Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Updated DB Connect, now my connections don't work; MS-SQL Server Using MS Generic Driver With Kerberos Authentication

spctravis
Explorer
‎06-20-2022 03:18 PM

Splunkers,

I just updated my app db_connect. Now all my connections are broken. I think they are forcing ssl now and that has broken them. This is error that produces:

  • The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSLencryption. Error: "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target".

    I tried setting the key value pair to encrypt=false. I then get this error and my Server team says it's no longer using Kerberos.

  • Login failed for user 'SVCSplunkDBRead'. ClientConnectionId:5fb7a943-44bb-46ce-bf52-63a9c90643df

    Any advice on how to fix the issue would be super awesome! I don't think the server team is going to turn on SSL right now. 

     

These are my local confs:

inputs.conf

db_connection.conf

  • [EEHProd]
    connection_type = generic_mssql_kerberos
    database = EnterpriseExceptionSystem
    disabled = 0
    host = SQLSERVER
    identity = SplunkDBRead
    jdbcUseSSL = true
    localTimezoneConversionEnabled = false
    port = 1433
    readonly = true
    timezone = America/Denver
    customizedJdbcUrl = jdbc:sqlserver://SQLSERVER:1433;databaseName=EnterpriseExceptionSystem;selectMethod=cursor;encrypt=true;MultiSubNetFailover=True

identities.conf

  • [SplunkDBRead]
    disabled = 0
    domain_name = ipce
    password = somepassword
    use_win_auth = true
    username = SVCSplunkDBRead
    identity_type = normal

 

Labels (1)
Labels
0 Karma
Reply

Cmayfield4
Loves-to-Learn Everything
‎06-21-2022 08:45 AM

Maybe helpful or not, when I updated recently to splunk_app_db_connect v3.9.0 I was getting connection errors, before updating all was working. I do use SSL connection and I'm connecting to MySQL on RHEL node so not exactly your setup.

To get it working after updating db_connect to v3.9.0 I had to update my MySQL driver to restore connectivity.  Might be worth checking the driver versions you have and see if it needs updating; Splunk base has an add-on for "Splunk DBX Add-on for Microsoft SQL Server JDBC" which is at version 1.1.0. 

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...