SQL Server Connection Faulted

I think what’s going on here is that newer versions of Java have disabled some of the older cipher suites by default and this is causing there to be no intersection between the set of suites enabled by default in Java and the set of suites enabled by default in SQL Server.

2 Likes

I ran into this the other evening with some old SQL Express installs. Rather than downgrading java, you can edit the java.security file to unblock TLSv1 and/or TLSv1.1. If you can’t upgrade what you are trying to connect, that is. ):

4 Likes

I’m having the same issue after upgrading to 8.1.7 from 8.1.4. Thanks for posting this Phil, I’ve unblocked TLSv1 and 1.1 in the java.security file in /usr/lib/jvm/java-1.11.0-openjdk-amd64/conf, and performed a reboot etc. but I’m still seeing the issue. Is there any other setting required to force older TLS etc? Thanks!

You might need extra connection properties in Ignition, either sslProtocol or enabledTLSProtocols, to specify the older version.

The opposite of the intent of the above StackOverflow post, but same properties.

Thanks again for helping Phil, I’ve tried both of the following: enabledTLSProtocols=TLSv1.1;sslProtocol=TLSv1.1

Individually and together and no change. Maybe I need to downgrade the driver for now…unless you have another other thoughts?

You might need to downgrade. The case I encountered was a SQL Server 2008, which isn’t supported past driver 6.2. See this compatibility chart:

I think with the correct driver, I didn’t need the extra connection properties, just the java.security changes. YMMV, of course.

Ya this is really interesting, the SQL version is MSSQL14 Express. So as far as I can tell it should actually support TLSv1.2. But still combing the online articles on this to get better acquainted. Thanks again for jumping in on the weekend, much appreciated.

You’re welcome, and I understand. SQL Server makes me want to pull my hair out, for numerous reasons. ):

1 Like

Found instructions on setting registry values to enable TLS1.2 on the SQL server machine. Still no dice! Going to step back, have a coffee and resume later.

Here’s a link to info on Microsoft server settings: Enable TLS 1.2 on servers - Configuration Manager | Microsoft Docs

@pturmel Just to confirm, is it correct to change the java.security file in /usr/lib/jvm/java-1.11.0-openjdk-amd64/conf ? Or is there another place that would be more specific to Ignition’s java settings? This area is out of my wheelhouse so apologies if this is a dumb question.

It needs to be the java.security file for the java that is running Ignition. For v7.9, that would be some version of java 8.

ok, in this case we’re running Ignition 8.1.7, so I’m assuming that’s the correct location to make the changes.

Well, probably not. Ignition v8+ packages its own java. It doesn’t use your system’s java.

(This post is tagged v7.9–forgot you weren’t the OP.)

2 Likes

Just circling back to say thanks and we have this sorted now. It was just about removing the TLS1 and 1.1 version disables in the correct java.security file in the Ignition java deployment. Followed by an Ignition restart. Thanks again @pturmel

1 Like

Remember to do the same on the redundant backup if you have one!

1 Like

Could you please provide the steps to remove version disables in detail?. TIA

I just went through this issue on 8.1.7. If you haven’t fixed it yet, I modified the file C:\Program Files\Inductive Automation\Ignition\lib\runtime\jre-win\conf\security\java.security

Deleted TLSv1 and TLSv1.1

Restarted ignition service and database connections worked just fine.

11 Likes

Phil capitalized the ‘S’ in server, op did not. “SQL Server”: the Sybase RDMS Microsoft purchased. Specify it as Microsoft SQL Server.

Ethernet/IP is understandable enough. EtherNet/IP (capital ‘N’ there) is/was a marketing ploy by Allen-Bradley. Keenex vs tissue.

I read the post on this forum regularly, thanks all. When I read that question I had no idea which RDMS was involved. I feel a bit dim-witted sometimes. Every reply assumed that it was MS SQL Server. Correctly, I think, but not obvious to me at all.

I had the same issue a few days back. I updated my JDBC driver [From 6.0 to 7.2 I believe (sqljdbc4.jar to mssql-jdbc-7.2.1.jre11.jar)] and that fixed it.

I refereed the manual to perform this driver update. (JDBC Drivers and Translators - Ignition User Manual 8.0 - Ignition Documentation)

Thanks alot, It worked for me in V8.1.7