Getting Data In

Updated DB Connect, now my connections don't work; MS-SQL Server Using MS Generic Driver With Kerberos Authentication



I just updated my app db_connect. Now all my connections are broken. I think they are forcing ssl now and that has broken them. This is error that produces:

  • The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSLencryption. Error: "PKIX path building failed: unable to find valid certification path to requested target".

    I tried setting the key value pair to encrypt=false. I then get this error and my Server team says it's no longer using Kerberos.

  • Login failed for user 'SVCSplunkDBRead'. ClientConnectionId:5fb7a943-44bb-46ce-bf52-63a9c90643df

    Any advice on how to fix the issue would be super awesome! I don't think the server team is going to turn on SSL right now. 


These are my local confs:



  • [EEHProd]
    connection_type = generic_mssql_kerberos
    database = EnterpriseExceptionSystem
    disabled = 0
    host = SQLSERVER
    identity = SplunkDBRead
    jdbcUseSSL = true
    localTimezoneConversionEnabled = false
    port = 1433
    readonly = true
    timezone = America/Denver
    customizedJdbcUrl = jdbc:sqlserver://SQLSERVER:1433;databaseName=EnterpriseExceptionSystem;selectMethod=cursor;encrypt=true;MultiSubNetFailover=True


  • [SplunkDBRead]
    disabled = 0
    domain_name = ipce
    password = somepassword
    use_win_auth = true
    username = SVCSplunkDBRead
    identity_type = normal


Labels (1)
0 Karma

Loves-to-Learn Lots

Maybe helpful or not, when I updated recently to splunk_app_db_connect v3.9.0 I was getting connection errors, before updating all was working. I do use SSL connection and I'm connecting to MySQL on RHEL node so not exactly your setup.

To get it working after updating db_connect to v3.9.0 I had to update my MySQL driver to restore connectivity.  Might be worth checking the driver versions you have and see if it needs updating; Splunk base has an add-on for "Splunk DBX Add-on for Microsoft SQL Server JDBC" which is at version 1.1.0. 

0 Karma
Get Updates on the Splunk Community!

There's No Place Like Chrome and the Splunk Platform

Watch On DemandMalware. Risky Extensions. Data Exfiltration. End-users are increasingly reliant on browsers to ...

The Great Resilience Quest: 5th Leaderboard Update

The fifth leaderboard update for The Great Resilience Quest is out >> 🏆 Check out the ...

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

At this year’s Splunk University, I had the privilege of chatting with Devesh Logendran, one of the winners in ...