Steps I have done:
installed new widows server 2022
enables Set-ExecutionPolicy
installed sql module for powerhell
run command:
Invoke-Sqlcmd -ServerInstance "SERVER\SQL" -query "USE databsename SELECT GETDATE();" -Username "username" -Password "strongpassword"
ERROR:
Invoke-Sqlcmd : Connection Timeout Expired. The timeout period elapsed
while attempting to consume the pre-login handshake acknowledgement.
This could be because the pre-login handshake failed or the server was
unable to respond back in time. The duration spent while attempting to
connect to this server was - [Pre-Login] initialization=8;
handshake=14993;
Same command work absolutely fine when run from my local machine or from other server.
Is there any step to make the cert trusted on new installed windows server please?
Because it is new system, so all the settings microsoft setting up automatic without user interaction.
The issue was with the certificate, but not strictly with certificate it self, but with the system time zone.
If you are in the same situation like me, make sure your time zone and time are correct.
Related
I am struggling with this issue for a few days, I am trying to connect my db from Robo 3t and Studio 3t, but i got same error with both programs:
Note: I can access by ssh from my terminal, it means that the certificate is fine, the EC2 endpoint is fine, port etc... then the problem should be in another place, right?
SSH Tunnel error: I/O error: Not ASN.1 data
Stacktrace:
|/ SSH Tunnel error: I/O error: Not ASN.1 data
|___/ I/O error: Not ASN.1 data
But I as i said before, I can connect by ssh without any issue:
ssh -i "cert.pem" ec2-muyser#ec2-54-244-36-226.us-west-2.compute.amazonaws.com
I checked all the steps described in the AWS article below, an I also disabled TLS in the cluster param, as suggested in point 5, but I still having the issue.
https://aws.amazon.com/es/premiumsupport/knowledge-center/documentdb-cannot-connect/
I just edit the post to add a few screenshot from my Robo 3t config:
Regards.
I verified the same steps. I am able to connect successfully .
Looks like you are on macOS and you didn't select Self-signed Certificate as recommended in documentation -
https://docs.aws.amazon.com/documentdb/latest/developerguide/robo3t.html
These are two additional settings which you require to do on macOS.
i) If you are on Linux/macOS client machine, you might have to change the permissions of your private key using the following command:
chmod 400 /fullPathToYourPemFile/.pem
ii) if you are on macOS Catalina or above, choose Self-signed Certificate as the Authentication Method because the macOS does not accept certificates with validity greater than 825 days.
We received an email saying our port 5986 (WinRM?) certificates are set to expire soon and we should take action to avoid interruption.
The way i configured WinRM for TFS communication last year was like this:
Download from GitHub this PowerShell script
execute the following in the PowerShell console with Administrative permissions: ConfigureWinRM.ps1 {FQDN} https
example: ConfigureWinRM.ps1 server.tst.com https
Do i just have to rerun this again to renew? Do i need to remove the old certificate thumbprint first?
Apparently, there was a bug 4 years ago that it appears that WinRM somehow does note that the certificate has been renewed, because it continues to accept WinRM connections over HTTPS with no issues, even after the certificate referenced under WSman\Listener has expired.
i dont want conflicts to occur so i want to renew this safely, especially when we get the same notification for production.
Note: some useful commands used in that git bug report to compare replaced cert Thumbprint:
ls cert:\localmachine\my
ls wsman:\localhost\listener\listener_1305953032
Winrm enumerate winrm/config/listener
netsh http show sslcert ipport=0.0.0.0:5986
I just had to rerun the same steps again (skip step1 if script is still there from last time)
Download from GitHub this PowerShell script
execute the following in the PowerShell console with Administrative permissions:
ConfigureWinRM.ps1 servername https
Looks like the bug is not present on PSVersion 5.1.14393.3471
I ran the commands above listed in the Note and the new Thumbprint was getting displayed for all 4 of them.
restart wasnt required
I am trying to connect hue with ssl enabled oozie server, but facing the below SSL issue.
Error submitting workflow Batch job for query-pig: ("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",)
Created CA certificate from oozie server machine and configured it with hue server.
I could able to get the status information from oozie server using curl command with the help of certificate that i have generated. But issue occurs only when communicating from hue server.
Also added proxy user in oozie-site.xml properties.
hue.ini
[liboozie]
# The URL where the Oozie service runs on. This is required in order for
# users to submit jobs. Empty value disables the config check.
oozie_url=https://Fully Qualified Host name:11443/oozie
# Requires FQDN in oozie_url if enabled
security_enabled=true
use_libpath_for_jars=false
# Location on HDFS where the workflows/coordinator are deployed when submitted.
remote_deployement_dir=/user/hue/oozie/deployments
ssl_cert_ca_verify=true
I dont know what is the difference while connecting from curl and hue server as curl works perfectly for me where hue server doesn't.
I am trying to connect from a windows computer to a ubuntu linux server, It is about cvs, I want to do a checkout. I use smartcvs 7.1.9.
I get this error when I try to connect to the server: (Project > Checkout > Next)
Authentication Failed: You could not get authenticated by the
CVS-server. Details: I/O-Exception: Failed to negotiate a transport
component [diffie-hellman-group-exchange-sha1]
[diffie-hellman-group14-sha1]
Anybody ideas what I can do?
This is a cvs server issue.
SmartCVS uses the diffie-hellman key exchange method for authentication which is known to have security issues. Therefore it has been disabled by default in current standard openssh(d) server configurations.
If you know what you are doing and don't care about the security implications, just add the following lines to sshd_config:
starts here
KexAlgorithms diffie-hellman-group1-sha1,curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com,chacha20-poly1305#openssh.com,blowfish-cbc,aes128-cbc,3des-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
ends here
If you're on linux.. recreate the keys and restart the opensshd service:
dpkg-reconfigure openssh-server
/etc/init.d/ssh restart
Regards
Erwin
I configured a OpenShift installation in CentOS 6.3 using the follow tutorial: https://openshift.redhat.com/community/wiki/build-your-own
All services are OK, up and running.
However, when I try to connect my rhc client to my server (running the follow commands), a SSL error appears. Appears that i've to trust my Self-Signed SSL Certificate. I'm using OS X, so I added the .cer file to keychain. This made acessing the https URL from Safari appears OK, however the rhc command's still with error.
Mac-de-Ariel:~ ariel$ export LIBRA_SERVER=MY_DOMAIN
Mac-de-Ariel:~ ariel$ rhc server
/Users/ariel/.rvm/rubies/ruby-1.9.3-p0/lib/ruby/1.9.1/net/http.rb:799:in `connect': SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: (null) (OpenSSL::SSL::SSLError)
Full error: https://gist.github.com/0e9019f39c59512eb54b
'rhc server' doesn't work against Origin servers yet - right now it only works against openshift.redhat.com. I would recommend trying:
LIBRA_SERVER=yourhost rhc setup
Setup will run against your provided server and do the necessary config, and then save the server variable into the ~/.openshift/express.conf file for future use.