Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1998
  • Last Modified:

JDBC connecting to SQL error

I have a cognos reports server that is connecting to a SQL 2008R2 database and after a recent restart the JDBC driver is giving an error message Pasted at bottom.
I cannot figure out why it wants to connect  SSL all of a sudden. The OS is Windows Server 2008R2 The JRE is 6.0 SQL 2008R2 x64
I have checked the SQL server Forced Encryption is set to NO
I have checked that FIPS is not enabled in group policy and the registry on both servers.
I have verified I can connect to the SQL server using other means I. e.  SQL Studio, telnet , SQLPing, UDL connection
I cannot figure out why it is trying to connect SSL It connect correctly before the restart


:[trycatch] Caught exception: com.microsoft.sqlserver.jdbc.SQLServerException:
the driver could not establish a secure connection to SQL Server by using Secure
Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed.".
     [echo] ERROR: com.microsoft.sqlserver.jdbc.SQLServerException: The driver
could not establish a secure connection to SQL Server by using Secure Sockets Lay
er (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed.".
0
Robert Timmons
Asked:
Robert Timmons
  • 5
  • 4
1 Solution
 
Marten RuneSQL Expert/Infrastructure ArchitectCommented:
have you looked in the sql server errorlog?
This will tell you if SQL is involved or if its a OS/infrastructure problem

If entrys, then SQL is involved somehow. If no entrys, look at infrastructure.
0
 
Robert TimmonsSenior Technical ConsultantAuthor Commented:
I have checked SQL logs and it does not look like it is even getting that far since I see nothing in the logs and other applications with DBs on same machine are connecting just fine. So I agree it must be infrastructure. Just figuring out what that piece is can be a challenge. I see patches were installed on the 1-8-2015 but I am not aware of a patch that would do this.
0
 
Marten RuneSQL Expert/Infrastructure ArchitectCommented:
If you create a ODBC Connection on the server, is the test successful?
if so, you can isolate it to the Java driver.

These have a history (according to me) of problem handling complex passwords, named instances and ports.

//Marten
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Rich WeisslerProfessional Troublemaker^h^h^h^h^hshooterCommented:
I assume patches installed 1/8/2015 are obviously not this months patches, but at least last month and possibly older patches. (?)

There was this patch for MS14-066, which impacted SSL, with which a number of folks have reported problems.  I believe this to be the most likely source of your problem... but not with certainty.

And I assume no one has disabled SSL 3.0, per recent mitigation instructions.

Do you have access to the JDBC connection string, to be able to confirm whether it is requesting SSL?
0
 
Robert TimmonsSenior Technical ConsultantAuthor Commented:
I am starting to think it is something to do with the java since I can connect using ODBC but will back out that patch first. The connection string is definitely not setup to use encryption.
0
 
Marten RuneSQL Expert/Infrastructure ArchitectCommented:
Well it's Java alright!

Can you set up a wireshark or MS Netmon to see if it gets out on the network at all.
Have seen "SQL not responding" before when the app doesn't even make a call. It's such a blamegame from the programmers. It should say, timeout due to threshold value reached, and this can be a number of reasons, one is a not responding SQL.
0
 
Robert TimmonsSenior Technical ConsultantAuthor Commented:
I've requested that this question be deleted for the following reason:

It is infrastructure related
0
 
Marten RuneSQL Expert/Infrastructure ArchitectCommented:
My first post states that this is likely OS/infrastructure related, my following posts is how he proves this to fellow colleagues. So that they be forced to fix stuff on their end.
To me, thats a solution. I leave it up the the Moderators review.

Regards Martenrune
0
 
Robert TimmonsSenior Technical ConsultantAuthor Commented:
After more research we found the issue had to do with a registry change for SSLv3

https://technet.microsoft.com/en-us/library/security/3009008.aspx

Use the "Disable SSL 3.0 in Windows for Server Software" directions.
0
 
Marten RuneSQL Expert/Infrastructure ArchitectCommented:
Thanks for sharing. Good for the Community.

Regards Marten
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now