teamcity install SQLServerException

Answered

OS : win2019
mssql : 2019

#error

[2020-05-05 20:35:45,486] ERROR - jetbrains.buildServer.STARTUP - SQL Server did not return a response. The connection has been closed. ClientConnectionId:b7f68be8-ade0-4eb0-a448-5dd3560a744a: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:b7f68be8-ade0-4eb0-a448-5dd3560a744a". Caused by: java.io.IOException: SQL Server did not return a response. The connection has been closed. ClientConnectionId:b7f68be8-ade0-4eb0-a448-5dd3560a744a

 

Finally I have fixed this by enabling older windows crypto.

I have used iiscrypto tool to set strict template on windows server but I had problem and then I set [best practice] template with iiscrypt  and installation went fine.

I would like to disable TLS 1.0 and TLS 1.1, just to reenable strict template.

I have searched about problem and it look like that it first try older TLS protocol and then break.

I have read this
https://stackoverflow.com/questions/53152863/error-sql-server-did-not-return-a-response-the-connection-has-been-closed
https://blogs.msdn.microsoft.com/dataaccesstechnologies/2016/11/30/intermittent-jdbc-connectivity-issue-the-driver-could-not-establish-a-secure-connection-to-sql-server-by-using-secure-sockets-layer-ssl-encryption-error-sql-server-returned-an-incomplete-respons/

Do you have some suggestion what to modify in configuration to return back to stronger crypto?

 

3 comments
Comment actions Permalink

I'm not all that familiar with iiscrypto tool you are using. When you enable the strict template, what protocol is being used to connect to your SQL server? 

0
Comment actions Permalink

https://www.nartac.com/Products/IISCrypto/  tool I use for disablin old/weak crypto protocols/chipers.
I only leave TLS 1.2 enabled and then teamcity have problem with accessing mssql.
MSSQL is on same machine as teamcity.

I have read similar problem with other products which uses java and there need to be some change and fore to use TLS 1.2
Maybe somehow to force jdbc driver to use tls 1.2 if that is the problem.

Similar problem is with msdeploy and publishing to remote server which have only TLS 1.2 enabled.
msdeploy was solved by forcing .net to use tls 1.2
https://dougrathbone.com/blog/2016/02/28/pci-compliant-web-deploy-getting-webdeploy-working-after-disabling-insecure-ciphers-like-ssl-30-and-tls-10

Now I'm searching how to force teamcity to work only with tls 1.2

If you have any suggestions what to do that would be great.

 

 

0
Comment actions Permalink

What version of TeamCity Server and Java are you using? It is my understanding that TLS 1.2 is the default after Java 8, according to this blog post from Oracle. You may also want to look at which JDBC driver you're using. You can grab the latest version from Microsoft at: https://docs.microsoft.com/en-us/sql/connect/jdbc/download-microsoft-jdbc-driver-for-sql-server?view=sql-server-ver15

0

Please sign in to leave a comment.