed openjdk-7-jdk and mysql java connector on the D8 from the Debian repo, copied (symlinked) the connector jar to the lib directory of the source, and recompiled the app. Now it starts but when trying to connect to the database, it throws the following errors:
TCP: Connection refused
UDS: File not found (nonexistent file or device) ((the translation may not be correct, sorry))
Both connections (TCP and UDS) works fine from PHP & PDO.
Connection strings:
TCP: jdbc:mysql://localhost/<dbname>?user=<user>&password=<pwd>&useJDBCCompliantTimezoneShift=true&useLegacyDatetimeCode=false&serverTimezone=UTC&characterEncoding=utf8
UDS: jdbc:mysql:///<dbname>?socketFactory=com.mysql.jdbc.NamedPipeSocketFactory&namedPipePath=/var/run/mysqld/mysqld.sock&user=<user>&password=<pwd>&useJDBCCompliantTimezoneShift=true&useLegacyDatetimeCode=false&serverTimezone=UTC&characterEncoding=utf8
dbname, user, pwd and the socket file path are copied and pasted from the working PHP code. Worth noting that i'm not a java expert, i may not know something that should be known using these older libraries. Some source code:
Class.forName("java.sql.Driver");
...
Connection db = DriverManager.getConnection(Settings.sqlConnection.value);
try(Statement stmt = c.createStatement())
{
stmt.execute("SET #now = UTC_TIMESTAMP()");
}
...
Version info:
Debian 8.7
MySQL server 5.5.53-0+deb8u1
java version "1.7.0_181"
OpenJDK Runtime Environment (IcedTea 2.6.14) (7u181-2.6.14-1~deb8u1)
OpenJDK 64-Bit Server VM (build 24.181-b01, mixed mode)
mysql-connector-java-5.1.42.jar
What am i missing? Why do i get connection refused and missing file error messages while clearly the server is listening and the socket file is there and have the right permissions - and other clients can connect?
Nevermind, i've got the solution (not much after posting the question and so much after started having the issue... as usual).
UDS: I simply mixed up named pipes with unix domain sockets which are two entirely different implementations of the same concept. JDBC simply can't do UDS. Now i realize that i tested my code on the dev server probably with TCP connection only.
TCP: The server socket was bound to the server's exact address therefore localhost wouldn't work. My narrow thinking about connection refused error completely misguided me.
Related
I found one article that was close to the issue I am experiencing. It is this one:
SQL Server JDBC Error on Java 8: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption
I can provide the entire stack trace but the pruned version has this series of errors:
com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "java.security.cert.CertificateException: Certificates do not conform to algorithm constraints". ClientConnectionId:e7a5ebc2-d489-4743-85ba-7873926508fe
Caused by: javax.net.ssl.SSLHandshakeException:
java.security.cert.CertificateException: Certificates do not conform to algorithm constraints
Caused by: java.security.cert.CertificateException: Certificates do not conform to algorithm constraints
Caused by: java.security.cert.CertPathValidatorException: Algorithm constraints check failed on keysize limits. RSA 1024bit key used with certificate: CN=SSL_Self_Signed_Fallback. Usage was tls server
The JDBC connection is to a SQL Server 2012 that does NOT have connection encryption enabled or any security that I know of. I talked to our DB guy and he says there is no security on the connection that he knows of. So, I am not sure WHY the MS driver continues to complain about the SSL connection.
This Linux server (CentOS 8) has two tomcat installations that use JDBC connections. I have a Tomcat 8.0.32 instance that connects to the SQL Server 2012 instance using the JTDS driver that has no problem at all in connecting. I tried switching that driver to the MS driver and it then experienced the same errors. So I switched it back. But the second installation of Tomcat (9.0.33) has an app that requires a JDBC 4.0 or above driver and the JTDS driver is only a 3.0 driver so I have to use the MS driver. But, I cannot figure out how to get a successful connection.
Digging through the Internet I found reference to the jsse.jar and having the correct certs installed (although nothing specific as to how to do it or why). I also dug of an article that said that the JTDS driver uses NTLM to connect (not 100% sure about that since I have no reference to a domain in my connection for JTDS). In any case, I just need some guidance on how to configure the MS driver to connect from Linux to a non-secured SQL Server 2012. The Microsoft references I found addressed secured connections but nothing about connections that were not secured.
Running Java version:
openjdk version "1.8.0_252"
OpenJDK Runtime Environment (build 1.8.0_252-b09)
OpenJDK 64-Bit Server VM (build 25.252-b09, mixed mode)
driverClassName=com.microsoft.sqlserver.jdbc.SQLServerDriver
url=jdbc:sqlserver://192.168.80.214:1433;databaseName=DB_Central;
integratedSecurity=true;authenticationScheme=NTLM;domain=mydomain.org;
Also tried:
url=jdbc:sqlserver://192.168.80.214:1433;databaseName=DB_Central;encrypt=false;sslProtocol=TLSv1.2;
And just:
url=jdbc:sqlserver://192.168.80.214:1433;databaseName=DB_Central
JTDS that works (in the tomcat 8.0.32 / JDBC 3.0 environment):
driverClassName=net.sourceforge.jtds.jdbc.Driver
url=jdbc:jtds:sqlserver://192.168.80.214:1433;databaseName=DB_Central
ANYTHING that might point me in the right direction would be helpful especially why the MS driver wants (or thinks) the connection is secure. The other tidbit is that I see none of these errors when deployed to Windows 10...so it has something to do with Linux and maybe the Java config on Linux. Or, maybe I just need the correct incantation for the connection string when in Linux.....
The driver believes that the connection is secure , if it is connecting to a port that is meant to receive only secure connections.
1.Check the port
2.Check for any other explicit setting of TLS / SSL on the JDBC url
So, the way I was able to get this to work after much trial and error was to copy the java.security file from the windows 10 install to the CentOS 8 install. The ONLY thing I can see as different between the two was in this section:
'# List of comma-separated packages that start with or equal this string
'# will cause a security exception to be thrown when
'# passed to checkPackageDefinition unless the
'# corresponding RuntimePermission ("defineClassInPackage."+package) has
'# been granted.
'#
'# by default, none of the class loaders supplied with the JDK call
'# checkPackageDefinition.
'#
The entries in CentOS included at the end of the list:
org.GNOME.Accessibility.,\
org.GNOME.Bonobo.
The entries in the Windows version had only one entry at the end:
com.sun.java.accessibility.
That was the only difference I could find. And, I don't understand why that made a difference.. But it DOES connect without error now and that is all I wanted....
spend quite some time to solve the connection issues between centos 8 with tomcat and jdbc:sql server 2014.
I replaced the self-signed certificate in the properties of protocols in sql server configuration.
It is misleading that you can't see it on windows. It's only visible in the tomcat catalina.out file - use debug with -Djavax.net.debug=ssl:handshake:all.
You have to prepare a certificate from an authority (a self-signed should also work) and store it in local computer - own certificate of the windows server.
Make sure the service account of sql server has access right on the private key of the certificate. Otherwise, the sql service will not start.
Restart sql server.
Add the certificate and chain to your tomcat configuration cacerts file.
add -Djavax.net.ssl.trustStore= and -Djavax.net.ssl.trustStorePassword= to setenv.sh
The string in the webapps web.xml had to be as simple as:
jdbc:sqlserver://yourURL;DatabaseName=yourDB;user=youruser;password=secret
[other options did not work and led to further exceptions: integratedSecurity=true;encrypt=true;trustServerCertificate=true - trustStore=storeName;trustStorePassword=storePassword
and i've tried all boolean options i.e.: false/true]
Restart tomcat
It has to do something with openjdk version of java. We have switched to amazon correto 1.8 you can find it here, and everything worked perfectly.
If anyone having the same problem at a Redhat 8 Linux, below command worked for me (it lowers the security)
update-crypto-policies --set LEGACY
Background:
Application Server:
Java Based Application is running on Windows Server 2008 R2 Enterprise.
Java Version on this Server is Version 6 Update 32.
JDBC Driver Version: 4.0
Database Server:
The database server has been recently upgraded(Side by side upgrade with the same servername as the one before that the application use to connect to) from Windows 2016 to Windows 2019 and SQL Server 2012 to SQL Server 2016 and there is no Java on this server. Is this a problem??
History:
When we did the database server upgrade last time from SQL Server 2008 to SQL Server 2012, we followed the same method and the application worked fine.
But this time it is throwing the following error into the Application logs:
org.jboss.resource.JBossResourceException: Could not create connection; - nested throwable: (com.microsoft.sqlserver.jdbc.SQLServerException:
The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed.".)
We did not touch the application server at all, expecting that when the database server is up, since it is the same servername, it would start back up fine, but the application is failing with the above error.
There is no logon failure because we tested the application login and password and it worked fine.
I looked at the following:
SQL Server JDBC Error on Java 8: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption
but we cant seem to understand what is causing this issue since nothing on the Application Server has changed.
I looked at the compatibility between the JDBC Version and the SQL Server matrix here https://learn.microsoft.com/en-us/sql/connect/jdbc/microsoft-jdbc-driver-for-sql-server-support-matrix?view=sql-server-2017 and it looks like JDBC 4.0 works with SQL Server 2016.
Any ideas as to what could be going on?
Try adding "trustServerCertificate=true;" to the connection string example:
jdbc:sqlserver://NEUTRON\SQL2017;user=sa;password=password123;integratedSecurity=false;trustServerCertificate=true;
Ok, so we worked with Microsoft Support on this issue and this is the understanding that we came to.
Microsoft added/enabled TLS 1.0 and TLS 1.1 to the Database Server for testing purposes only since Microsoft does not support TLS 1.0 anymore. This lowered the security protocol to a lower state but were able to establish SQL Connectivity between the Application server and the Database Server, but still the Application initially couldn't connect. Microsoft thinks that it is because of the current connection provider/driver that is being used by the application and they wouldn't support that part of it since that is Java/Oracle's JDBC driver.
In our case, the application did connect after enabling the TLS 1.0 and TLS 1.1 after sometime.
This may or may not work in your case.
So the recommended solutions if you have the resources to modify the application, are to update the drivers for the application, test and redeploy.
If you don't have the resources to the application then the options are these:
1.Rollback to older Servers for SQL Server. This could work but there is no guarantee.
Also another thing to note is that SQL Server 2008 and 2008R2 are out of support, so the oldest we could go (and still stay supported) would be SQL Server 2012 which may not resolve the issue.
2.Open the security wide open. This will very likely solve the issue, but is most definitely not recommended. It is likely that the issue has to do with extremely outdated security providers, that are no longer supported. So, opening your security wide open will likely resolve the issue, but this is not recommended.
3.Rewrite the application which is not the easiest option, but is the only one that is fully recommended by Microsoft.
See this https://serverfault.com/questions/649052/do-i-have-to-enable-tls-1-0-in-windows-2008-r2 and this https://www.youtube.com/watch?v=vUuR_M3biDU if you'd like to enable TLS by yourself. The server will require reboot after you make this change.
I'm trying to connect to a Grakn Server running on a GCP VM instance. I have read the related post in the discussion forum. One of the replies suggests to do the following on the server side:
Edit ./conf/main/grakn.properties:
storage.hostname=EXTERNAL.ip.v4.address
Edit ./conf/cassandra/cassandra.yaml:
seeds: "EXTERNAL.ip.v4.address"
broadcast_address: EXTERNAL.ip.v4.address
listen_address: INTERNAL.ip.v4.address
rpc_address: INTERNAL.ip.v4.address
Access it from the Java API:
GraknSession session = Grakn.session(“EXTERNAL.ip.v4.address”, keySpaceName);
What i have interpreted from this, for my specific case, is the following:
-Replace EXTERNAL.ip.v4.address with the External IP of my VM instance
-Replace INTERNAL.ip.v4.address with the Internal IP of my VM instance
When i start the server i get this exception cause (I think this is the root cause):
Caused by:
com.netflix.astyanax.connectionpool.exceptions.PoolTimeoutException:
PoolTimeoutException: [host=104.197.131.17(104.197.131.17):9160,
latency=10000(10000), attempts=1]Timed out waiting for connection
at com.netflix.astyanax.connectionpool.impl.SimpleHostConnectionPool.waitForConnection(SimpleHostConnectionPool.java:231)
What am i missing?
Do i have to add firewall rules?
Thanks for the help.
To access Grakn remotely using the Java API, you need to open the following ports on the GCP and Linux VM firewall (eg. iptables):
4567
9160
Make sure you are able to access those from the client machine.
im trying to connect a client to a server. The server is running, but when i try to connect the client i get this error:
"Exp_Client cannot connect to Exp_Server. Connection refused to host: 127.0.0.1.; nested exception is: java.net.ConnectException: Connection refused"
the method which should connect; the marked line does not work
the relevant constants
I turned off the firewall
VM-Options are:
-Djava.security.manager
-Djava.security.policy=/Users/Max/Documents/Uni/Bachelor/Vertiefung/Bachelorarbeit/workspace/kit-iism-experimenttool/Exp_Implementation/java.policy
Program arguments: none
I use IntelliJ IDEA 14.1.5
JRE: 1.60_65
jdk1.7.0_79
JVM: Java HotSpot(TM) 64-Bit Server VM
h2-1.3.176
Any ideas what the problem could be?
Would be very thankful for help.
Kind regards, Max
Just a few ideas:
You have not started your server correctly.
You are trying to connect to the wrong port.
Your server is not waiting to accept connections.
Your source code would be great to have a look on
You haven't started the RMI registry, or the URL isn't correct.
I've tryed to create a connection with a Microsoft SQl Server 2008 database through JDBC on Eclipse SDK. I've dowloaded JDBC driver from microsoft and I've installed it, then I've added at my System environment variables CLASSPATH the path of sqljdbc4.jar file. After icluding in the Eclipse project the jar file I've tryed to create the connection using:
String connectionUrl = "jdbc:sqlserver://localhost;integratedSecurity=true";
Connection con = DriverManager.getConnection(connectionUrl);
but it doesn't works, and launch me this exception:
com.microsoft.sqlserver.jdbc.SQLServerException: TCP/IP connection
at host localhost, port 1433 failed. Error: "Connection refused:
connect. Verify connection properties and make sure an instance of SQL
Server is running on the host and is accepting TCP/IP connections at
the port. Be sure no firewall blocks connections at the port.
I'm working on a JRE 1.6 so a sqljdbc4 should work, and I've created a working ODBC, so the server is responding, and the error should be in java command or JDBC installation.
Can anyone help me?
At the risk of stating the obvious, this looks to me as if TCP connections haven't been enabled on SQL Server. You have to manually enable them, they don't come enabled by default.
There's an article on MSDN here which explains how to enable TCP protocols for SQL 2005/2008.
Following are the quick trouble shooters:
Try to connect to your server using external front end.
Check if your firewall blocks the connection to the port
Check to see if server is really up.
A Suggestion :
If you are using eclipse , you don't need to add the jar into CLASSPATH variable , you can just add it in library of your project to make it available at runtime