Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

DB Connect: How to make SSL connection to MSSQL database?

splunkIT
Splunk Employee
Splunk Employee
‎02-19-2015 03:25 PM

I am trying to connect to MSSQL using DB Connect, and I keep getting connection reset errors:



Error fetching database catalogs: java.sql.SQLException: I/O Error: Connection reset

java.sql.SQLException: I/O Error: Connection reset

    at net.sourceforge.jtds.jdbc.TdsCore.nextToken(TdsCore.java:2311)

    at net.sourceforge.jtds.jdbc.TdsCore.login(TdsCore.java:610)

    at net.sourceforge.jtds.jdbc.ConnectionJDBC2.(ConnectionJDBC2.java:352)

    at net.sourceforge.jtds.jdbc.ConnectionJDBC3.(ConnectionJDBC3.java:50)

    at net.sourceforge.jtds.jdbc.Driver.connect(Driver.java:185)

    at java.sql.DriverManager.getConnection(Unknown Source)

    at java.sql.DriverManager.getConnection(Unknown Source)

    at com.splunk.dbx.sql.type.impl.AbstractDatabaseType.connect(AbstractDatabaseType.java:139)

    at com.splunk.dbx.sql.type.impl.MicrosoftSqlServer.connect(MicrosoftSqlServer.java:85)

    at com.splunk.dbx.sql.type.impl.AbstractJtdsDatabaseType.listCatalogs(AbstractJtdsDatabaseType.java:48)

    at com.splunk.dbx.info.DatabaseList.invoke(DatabaseList.java:34)

    at com.splunk.bridge.session.BridgeSession.call(BridgeSession.java:92)

    at com.splunk.bridge.session.BridgeSession.call(BridgeSession.java:30)

    at java.util.concurrent.FutureTask.run(Unknown Source)

    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

    at java.lang.Thread.run(Unknown Source)

Caused by: java.net.SocketException: Connection reset

    at java.net.SocketInputStream.read(Unknown Source)

    at java.net.SocketInputStream.read(Unknown Source)

    at net.sourceforge.jtds.ssl.TdsTlsInputStream.read(TdsTlsInputStream.java:72)

    at sun.security.ssl.InputRecord.readFully(Unknown Source)

    at sun.security.ssl.InputRecord.read(Unknown Source)

    at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)

    at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)

    at sun.security.ssl.AppInputStream.read(Unknown Source)

    at java.io.DataInputStream.readFully(Unknown Source)

    at java.io.DataInputStream.readFully(Unknown Source)

    at net.sourceforge.jtds.jdbc.SharedSocket.readPacket(SharedSocket.java:851)

    at net.sourceforge.jtds.jdbc.SharedSocket.getNetPacket(SharedSocket.java:732)

    at net.sourceforge.jtds.jdbc.ResponseStream.getPacket(ResponseStream.java:466)

    at net.sourceforge.jtds.jdbc.ResponseStream.read(ResponseStream.java:103)

    at net.sourceforge.jtds.jdbc.TdsCore.nextToken(TdsCore.java:2206)

I have confirmed the connectivity is fine with SQL Server Management Studio tool. Both ping and telnet to the mssql server are successful as well. So what gives?

Here is my database.conf stanza:

/opt/splunk614/etc/apps/dbx/local$ more database.conf
[MSSQL]
database = AdventureWorksLT2012
host = that_mssql_host
isolation_level = DATABASE_SETTING
password = secret
port = 1433
readonly = 1
type = mssql
username = sa
disabled = 0
Reply
1 Solution
Solved! Jump to solution
Solution

jreuter_splunk
Splunk Employee
Splunk Employee
‎02-19-2015 03:44 PM

SSL may be enforced on the MSSQL side, causing the connection to be reset. You can configure the connection to require ssl by specifying additional parameters for the jdbc connection via splunkweb, on the database configuration page:
alt text

Or in database.conf:

    [MSSQL]
    database = AdventureWorksLT2012
    host = that_mssql_host
    isolation_level = DATABASE_SETTING
    password = enc:QcZYlxC8Rcw8PjB87kXDMA==
    port = 1433
    readonly = 1
    type = mssql
    username = sa
    disabled = 0
    arguments = arg.ssl = require

The details on the parameter can be found here, but the syntax looks to be incorrect currently (this will be addressed): http://docs.splunk.com/Documentation/DBX/1.1.6/DeployDBX/databasespec

See also: http://answers.splunk.com/answers/101513/db-connect-hangs-when-attempting-to-connect-to-mssql-using-...

View solution in original post

Preview file
1 KB
Reply
Solved! Jump to solution
Solution

jreuter_splunk
Splunk Employee
Splunk Employee
‎02-19-2015 03:44 PM

SSL may be enforced on the MSSQL side, causing the connection to be reset. You can configure the connection to require ssl by specifying additional parameters for the jdbc connection via splunkweb, on the database configuration page:
alt text

Or in database.conf:

    [MSSQL]
    database = AdventureWorksLT2012
    host = that_mssql_host
    isolation_level = DATABASE_SETTING
    password = enc:QcZYlxC8Rcw8PjB87kXDMA==
    port = 1433
    readonly = 1
    type = mssql
    username = sa
    disabled = 0
    arguments = arg.ssl = require

The details on the parameter can be found here, but the syntax looks to be incorrect currently (this will be addressed): http://docs.splunk.com/Documentation/DBX/1.1.6/DeployDBX/databasespec

See also: http://answers.splunk.com/answers/101513/db-connect-hangs-when-attempting-to-connect-to-mssql-using-...

Preview file
1 KB
Reply
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

REGISTER NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If ...

Observability | Use Synthetic Monitoring for Website Metadata Verification

If you are on Splunk Observability Cloud, you may already have Synthetic Monitoringin your observability ...

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...