Getting Data In

Updated DB Connect, now my connections don't work; MS-SQL Server Using MS Generic Driver With Kerberos Authentication

spctravis
Explorer

Splunkers,

I just updated my app db_connect. Now all my connections are broken. I think they are forcing ssl now and that has broken them. This is error that produces:

  • The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSLencryption. Error: "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target".

    I tried setting the key value pair to encrypt=false. I then get this error and my Server team says it's no longer using Kerberos.

  • Login failed for user 'SVCSplunkDBRead'. ClientConnectionId:5fb7a943-44bb-46ce-bf52-63a9c90643df

    Any advice on how to fix the issue would be super awesome! I don't think the server team is going to turn on SSL right now. 

     

These are my local confs:

inputs.conf

db_connection.conf

  • [EEHProd]
    connection_type = generic_mssql_kerberos
    database = EnterpriseExceptionSystem
    disabled = 0
    host = SQLSERVER
    identity = SplunkDBRead
    jdbcUseSSL = true
    localTimezoneConversionEnabled = false
    port = 1433
    readonly = true
    timezone = America/Denver
    customizedJdbcUrl = jdbc:sqlserver://SQLSERVER:1433;databaseName=EnterpriseExceptionSystem;selectMethod=cursor;encrypt=true;MultiSubNetFailover=True

identities.conf

  • [SplunkDBRead]
    disabled = 0
    domain_name = ipce
    password = somepassword
    use_win_auth = true
    username = SVCSplunkDBRead
    identity_type = normal

 

Labels (1)
0 Karma

Cmayfield4
Loves-to-Learn Everything

Maybe helpful or not, when I updated recently to splunk_app_db_connect v3.9.0 I was getting connection errors, before updating all was working. I do use SSL connection and I'm connecting to MySQL on RHEL node so not exactly your setup.

To get it working after updating db_connect to v3.9.0 I had to update my MySQL driver to restore connectivity.  Might be worth checking the driver versions you have and see if it needs updating; Splunk base has an add-on for "Splunk DBX Add-on for Microsoft SQL Server JDBC" which is at version 1.1.0. 

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...