Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Updated DB Connect, now my connections don't work; MS-SQL Server Using MS Generic Driver With Kerberos Authentication

spctravis
Explorer
‎06-20-2022 03:18 PM

Splunkers,

I just updated my app db_connect. Now all my connections are broken. I think they are forcing ssl now and that has broken them. This is error that produces:

  • The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSLencryption. Error: "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target".

    I tried setting the key value pair to encrypt=false. I then get this error and my Server team says it's no longer using Kerberos.

  • Login failed for user 'SVCSplunkDBRead'. ClientConnectionId:5fb7a943-44bb-46ce-bf52-63a9c90643df

    Any advice on how to fix the issue would be super awesome! I don't think the server team is going to turn on SSL right now. 

     

These are my local confs:

inputs.conf

db_connection.conf

  • [EEHProd]
    connection_type = generic_mssql_kerberos
    database = EnterpriseExceptionSystem
    disabled = 0
    host = SQLSERVER
    identity = SplunkDBRead
    jdbcUseSSL = true
    localTimezoneConversionEnabled = false
    port = 1433
    readonly = true
    timezone = America/Denver
    customizedJdbcUrl = jdbc:sqlserver://SQLSERVER:1433;databaseName=EnterpriseExceptionSystem;selectMethod=cursor;encrypt=true;MultiSubNetFailover=True

identities.conf

  • [SplunkDBRead]
    disabled = 0
    domain_name = ipce
    password = somepassword
    use_win_auth = true
    username = SVCSplunkDBRead
    identity_type = normal

 

Labels (1)
Labels
0 Karma
Reply

Cmayfield4
Loves-to-Learn Everything
‎06-21-2022 08:45 AM

Maybe helpful or not, when I updated recently to splunk_app_db_connect v3.9.0 I was getting connection errors, before updating all was working. I do use SSL connection and I'm connecting to MySQL on RHEL node so not exactly your setup.

To get it working after updating db_connect to v3.9.0 I had to update my MySQL driver to restore connectivity.  Might be worth checking the driver versions you have and see if it needs updating; Splunk base has an add-on for "Splunk DBX Add-on for Microsoft SQL Server JDBC" which is at version 1.1.0. 

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Painting a Clearer Picture: Creating Cross-Domain Visibility with AI Canvas

    Thursday, June 25, 2026  |  11AM PDT / 2PM EDT  Duration: 1 Hour (Includes live Q&A) Register to ...

Analytics Workspace deprecation

As of Splunk Cloud Platform 10.4.2604 and Splunk Enterprise 10.4, Analytics Workspace is now deprecated. ...

Splunk Developer Day Recap: Building, Publishing, and Growing on the Splunk Platform

Splunk Developer Day brought the Splunk developer community together for a practical look at what it means to ...