This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SecurID® Governance & Lifecycle Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID Governance & Lifecycle experts.

Microsoft SQL server collector fails intermittently in RSA Identity Governance & Lifecycle

Article Number

000037193

Applies To

RSA Product Set: Identity Governance & Lifecycle
RSA Version/Condition: 7.1.0, 7.0.2, 7.0.1, 7.0.0, 6.9.1
 

Issue

  • RSA Identity Governance & Lifecycle Microsoft SQL server collector fails intermittently with the following error in the collector status:
ID=1234 Reason=com.aveksa.common.DataReadException: Could not create user data Caused by com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: -SQL Server returned an incomplete response. The connection has been closed. Caused by java.io.ioException; SQL Server returned an incomplete response. The connection has been closed.)
 
  • The /home/oracle/wildfly-10.1.0.Final/standalone/log/aveksaServer.log shows the following exception:
02/13/2019 22:49:14.054 ERROR (ApplyChangesRegularThread-295) [com.aveksa.client.datacollector.framework.DataCollectorManager]
ADD123: Collection Failed: CollectionFailedEvent[cmi = CollectionMetaInfo
[{ID=4, run_id=6857, collector_id=2, test-run=false, collector_name=NAME-IDC, data_size=0,
data_file=/home/oracle/wildfly-10.1.0.Final/standalone/tmp/vfs/deployment/deploymentsdfdfdaedaa/aveksa.war-ed49021sdf96c52f/WEB-INF/LocalAgent/collected_data/5.data}]
message = null cause = com.aveksa.common.DataReadException: Could not create user data iterator!]
com.aveksa.common.DataReadException: Could not create user data iterator!
at com.aveksa.collector.userdata.DBUserIterator.<init>(DBUserIterator.java:105)
at com.aveksa.collector.userdata.DBGenericReader.constructUserIterator(DBGenericReader.java:400)
at com.aveksa.collector.userdata.DBGenericReader.getUserIterator(DBGenericReader.java:417)
at com.aveksa.client.datacollector.collectors.identitydatacollectors.IdentityDataCollector.writeData(IdentityDataCollector.java:371)
at com.aveksa.client.datacollector.collectors.identitydatacollectors.IdentityDataCollector.collectData(IdentityDataCollector.java:346)
at com.aveksa.client.datacollector.collectors.identitydatacollectors.IdentityDataCollector.collect(IdentityDataCollector.java:307)
at com.aveksa.client.datacollector.collectors.identitydatacollectors.IdentityDataCollector.collect(IdentityDataCollector.java:283)
at com.aveksa.client.datacollector.framework.DataCollectorManager.collect(DataCollectorManager.java:536)
at com.aveksa.client.component.collector.DefaultCollectorManager.actUpon(DefaultCollectorManager.java:204)
at com.aveksa.client.component.collector.DefaultCollectorManager.handle(DefaultCollectorManager.java:102)
at com.aveksa.client.component.event.DefaultEventManager.handle(DefaultEventManager.java:60)
at com.aveksa.client.datacollector.framework.SimpleEventSource.notifyListeners(SimpleEventSource.java:67)
at com.aveksa.client.component.communication.DefaultCommunicationManager.notifyEvent(DefaultCommunicationManager.java:377)
at com.aveksa.client.component.communication.ChangeListHandler.applyChanges(ChangeListHandler.java:364)
at com.aveksa.client.component.communication.ChangeListHandler.access$300(ChangeListHandler.java:58)
at com.aveksa.client.component.communication.ChangeListHandler$ChangeApplyingRunnable.run(ChangeListHandler.java:275)
at java.lang.Thread.run(Thread.java:748)
Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to
SQL Server by using Secure Sockets Layer (SSL)encryption. Error: "SQL Server returned an incomplete response.
The connection has been closed.".

Cause

This is a known issue in the following versions of RSA Identity Governance & Lifecycle which uses the Microsoft JDBC driver 4.0 and 4.1 for connecting to an external Microsoft SQL Server for collections and connectors where DB Type is SQLServer or SQLServer3.  

  • RSA Identity Governance & Lifecycle 6.9.1
  • RSA Identity Governance & Lifecycle 7.0.0
  • RSA Identity Governance & Lifecycle 7.0.1
  • RSA Identity Governance & Lifecycle 7.0.2


This is a problem with the SSL handshake with servers using TLS.   It may cause intermittent connection failures in about 5% of the connection attempts.  This issue may occur more frequently or may start to occur with later versions or later patches of the Microsoft SQL Server. 

Contact Microsoft or search Microsoft Support sites for additional information on this issue. 

Resolution

This issue is resolved in the following versions of RSA Identity Governance & Lifecycle which use Microsoft JDBC driver 4.2 for DB Type SQLServer:
  • RSA Identity Governance & Lifecycle 7.1.0
  • RSA Identity Governance & Lifecycle 7.1.1
 

Note that Microsoft JDBC driver 4.2 only runs on Java JRE 1.8.   This version of the driver cannot be used on older versions of RSA Identity Governance & Lifecycle. 


For solutions applicable to older versions, see the Workaround section. 

Workaround

For systems that cannot run Microsoft JDBC driver 4.2 one alternative is to use the open-source JTDS OJDBC driver.  The JTDS driver may be used to connect to the Microsoft SQL Server.   

There is no Collector or Connector Datasheet for the JTDS driver as it is not a fully supported and qualified solution.   

The knowledge base article on How to install the jTDS JDBC driver on WildFly in a non-clustered RSA Identity Governance & Lifecycle environment provides additional information on how to obtain and install this third-party driver.

Refer to the Collector or Connector datasheets for instructions on how to install third-party JDBC drivers. 

For Microsoft SQL server refer to the RSA Identity Governance and Lifecycle  - SQL Server Connector Datasheet.

Notes

  
This is a legacy Knowledge Base Article and only applies to the listed versions which are no longer actively supported.
RSA does not recommend the continued use of the public domain JTDS driver on current versions of the product.  RSA recommends customers use the JDBC driver specific for their database.



For additional known issues with the Microsoft JDBC driver see article 000035384 - RSA Identity Governance and Lifecycle Microsoft SQL Server Collectors can no longer connect to the SQL Server database after upgrade to Microsoft SQL Server 2012 and Microsoft Windows 2012.

 
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2021-03-24 12:33 PM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.