Solved

JDBC connecting to SQL error

Posted on 2015-01-14
11
1,115 Views
Last Modified: 2015-02-06
I have a cognos reports server that is connecting to a SQL 2008R2 database and after a recent restart the JDBC driver is giving an error message Pasted at bottom.
I cannot figure out why it wants to connect  SSL all of a sudden. The OS is Windows Server 2008R2 The JRE is 6.0 SQL 2008R2 x64
I have checked the SQL server Forced Encryption is set to NO
I have checked that FIPS is not enabled in group policy and the registry on both servers.
I have verified I can connect to the SQL server using other means I. e.  SQL Studio, telnet , SQLPing, UDL connection
I cannot figure out why it is trying to connect SSL It connect correctly before the restart


:[trycatch] Caught exception: com.microsoft.sqlserver.jdbc.SQLServerException:
the driver could not establish a secure connection to SQL Server by using Secure
Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed.".
     [echo] ERROR: com.microsoft.sqlserver.jdbc.SQLServerException: The driver
could not establish a secure connection to SQL Server by using Secure Sockets Lay
er (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed.".
0
Comment
Question by:Robert Timmons
  • 5
  • 4
11 Comments
 
LVL 20

Expert Comment

by:Marten Rune
ID: 40550722
have you looked in the sql server errorlog?
This will tell you if SQL is involved or if its a OS/infrastructure problem

If entrys, then SQL is involved somehow. If no entrys, look at infrastructure.
0
 

Author Comment

by:Robert Timmons
ID: 40551099
I have checked SQL logs and it does not look like it is even getting that far since I see nothing in the logs and other applications with DBs on same machine are connecting just fine. So I agree it must be infrastructure. Just figuring out what that piece is can be a challenge. I see patches were installed on the 1-8-2015 but I am not aware of a patch that would do this.
0
 
LVL 20

Expert Comment

by:Marten Rune
ID: 40551134
If you create a ODBC Connection on the server, is the test successful?
if so, you can isolate it to the Java driver.

These have a history (according to me) of problem handling complex passwords, named instances and ports.

//Marten
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 30

Expert Comment

by:Rich Weissler
ID: 40551342
I assume patches installed 1/8/2015 are obviously not this months patches, but at least last month and possibly older patches. (?)

There was this patch for MS14-066, which impacted SSL, with which a number of folks have reported problems.  I believe this to be the most likely source of your problem... but not with certainty.

And I assume no one has disabled SSL 3.0, per recent mitigation instructions.

Do you have access to the JDBC connection string, to be able to confirm whether it is requesting SSL?
0
 

Author Comment

by:Robert Timmons
ID: 40551394
I am starting to think it is something to do with the java since I can connect using ODBC but will back out that patch first. The connection string is definitely not setup to use encryption.
0
 
LVL 20

Accepted Solution

by:
Marten Rune earned 500 total points
ID: 40551440
Well it's Java alright!

Can you set up a wireshark or MS Netmon to see if it gets out on the network at all.
Have seen "SQL not responding" before when the app doesn't even make a call. It's such a blamegame from the programmers. It should say, timeout due to threshold value reached, and this can be a number of reasons, one is a not responding SQL.
0
 

Author Comment

by:Robert Timmons
ID: 40557053
I've requested that this question be deleted for the following reason:

It is infrastructure related
0
 
LVL 20

Expert Comment

by:Marten Rune
ID: 40557054
My first post states that this is likely OS/infrastructure related, my following posts is how he proves this to fellow colleagues. So that they be forced to fix stuff on their end.
To me, thats a solution. I leave it up the the Moderators review.

Regards Martenrune
0
 

Author Comment

by:Robert Timmons
ID: 40591364
After more research we found the issue had to do with a registry change for SSLv3

https://technet.microsoft.com/en-us/library/security/3009008.aspx

Use the "Disable SSL 3.0 in Windows for Server Software" directions.
0
 
LVL 20

Expert Comment

by:Marten Rune
ID: 40594625
Thanks for sharing. Good for the Community.

Regards Marten
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Businesses who process credit card payments have to adhere to PCI Compliance standards. Here’s why that’s important.
Using examples as well as descriptions, and references to Books Online, show the documentation available for date manipulation functions and by using a select few of these functions, show how date based data can be manipulated with these functions.
Via a live example, show how to extract insert data into a SQL Server database table using the Import/Export option and Bulk Insert.

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question