My Java application in Linux was trying to access an MSSQL database and failed. Keytab, security login, and krb5 all are defined. driver is sqljdbc4-2.0.jar. The error message still looking for Windows Authentication.
driver:com.microsoft.sqlserver.jdbc.SQLServerDriver
url:jdbc:sqlserver://AAA.com:10501;instanceName=BBB_DEV;integratedSecurity=true;authenticationScheme=JavaKerberos
Nov 25, 2016 3:42:26 PM com.microsoft.sqlserver.jdbc.AuthenticationJNI <clinit>
WARNING: Failed to load the sqljdbc_auth.dll
Version 2.0 of the Microsoft SQL Server JDBC driver is pretty old, support for pure Java Kerberos authentication was only added in version 4.0. See Using Kerberos Integrated Authentication to Connect to SQL Server:
Beginning in Microsoft JDBC Driver 4.0 for SQL Server, an application can use the authenticationScheme connection property to indicate that it wants to connect to a database using Kerberos integrated authentication using the pure Java Kerberos implementation
Either download version 6.0 from Microsoft, or get version 6.1 from maven using
<dependency>
<groupId>com.microsoft.sqlserver</groupId>
<artifactId>mssql-jdbc</artifactId>
<version>6.1.0.jre8</version>
</dependency>
Related
We've received a recommendation to switch from ADAL libraries for authentication, to MSAL libraries.
So we're going to do that.
On closer inspection, a scenario is that we use SQL server JDBC driver from Microsoft to connect to DB using AAD authentication. This JDBC driver internally uses ADAL. The latest version of JDBC driver from Microsoft is still using ADAL. When is MS planning to migrate their JDBC driver to use MSAL instead of ADAL?
See also: https://learn.microsoft.com/en-us/azure/active-directory/develop/msal-migration
"Starting June 30th, 2020, we will no longer add new features to ADAL. We'll continue adding critical security fixes to ADAL until June 30th, 2022."
I have been struggling since morning in order to try to connect my java web application to the database which is on a different system (using windows auth).
I managed to access it from my SSMS, I went to windows credentials manager and created the same credentials as of other system where the SQL server is installed, below are the details:
Now when I use the IP(192.168.2.172) in SSMS as a server name then I am able to connect using windows auth but can not access the same from my Java web app.
I am using jtds with the below string but its not working. Please help
<property name="url" value="jdbc:jtds:sqlserver://192.168.2.172:1433/realtime;useNTLMv2=true" />
I am constantly getting this error:
Caused by: java.sql.SQLException: Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.
at net.sourceforge.jtds.jdbc.SQLDiagnostic.addDiagnostic(SQLDiagnostic.java:372)
at net.sourceforge.jtds.jdbc.TdsCore.tdsErrorToken(TdsCore.java:2988)
at net.sourceforge.jtds.jdbc.TdsCore.nextToken(TdsCore.java:2421)
at net.sourceforge.jtds.jdbc.TdsCore.login(TdsCore.java:649)
at net.sourceforge.jtds.jdbc.JtdsConnection.<init>(JtdsConnection.java:371)
at net.sourceforge.jtds.jdbc.Driver.connect(Driver.java:184)
at org.apache.commons.dbcp.DriverConnectionFactory.createConnection(DriverConnectionFactory.java:38)
at org.apache.commons.dbcp.PoolableConnectionFactory.makeObject(PoolableConnectionFactory.java:582)
at org.apache.commons.dbcp.BasicDataSource.valida
The Microsoft JDBC Driver for SQL Server supports Windows Auth through Kerberos on all platforms, and on Windows using Kerberos or NTLM using the Type 2 authentication dll: Connecting with integrated authentication On Windows.
Background:
Application Server:
Java Based Application is running on Windows Server 2008 R2 Enterprise.
Java Version on this Server is Version 6 Update 32.
JDBC Driver Version: 4.0
Database Server:
The database server has been recently upgraded(Side by side upgrade with the same servername as the one before that the application use to connect to) from Windows 2016 to Windows 2019 and SQL Server 2012 to SQL Server 2016 and there is no Java on this server. Is this a problem??
History:
When we did the database server upgrade last time from SQL Server 2008 to SQL Server 2012, we followed the same method and the application worked fine.
But this time it is throwing the following error into the Application logs:
org.jboss.resource.JBossResourceException: Could not create connection; - nested throwable: (com.microsoft.sqlserver.jdbc.SQLServerException:
The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed.".)
We did not touch the application server at all, expecting that when the database server is up, since it is the same servername, it would start back up fine, but the application is failing with the above error.
There is no logon failure because we tested the application login and password and it worked fine.
I looked at the following:
SQL Server JDBC Error on Java 8: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption
but we cant seem to understand what is causing this issue since nothing on the Application Server has changed.
I looked at the compatibility between the JDBC Version and the SQL Server matrix here https://learn.microsoft.com/en-us/sql/connect/jdbc/microsoft-jdbc-driver-for-sql-server-support-matrix?view=sql-server-2017 and it looks like JDBC 4.0 works with SQL Server 2016.
Any ideas as to what could be going on?
Try adding "trustServerCertificate=true;" to the connection string example:
jdbc:sqlserver://NEUTRON\SQL2017;user=sa;password=password123;integratedSecurity=false;trustServerCertificate=true;
Ok, so we worked with Microsoft Support on this issue and this is the understanding that we came to.
Microsoft added/enabled TLS 1.0 and TLS 1.1 to the Database Server for testing purposes only since Microsoft does not support TLS 1.0 anymore. This lowered the security protocol to a lower state but were able to establish SQL Connectivity between the Application server and the Database Server, but still the Application initially couldn't connect. Microsoft thinks that it is because of the current connection provider/driver that is being used by the application and they wouldn't support that part of it since that is Java/Oracle's JDBC driver.
In our case, the application did connect after enabling the TLS 1.0 and TLS 1.1 after sometime.
This may or may not work in your case.
So the recommended solutions if you have the resources to modify the application, are to update the drivers for the application, test and redeploy.
If you don't have the resources to the application then the options are these:
1.Rollback to older Servers for SQL Server. This could work but there is no guarantee.
Also another thing to note is that SQL Server 2008 and 2008R2 are out of support, so the oldest we could go (and still stay supported) would be SQL Server 2012 which may not resolve the issue.
2.Open the security wide open. This will very likely solve the issue, but is most definitely not recommended. It is likely that the issue has to do with extremely outdated security providers, that are no longer supported. So, opening your security wide open will likely resolve the issue, but this is not recommended.
3.Rewrite the application which is not the easiest option, but is the only one that is fully recommended by Microsoft.
See this https://serverfault.com/questions/649052/do-i-have-to-enable-tls-1-0-in-windows-2008-r2 and this https://www.youtube.com/watch?v=vUuR_M3biDU if you'd like to enable TLS by yourself. The server will require reboot after you make this change.
I was connecting to Sql Server 2008 & 2008+ via Java program with
Java 8
Sql jdbc microsoft driver 4.1
Connection string: DriverManager.getConnection("jdbc:sqlserver://<Ip>;instance=MSSQLSERVER;domain=<domain>;IntegratedSecurity=true;ssl=request;", "administrator", "password");
I was able to connect successfully.
However when I enabled Force encryption to true in the sql server via sql server configuration manager.
I started getting following error.
com.microsoft.sqlserver.jdbc.SQLServerException: An existing connection was forcibly closed by the remote host ClientConnectionId:xxxx
FYI:
I have already tried adding below parameters in connection string.
ssl=request
ssl=require
encrypt=true
trustServerCertificate=true
Also I have tried upgrading the driver to 4.2 & mssql driver 7.0
Tried jtds driver as well
Point to be noted: I am able to connect to instance via ssms
EDIT 1
- Another important point - It's happening only for windows authentication (enabled via IntegratedSecurity=true; in connection string).
So this case is happening only when Force encryption is set to true and we try to connect in windows authentication mode.
#Vivien #MarkRotteveel Thanks for your answers which gave me directions.
It turned out that sql server with version less then 11.0 were having troubles and various improvements were done as part of 11.0 version of sql server which rectified errors of windows authentication + encrypted connections connectivity.
So Sql server 2012 and above will support windows authentication with TLSv1.2, windows authentication along with encrypted connections seamlessly.
Now I am using
Java 8
Sql server driver 4.2
Windows 10
No extra parameters in connection string.
Just for reference: Found on Microsoft website.
It's unclear from your original question wether you have already done this, but if not, try setting both at the same time: encrypt=true;trustServerCertificate=true
Also, what do the SQL Server logs say?
I think Mark Rotteveel has right.
You need to check your version of both Java and SQL Server 2008.
TLS 1.2 has been enable by default in Java 8 since the u122, and appear in SQL Server 2008 only in the service pack 4 (version 10.0.6547.0, select ##VERSION; for check it)
If you don't meet the requierment, you have to choose between update the server or downgrade your jdk.
Perhaps their is an option in the JDK to retrieve the behavior prior to the update 122, but if it's the case, I don't know it.
And, for information, the mssql-jdbc driver has stop the support of SQL Server 2008 after the version 6.2.
I need to retrieve datas from the SQL Server 7.0 through java.
I have tried the following drivers
msbase.jar
mssqlserver.jar
msutil.jar
sqljdbc.jar
sqljdbc4.jar
These jars works fine for the SQL Server versions 2000 and above, but for the version 7.0 its displaying error like The TDS prelogin response is incomplete. The target server must be SQL Server 2000 or later.
What are the drivers I should use to retrieve datas from the Sql Server 7.0 through java?
The jtds driver should work fine.
http://jtds.sourceforge.net/
I have used it for MSSQL 2000, but the website claims it works for 7.0 as well.
Version 7.0 you say?
That brings memories!
Back in the day we used JDBC driver from the company currently named DataDirect to connect to SQL Server 7.0.
Back in the day we had to pay for the JDBC drivers and we were lucky if it was available for the platform we needed.