000037193 - Microsoft SQL server collector fails intermittently in RSA Identity Governance & Lifecycle

Document created by RSA Customer Support Employee on Feb 18, 2019Last modified by RSA Customer Support Employee on Apr 3, 2019
Version 5Show Document
  • View in full screen mode

Article Content

Article Number000037193
Applies ToRSA Product Set: Identity Governance & Lifecycle
RSA Version/Condition: 7.1.0, 7.0.2, 7.0.1
 
Issue
  • RSA Identity Governance & Lifecycle Microsoft SQL server collector fails intermittently with the following error in the collector status:

ID=1234 Reason=com.aveksa.common.DataReadException: Could not create user data Caused by com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: -SQL Server returned an incomplete response. The connection has been closed. Caused by java.io.ioException; SQL Server returned an incomplete response. The connection has been closed.)

 

  • The /home/oracle/wildfly-10.1.0.Final/standalone/log/aveksaServer.log shows the following exception:

02/13/2019 22:49:14.054 ERROR (ApplyChangesRegularThread-295) [com.aveksa.client.datacollector.framework.DataCollectorManager]
ADD123: Collection Failed: CollectionFailedEvent[cmi = CollectionMetaInfo
[{ID=4, run_id=6857, collector_id=2, test-run=false, collector_name=NAME-IDC, data_size=0,
data_file=/home/oracle/wildfly-10.1.0.Final/standalone/tmp/vfs/deployment/deploymentsdfdfdaedaa/aveksa.war-ed49021sdf96c52f/WEB-INF/LocalAgent/collected_data/5.data}]
message = null cause = com.aveksa.common.DataReadException: Could not create user data iterator!]


com.aveksa.common.DataReadException: Could not create user data iterator!
at com.aveksa.collector.userdata.DBUserIterator.<init>(DBUserIterator.java:105)
at com.aveksa.collector.userdata.DBGenericReader.constructUserIterator(DBGenericReader.java:400)
at com.aveksa.collector.userdata.DBGenericReader.getUserIterator(DBGenericReader.java:417)
at com.aveksa.client.datacollector.collectors.identitydatacollectors.IdentityDataCollector.writeData(IdentityDataCollector.java:371)
at com.aveksa.client.datacollector.collectors.identitydatacollectors.IdentityDataCollector.collectData(IdentityDataCollector.java:346)
at com.aveksa.client.datacollector.collectors.identitydatacollectors.IdentityDataCollector.collect(IdentityDataCollector.java:307)
at com.aveksa.client.datacollector.collectors.identitydatacollectors.IdentityDataCollector.collect(IdentityDataCollector.java:283)
at com.aveksa.client.datacollector.framework.DataCollectorManager.collect(DataCollectorManager.java:536)
at com.aveksa.client.component.collector.DefaultCollectorManager.actUpon(DefaultCollectorManager.java:204)
at com.aveksa.client.component.collector.DefaultCollectorManager.handle(DefaultCollectorManager.java:102)
at com.aveksa.client.component.event.DefaultEventManager.handle(DefaultEventManager.java:60)
at com.aveksa.client.datacollector.framework.SimpleEventSource.notifyListeners(SimpleEventSource.java:67)
at com.aveksa.client.component.communication.DefaultCommunicationManager.notifyEvent(DefaultCommunicationManager.java:377)
at com.aveksa.client.component.communication.ChangeListHandler.applyChanges(ChangeListHandler.java:364)
at com.aveksa.client.component.communication.ChangeListHandler.access$300(ChangeListHandler.java:58)
at com.aveksa.client.component.communication.ChangeListHandler$ChangeApplyingRunnable.run(ChangeListHandler.java:275)
at java.lang.Thread.run(Thread.java:748)
Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to
SQL Server by using Secure Sockets Layer (SSL)encryption. Error: "SQL Server returned an incomplete response.
The connection has been closed.".
Cause

This is a known issue in the following versions of RSA Identity Governance & Lifecycle which uses the Microsoft JDBC driver 4.0 and 4.1 for connecting to an external Microsoft SQL Server for collections and connectors where DB Type is SQLServer or SQLServer3.  



  • RSA Identity Governance & Lifecycle 6.9.1
  • RSA Identity Governance & Lifecycle 7.0.0
  • RSA Identity Governance & Lifecycle 7.0.1
  • RSA Identity Governance & Lifecycle 7.0.2


This is a problem with the SSL handshake with servers using TLS.   It may cause intermittent connection failures in about 5% of the connection attempts.  This issue may occur more frequently, or may start to occur with later versions or later patches of Microsoft SQL server. 

Contact Microsoft or search Microsoft Support sites for additional information on this issue. 

ResolutionThis issue is resolved in the following versions of RSA Identity Governance & Lifecycle which use Microsoft JDBC driver 4.2 for DB Type SQLServer:
  • RSA Identity Governance & Lifecycle 7.1.0
  • RSA Identity Governance & Lifecycle 7.1.1
 

Note that Microsoft JDBC driver 4.2 only runs on Java JRE 1.8.   This version of the driver cannot be used on older versions of RSA Identity Governance & Lifecycle. 



For solutions applicable to older versions, see the Workaround section. 
WorkaroundFor systems that cannot run Microsoft JDBC driver 4.2 one alternative is use the open source JTDS OJDBC driver.  The JTDS driver may be used to connect to Microsoft SQL server.   

There is no Collector or Connector Datasheet for the JTDS driver as it is not a fully supported and qualified solution.   

The knowledge base article on How to install the jTDS JDBC driver on WildFly in a non-clustered RSA Identity Governance & Lifecycle environment provides additional information on how to obtain and install this third party driver.

Refer to the Collector or Connector datasheets for instructions on how to install third-party JDBC drivers. 

For Microsoft SQL server refer to the RSA Identity Governance and Lifecycle  - SQL Server Connector Datasheet.
NotesFor additional known issues with the Microsoft JDBC driver see article 000035384 - RSA Identity Governance and Lifecycle Microsoft SQL Server Collectors can no longer connect to the SQL Server database after upgrade to Microsoft SQL Server 2012 and Microsoft Windows 2012.

 

Attachments

    Outcomes