Ssl jdbc connection in Adobe ColdFusion 2016 w/4096 cert - ssl

I am updating an existing jdbc connection which uses SSL to point to a new server. To do this I need to load a new certificate. That process appeared to go fine. Yet when updating the connection details all I get is “connection failed”.
The original connection utilized a 1024 strength cert, and had no issues. I believe I have eliminated everything but CzF and here’s whu ... after installing the cert I set up DBeaver to use the CF runtime (and thus the same keystore, etc) and with the SAME connection parameters could connect to the new database NO PROBLEM!
My belief is it is the 4096 strength that is throwing CF off.
Has anyone encountered anything like this or have any suggestions?
The platform is:
Adobe ColdFusion 2016
IIS 8.5
Windows Server 2012 R2
All have the latest patches/updates as of the time of this posting.
Thanks for any thoughts!
Forrest

Related

Entity Framework Core 7 connection certificate trust exception

I recently upgraded to Entity Framework Core 7 in development and I'm getting an exception, "A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.)" I am using Microsoft SQL Server Developer (64-bit). I have tried to make changes in the VS2022 Server Explorer to disable encryption and to trust the server certificate, I don't have one installed, but the exception remains. How can this be mitigated in development?
it is not a bug in EF Core 7.0, instead it is improved security. Microsoft suggest following 3 solution, which ever applies to you.
install a valid certificate.
Add TrustServerCertificate=True to the connectionstring
Add Encrypt=False to the connectionstring
Old behavior
SqlClient connection strings use Encrypt=False by default. This allows connections on development machines where the local server does not have a valid certificate.
New behavior
SqlClient connection strings use Encrypt=True by default. This means that:
The server must be configured with a valid certificate
The client must trust this certificate
If these conditions are not met, then a SqlException will be thrown. For example:
A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.)
https://learn.microsoft.com/en-us/ef/core/what-is-new/ef-core-7.0/breaking-changes
Same problem here after upgrading Microsoft.EntityFrameworkCore.SqlServer to 7.0.0
I fixed that by adding TrustServerCertificate=Yes to the SQL Server connection string.
I think it's fails because is a recent update.
I had the same problem and I fixed it re installing the previous version (6.0.11).
I hope this comment helps you.
It seems the answer is to await an update to EF Core 7. This should be a bug. My development is all on one machine with a SQL Server Development Edition instance. I suppose using localdb might be an approach.
After adding Encrypt=False in the connection string it resolved the issue.
"DefaultConnection": "Server=(localdb)\\mssqllocaldb;Database=CommunicationDB;Trusted_Connection=True;MultipleActiveResultSets=True;Encrypt=False;"

I have installed Lince Bi on Windows machine but on connecting SQL server it is showing SSL error

I have installed Lince Bi on Windows machine but on connecting SQL server it is showing SSL error.
"com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "No trusted certificate found". ClientConnectionId:92c4c4cd-5088-45d0-97c6-363303c25af1
"
I already added trust certificate
If the driver keeps failing with the encryption error, make sure to provide the "Encrypt=false" parameter to the data source.
You need to provide the apropriate Microsoft JDBC driver in order to LinceBI work correctly as well.
You can download it from Microsoft: Download Microsoft JDBC Driver for SQL Server
I use mssql-jdbc-10.2.1.jre8.jar because I'm using Java JDK 8.
The driver must be put inside the lincebi_web\tomcat\lib directory.
Best Regards!

AS OLEDB doesn't work over https in Windows 7

I think I have very obscure problem. When I try to connect to MS OLAP server from Excel over https it throws me an error "Either a connection cannot be made to the , or Analysis Services is not running on the computer specified". Strange thing is that it doesn't work ONLY in Windows 7. If I use Windows 10, no matter if it's Excel 2013 or 2016 it works (so, msmdmpump.dll and settings are just fine).
Native connection to this server works as well as pure http. Drivers are registered and working just fine (tried with different combinations, with no luck).
Also, servers I was using for testing are in internal domain so trusted by default. I even tried to explicitely add certificate to Trusted Root but no luck.
Any advice, help?
Thanks in advance!
Regards,
Ivan

.NET 4.5 forms app connecting to SQL Server 2012 fails: SSL Provider, error: 0

I have a problem connection to a SQL Server 2012 instance running on Windows Server 2012. I have a .NET 4.5 windows forms application installed on a client machine running Windows 7. The error I get is this:
A connection was successfully established with the server, but then an error
occurred during the pre-login handshake. (provider: SSL Provider, error: 0 -
The wait operation timed out.)
My connection string looks like this:
server=SERVERNAME;database=DATABASENAME;User Id=someuser;password=somepassword;Timeout=60;app=LabelMaker
I tried connecting to the SQL Server from the client machine using QueryExpress
and that worked! My app is 64-bit if that is of any help. I've checked every setting I can think of in SQL Server. No force encryptions are enabled on the protocols (shared memory and tcp/ip), the domain firewall is open on the server. I've tried various connection strings with all kinds of unheard off parameters, always the same result, failure.
I'm really confused about why it works with QueryExpress? My app works when connected to a remote instance of SQL SERVER Express on another machine, it also works if I run it on the SQL Server 2012 machine.
I've also tried connecting to the server from the client machine with LinqPad and this is also really weird, with the new version based on net4/4.5 (Version: 4.43.06) it fails but when I use the old version of Linqpad (2.x) based on net3.5 it works!
It seems like Panda Security is causing the problem, I ran
netsh winsock show catalog
and found a few panda entries, I then did a reset
netsh winsock reset
now my application works fine, I then rebooted the machine, ran the catalog command again,
the panda entries were back and my app is having the same problem as before.
Here are the Panda entries in the winsock catalogue: https://gist.github.com/pellehenriksson/5159883
All ideas and suggestions are appreciated.
UPDATE
Panda Security v5 is the cause of this problem, this has been confirmed by Panda support.
The root cause of the problem is explained by Alex below. The customer will do an upgrade to v6 of Panda Security, I will test again after the upgrade.
CONCLUSION
Moving to Panda Security v6.0 fixed this issue.
This seems to be a non-Microsoft related issue: Visual Studio 11 beta installation disabled my abillity to connect remote MS SQL Server but not local databases.
The ticket has been closed as external.
The only workaround available at this time on Microsoft Connect is:
Posted by Lars Joakim Nilsson on 5/4/2012 at 5:03 AM
My machine had this problem. The work around for me was to remove non-IFS LSP installed Winsock Catalog Provider. Se
http://support.microsoft.com/kb/2568167
/Lars Nilsson
The SetFileCompletionNotificationModes API causes an IO completion port not work correctly with a non-IFS LSP installed link gives the resolution:
Not specifying the FILE_SKIP_COMPLETION_PORT_ON_SUCCESS flag or
removing any non-IFS Winsock LSPs installed. Also moving from a
non-IFS LSP to Windows Filter Platform (WFP) can resolve this issue.
So, you should remove Panda Security or, as an alternative, you may try to execute netsh winsock reset as a pre-build command (although I'm not sure if this is effective without a reboot), which would let you develop/debug your application.
[UPDATE]
More information about application compatibility is given here: Application Compatibility in the .NET Framework 4.5:
Data
SQLClient
Feature
Ability to connect to a SQL Server database from managed code that
runs under the .NET Framework 4.5.
Change
The existing synchronous API code path was modified to add
asynchronous support.
Impact
The presence of non-IFS Winsock Base Service Providers (BSPs) or Layered Service Providers (LSPs) may interfere with the ability to
connect to SQL Server. For more information, see
SetFileCompletionNotificationModes API causes an IO completion port
not work correctly with a non-IFS LSP installed on the Microsoft
Support website.
I hate to say it, but restarting Visual Studio and my Microsoft SQL Server Management Studio solved this problem.

Error connecting to all of my SQL servers

I suddenly started getting this error when trying to connect to any of my sql servers (25+) from SSMS on Windows XP. When I left work yesterday everything was working fine, came in this morning, and I started getting this. Tried rebooting my pc but that obviously didn't fix it. My co-workers can all connect just fine. Searched for a solution but everything I found was regarding encryption in regards to .NET applications. Not sure how to apply that to SSMS.
alt text http://picasaweb.google.com/lh/photo/-l9VrFuYXk-A80NzZ1kzng?feat=directlink
For some reason the image won't work so the error is this:
A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.) (Microsoft SQL Server)
The question seems to have been answered, but I wanted to chime in. For some providers, such as SQL Server, there is a parameter in connection string which lets you connect to server encrypted even if certificate is unknown: "TrustServerCertificate=True", so if you include that in a connection string, you will connect and work encrypted, and will not have to run connection non-encrypted.
Try this...
Its gotta be a client issue if you lost connection to all your remote servers and your coworkers are fine. You probably got "clicky" and changed some settings inadvertantly.
Open your client network utility (mine is here: C:\WINDOWS\system32\cliconfg.exe).
Under the General Tab, check out the disabled protocols. They should all have "force protocol encryption" unchecked. If this is checked for any of those values, your local SSMS is probably trying to force an encrypted connection and failing.
Report back if this doesn't work, and I'll poke around a bit more.
When connecting using MS SQL Server Management Studio in the connect window go to Options->Connection Properties and check checkbox Trust server certificate
You connect to your SQL Servers requesting encrypted connections and you don't trust the certificate(s) used by those servers. Why that happens depends on a myriad or reasons.
Do your servers use self-signed certificates or PKI issued certificates?
Who is the PKI authorithy that issued your certificates? Is it a corporate certificate service?
Does your computer trust the PKI root authority?
If you don't know the answers to this, you must contact your network and security administrators. Simply disabling protocl enforcing requirement from your client may be against corporate policy, or the servers may enforce SSL anyway disregarding your local setting.
These are all questions you should ask your own environment admins, not public forums. You should try to solve the issue, not hack your way arround it and end up with a non-compliant machine.
From this link:
Disable client-side Force Encryption
on the server. On the machine that
runs the SQL Server instance, open up
the SQL Server Configuration Manager,
right-click SQL Native Client
Configuration, and set Force Protocol
Encryption to No. Then try connecting
locally.
http://blogs.msdn.com/sql_protocols/archive/2005/12/22/506607.aspx
I got this error, I tried to connect a remote server SQL (SaaS) in MS Cloud
I added a new firewall rule in Azure portal with my client IP that solved my issue
Open Command Prompt: press Windows Key+ R then type cmd and run
Enter this:
runas /user:[YourDomainName]\[YourActiveDirectoryUserName] /netonly cmd
Enter your active directory password and press enter
In New Command Window enter your SSMS.exe Path with double cotation like:
"C:\Program Files (x86)\Microsoft SQL Server\130\Tools\Binn\ManagementStudio\Ssms.exe"
Then login with windows athentication