Microsoft SQL Server Collectors can no longer connect to the SQL Server database after upgrade to Microsoft SQL Server 2012 and Microsoft Windows 2012 with RSA Identity Governance & Lifecycle
Originally Published: 2017-07-17
Article Number
Applies To
RSA Version/Condition: 6.9+ (JDK 6.0), 7.X+ (JDK 7.0)
Platform (Other): JDBC 4.0, JDBC 4.1
Platform (Other): Microsoft SQL Server 2012
Platform (Other): Microsoft Windows 2012
Issue
The aveksaServer.log has the following error:
06/21/2017 11:20:33.239 ERROR (ApplyChangesRegularThread-136287) [SystemErr]
com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed."
com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed."
The collector is configured to use the Microsoft SQL Server JDBC driver:
Cause
This is a known issue in the following versions of RSA Identity Governance and Lifecycle which uses the Microsoft JDBC driver 4.0 and 4.1 when connecting to an external Microsoft SQL Server for collections and connectors where DB Type is SQLServer or SQLServer3.
- RSA Identity Governance & Lifecycle 6.9.1
- RSA Identity Governance & Lifecycle 7.0.0
- RSA Identity Governance & Lifecycle 7.0.1
- RSA Identity Governance & Lifecycle 7.0.2
Resolution
- RSA Identity Governance & Lifecycle 7.1.0
- RSA Identity Governance & Lifecycle 7.1.1
Note that Microsoft JDBC driver 4.2 only runs on Java JRE 1.8. This version of the driver cannot be used on older versions of RSA Identity Governance and Lifecycle.
For solutions for older versions see the Workaround section.
Workaround
This is a legacy Knowledge Base Article and only applies to the listed versions which are no longer actively supported.
RSA does not recommend the continued use of the public domain JTDS driver on current versions of the product. RSA recommends customers use the JDBC driver specific for their database.
Use the open-source third-party JTDS JDBC driver. This may be downloaded for free from the web by the customer.
- Upload the driver to:
- Prior to RSA Identity Governance & Lifecycle 7.0 upload to /home/oracle/jboss-4.2.2.GA/server/default/deploy/aveksa.ear/aveksa.war/WEB-INF/LocalAgent/common/lib.
- For RSA Identity Governance & Lifecycle 7.0 and above follow the steps in the relevant RSA Upgrade and Migration guide to customize the ear file using customizeACM.sh.
- RSA Via Lifecycle and Governance Upgrade and Migration Guide 7.0
- RSA Via Lifecycle and Governance Upgrade and Migration Guide 7.0.1
- RSA Via Lifecycle and Governance Upgrade and Migration Guide 7.0.2
- Configure the collector(s) as follows:
