Solved

JDBC connecting to SQL error

Posted on 2015-01-14
11
811 Views
Last Modified: 2015-02-06
I have a cognos reports server that is connecting to a SQL 2008R2 database and after a recent restart the JDBC driver is giving an error message Pasted at bottom.
I cannot figure out why it wants to connect  SSL all of a sudden. The OS is Windows Server 2008R2 The JRE is 6.0 SQL 2008R2 x64
I have checked the SQL server Forced Encryption is set to NO
I have checked that FIPS is not enabled in group policy and the registry on both servers.
I have verified I can connect to the SQL server using other means I. e.  SQL Studio, telnet , SQLPing, UDL connection
I cannot figure out why it is trying to connect SSL It connect correctly before the restart


:[trycatch] Caught exception: com.microsoft.sqlserver.jdbc.SQLServerException:
the driver could not establish a secure connection to SQL Server by using Secure
Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed.".
     [echo] ERROR: com.microsoft.sqlserver.jdbc.SQLServerException: The driver
could not establish a secure connection to SQL Server by using Secure Sockets Lay
er (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed.".
0
Comment
Question by:Robert Timmons
  • 5
  • 4
11 Comments
 
LVL 20

Expert Comment

by:Marten Rune
ID: 40550722
have you looked in the sql server errorlog?
This will tell you if SQL is involved or if its a OS/infrastructure problem

If entrys, then SQL is involved somehow. If no entrys, look at infrastructure.
0
 

Author Comment

by:Robert Timmons
ID: 40551099
I have checked SQL logs and it does not look like it is even getting that far since I see nothing in the logs and other applications with DBs on same machine are connecting just fine. So I agree it must be infrastructure. Just figuring out what that piece is can be a challenge. I see patches were installed on the 1-8-2015 but I am not aware of a patch that would do this.
0
 
LVL 20

Expert Comment

by:Marten Rune
ID: 40551134
If you create a ODBC Connection on the server, is the test successful?
if so, you can isolate it to the Java driver.

These have a history (according to me) of problem handling complex passwords, named instances and ports.

//Marten
0
 
LVL 29

Expert Comment

by:Rich Weissler
ID: 40551342
I assume patches installed 1/8/2015 are obviously not this months patches, but at least last month and possibly older patches. (?)

There was this patch for MS14-066, which impacted SSL, with which a number of folks have reported problems.  I believe this to be the most likely source of your problem... but not with certainty.

And I assume no one has disabled SSL 3.0, per recent mitigation instructions.

Do you have access to the JDBC connection string, to be able to confirm whether it is requesting SSL?
0
 

Author Comment

by:Robert Timmons
ID: 40551394
I am starting to think it is something to do with the java since I can connect using ODBC but will back out that patch first. The connection string is definitely not setup to use encryption.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 20

Accepted Solution

by:
Marten Rune earned 500 total points
ID: 40551440
Well it's Java alright!

Can you set up a wireshark or MS Netmon to see if it gets out on the network at all.
Have seen "SQL not responding" before when the app doesn't even make a call. It's such a blamegame from the programmers. It should say, timeout due to threshold value reached, and this can be a number of reasons, one is a not responding SQL.
0
 

Author Comment

by:Robert Timmons
ID: 40557053
I've requested that this question be deleted for the following reason:

It is infrastructure related
0
 
LVL 20

Expert Comment

by:Marten Rune
ID: 40557054
My first post states that this is likely OS/infrastructure related, my following posts is how he proves this to fellow colleagues. So that they be forced to fix stuff on their end.
To me, thats a solution. I leave it up the the Moderators review.

Regards Martenrune
0
 

Author Comment

by:Robert Timmons
ID: 40591364
After more research we found the issue had to do with a registry change for SSLv3

https://technet.microsoft.com/en-us/library/security/3009008.aspx

Use the "Disable SSL 3.0 in Windows for Server Software" directions.
0
 
LVL 20

Expert Comment

by:Marten Rune
ID: 40594625
Thanks for sharing. Good for the Community.

Regards Marten
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

JSON is being used more and more, besides XML, and you surely wanted to parse the data out into SQL instead of doing it in some Javascript. The below function in SQL Server can do the job for you, returning a quick table with the parsed data.
Ever wondered why sometimes your SQL Server is slow or unresponsive with connections spiking up but by the time you go in, all is well? The following article will show you how to install and configure a SQL job that will send you email alerts includ…
Via a live example, show how to set up a backup for SQL Server using a Maintenance Plan and how to schedule the job into SQL Server Agent.
Viewers will learn how to use the SELECT statement in SQL and will be exposed to the many uses the SELECT statement has.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now