Db migration MS Sql error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
Hi Team City support.
I inherited TeamCity servers and tried to move DB from internal to MS Sql server
my connection string for MS Sql (file database.mssql.properties)
connectionUrl=jdbc:sqlserver://SqlServerXXX:1433;databaseName=TeamCity;encrypt=true;trustServerCertificate=false;trustStore="C:\\Program Files\\TeamCity\\jre\\lib\\security\\cacerts";trustStorePassword=changeit;
I imported the certificates per MS recommendations here https://techcommunity.microsoft.com/t5/azure-database-support-blog/pkix-path-building-failed-unable-to-find-valid-certification/ba-p/2591304
"C:\Program Files\TeamCity\jre\bin\keytool" -importcert -trustcacerts -alias TLS1 -file "C:\Program Files\TeamCity\jre\Microsoft RSA TLS CA 01.crt" -keystore "C:\Program Files\TeamCity\jre\lib\security\cacerts"
"C:\Program Files\TeamCity\jre\bin\keytool" -importcert -trustcacerts -alias TLS2 -file "C:\Program Files\TeamCity\jre\Microsoft RSA TLS CA 02.crt" -keystore "C:\Program Files\TeamCity\jre\lib\security\cacerts"
I also checked SO answers https://stackoverflow.com/questions/6784463/error-trustanchors-parameter-must-be-non-empty and here https://stackoverflow.com/questions/6784463/error-trustanchors-parameter-must-be-non-empty/25188331#25188331
Checked the type of my cacerts storage
"C:\Program Files\TeamCity\jre\bin\keytool" -list -keystore "C:\Program Files\TeamCity\jre\lib\security\cacerts"
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 106 entries
I see imported certs (aliases) there
I use JRE bundled with TeamCity. TeamCity Professional 2019.2 (build 71499) JRE 1.8.0_151
The full output of maintainDB.cmd: Upload id: 2023_05_25_B4mDefeQFZnFjeaX3XXP7D (file: MigrateDbError.png)
Error part of maintainDB.cmd below
Using target database
database type: MSSQL
connection string: jdbc:sqlserver://FED-PRD-SQL.PSCLP.NET:1433;databaseName=TeamCity;encrypt=true;trustServerCertificate=false;trustStore="C:\Program Files\TeamCity\jre\lib\security\cacerts";trustStorePassword=changeit;
Cannot proceed with 'migrate' command: Could not connect to the target database: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty". ClientConnectionId:f5974462-b8d2-4e2a-ad40-cafd874b6487. Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
Critical error has occurred during command execution.
Upload id: 2023_05_25_B4mDefeQFZnFjeaX3XXP7D (file: MigrateDbError.png)
Thank you in advance!
Please sign in to leave a comment.
After all, whops that I have done, I changed the connection string to turn off encryption explicitly and with all dependencies in tow TeamCity was able to connect to Sql Server and migrate. Hope it will help someone