Faulted JDBC Connection to SQL Server 2019

Hello,

I have a fresh installation of SQL Server 2019 (SQLEXPRESS). On the same node I have a new installation of Ignition v8.1.3. It looks like the SQL JDBC driver version installed with Ignition is version 7.2.1. I’ve tried everything I can think of. I hope somebody out there has seen this error and can offer a suggestion.

It looks like I need version 7.4 or greater to connect to SQL 2019.

https://docs.microsoft.com/en-us/sql/connect/jdbc/microsoft-jdbc-driver-for-sql-server-support-matrix?view=sql-server-ver15#sql-version-compatibility

I updated the SQL JDBC driver to version 9.2. I am also using the sqljdbc_auth.dll so that my connection leaves the username and password blank and will use the account configured to login to the Ignition system service.

I’ve experimented with connection parameters to disable encrypted connections. I am using the TCP/IP protocol for SQLEXPRESS. I have Force Encryption set to “No” for SQL Express Protocols.

The database connection always faults with the same error and appears to be related to using an encrypted connection.

My connection faults with the following error.

java.sql.SQLException: Cannot create PoolableConnectionFactory (The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "Tag mismatch!". ClientConnectionId:c53d983f-3d41-4d06-997c-efb5b135ff7e)
	at org.apache.commons.dbcp2.BasicDataSource.createPoolableConnectionFactory(BasicDataSource.java:2385)
	at org.apache.commons.dbcp2.BasicDataSource.createDataSource(BasicDataSource.java:2110)
	at org.apache.commons.dbcp2.BasicDataSource.getConnection(BasicDataSource.java:1563)
	at com.inductiveautomation.ignition.gateway.datasource.DatasourceImpl.getConnectionInternal(DatasourceImpl.java:250)
	at com.inductiveautomation.ignition.gateway.datasource.DatasourceImpl.runTest(DatasourceImpl.java:203)
	at com.inductiveautomation.ignition.gateway.datasource.DatasourceManagerImpl$FaultedDatasourceRetryer.lambda$newRetryRunnable$0(DatasourceManagerImpl.java:1061)
	at com.inductiveautomation.ignition.common.execution.impl.BasicExecutionEngine$TrackedTask.run(BasicExecutionEngine.java:581)
	at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
	at java.base/java.util.concurrent.FutureTask.runAndReset(Unknown Source)
	at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknown Source)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
	at java.base/java.lang.Thread.run(Unknown Source)
Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "Tag mismatch!". ClientConnectionId:c53d983f-3d41-4d06-997c-efb5b135ff7e
	at com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(SQLServerConnection.java:3206)
	at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1916)
	at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:2760)
	at com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:2418)
	at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectInternal(SQLServerConnection.java:2265)
	at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(SQLServerConnection.java:1291)
	at com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(SQLServerDriver.java:881)
	at org.apache.commons.dbcp2.DriverConnectionFactory.createConnection(DriverConnectionFactory.java:53)
	at org.apache.commons.dbcp2.PoolableConnectionFactory.makeObject(PoolableConnectionFactory.java:291)
	at org.apache.commons.dbcp2.BasicDataSource.validateConnectionFactory(BasicDataSource.java:2395)
	at org.apache.commons.dbcp2.BasicDataSource.createPoolableConnectionFactory(BasicDataSource.java:2381)
	... 12 more
Caused by: javax.net.ssl.SSLException: Tag mismatch!
	at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
	at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
	at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
	at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
	at java.base/sun.security.ssl.SSLTransport.decode(Unknown Source)
	at java.base/sun.security.ssl.SSLSocketImpl.decode(Unknown Source)
	at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source)
	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1824)
	... 21 more
Caused by: javax.crypto.AEADBadTagException: Tag mismatch!
	at java.base/com.sun.crypto.provider.GaloisCounterMode.decryptFinal(Unknown Source)
	at java.base/com.sun.crypto.provider.CipherCore.finalNoPadding(Unknown Source)
	at java.base/com.sun.crypto.provider.CipherCore.fillOutputBuffer(Unknown Source)
	at java.base/com.sun.crypto.provider.CipherCore.doFinal(Unknown Source)
	at java.base/com.sun.crypto.provider.AESCipher.engineDoFinal(Unknown Source)
	at java.base/javax.crypto.CipherSpi.bufferCrypt(Unknown Source)
	at java.base/javax.crypto.CipherSpi.engineDoFinal(Unknown Source)
	at java.base/javax.crypto.Cipher.doFinal(Unknown Source)
	at java.base/sun.security.ssl.SSLCipher$T13GcmReadCipherGenerator$GcmReadCipher.decrypt(Unknown Source)
	at java.base/sun.security.ssl.SSLSocketInputRecord.decodeInputRecord(Unknown Source)
	at java.base/sun.security.ssl.SSLSocketInputRecord.decode(Unknown Source)
	... 27 more

8.1.3 (b2021030309)
Azul Systems, Inc. 11.0.9

Is the SQLServer Browser service running?

Hi Jordan,

Yes, I had previously set the SQL Browser service to auto start and started it.

Bruce

Bruce did work out a fix for this?

Thanks

No, I we never did identify the root cause and fix it. This issue only presented itself when Ignition and SQL Server were on the same machine. Luckily this was a development environment that allowed me to change the architecture.