It's all about the answers!

Ask a question

Reason for receiving handshake errors on RTC connection to SQL Server?


Daryl Walters (2112) | asked Sep 06 '18, 2:59 p.m.

Hello, we're running CLM 6.0.5 on Windows Server 2012 R2 with SQL Server.  The applications can't connect to the SQL server, I believe this is because of a handshake error in the connection.  We're seeing the following kinds of errors in the jts.log:


ERROR com.ibm.team.repository                             - CRJAZ2654E The server was unable to connect to the database because the database connection settings are invalid or because database is unreachable (SQLSTATE: 08S01, SQLCODE: 0). Verify the connection settings in your teamserver.properties file. See the Jazz Team Server log for more information.
com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:dd23c13a-b4da-41bb-8be8-47c6e1ff2232".
at com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(SQLServerConnection.java:1669)
at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1668)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:1325)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:993)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(SQLServerConnection.java:829)
at com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(SQLServerDriver.java:1012)
at com.ibm.team.repository.service.db.provider.AbstractDbProvider.getConnection(AbstractDbProvider.java:234)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:90)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
at java.lang.reflect.Method.invoke(Method.java:508)...

On the SQL Server side like the following:
"An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed."
And:
"A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 1205."

This seems to indicate a handshake failure to me, an issue with the protocol or cipher used, but I don't know how to resolve this or get more detail.  Has anyone seen something like this or have an intuition as to the root cause of the problem?

Thanks in advance

One answer



permanent link
Ulf Arne Bister (1.3k7) | answered Sep 08 '18, 2:33 a.m.

 Daryl,


possibly TSL is disabled on the Jazz Server from which you connect. Cp. this technote: http://www-01.ibm.com/support/docview.wss?uid=swg22005219 which mentions at the very end the registry keys to look at and possibly fix.
Another issue could be SSL certificates. Did you just setup up CLM 6.0.5? Was it always running and then suddenly stopped connecting (maybe after exactly 365 days ...?) What App Server are you running on? If using WAS Liberty, you might want to take a look at the console.log and messages.log as well.

- Arne


Comments
Daryl Walters commented Sep 10 '18, 3:54 p.m.

Arne,


This is a relatively new installation of CLM, there have been some changes with enabling FIPS mode on the server hosting the application and SQL Server.  However, even trying this with FIPS disabled still gives the error.  

This is running on WAS Liberty I've tried configuring Liberty to use TLSv1.2 strictly as outlined in https://www.ibm.com/support/knowledgecenter/SSCP65_6.0.5/com.ibm.jazz.install.doc/topics/t_enable_tls1.2_liberty.html  and with this receive new errors indicating that TLSv1 is not enabled.  I'm not sure why it wouldn't have been able to use TLSv1 before, as it hadn't been restricted to not use that previously.



Your answer


Register or to post your answer.