I am trying to connect to DB2 using python module ibm_db with SSL and I get the following error
conn = ibm_db.connect("DATABASE=myDB;HOSTNAME=xx.xx.xxx.xxx;PORT=nnn;PROTOCOL=TCPIP;SECURITY=SSL;SSLServerCertificate=./myFile.arm;UID=<username>;PWD=<password>;","","")
stmt = ibm_db.exec_immediate(conn, "delete from myschema.mytable")
I get the following exception
Exception: [IBM][CLI Driver] SQL30081N A communication error has been detected. Communication protocol being used: "SSL". Communication API being used: "SOCKETS". Location where the error was detected: "". Communication function detecting the error: "sqlccSSLSocketSetup". Protocol specific error code(s): "414", "*", "*". SQLSTATE=08001 SQLCODE=-30081
I have spent several hours trying to debug. Can't make any progress here
Any help will be appreciated.
Tinniam,
How is your gskit keystore (i.e. .kdb) and stash file (i.e. .sth file - file storing encrypted password for the keystore) created?
Was it creating locally with the same version on the client machine or was it created by someone on other machine that has a different version of gskit?
There is a known gskit incompatibility issue ( http://www-01.ibm.com/support/docview.wss?uid=swg22014693). A stash file generated with version GSKit 8.0.50.69 and newer versions cannot be read by lower version and it will return exactly gskit 414 error.
Check the gskit on where your keystore and stash file are created and the version that the client is using. There is a gsk8ver_64 tool in sqllib/gskit/bin to tell you the version.
If indeed, you have hit the incompatibility issue, you need to either upgrade your client to use the version of Db2 that has gskit on the newer boundary release OR: find an older version of Db2 server such as 10.5 fp9 and generate a new keystore and stash file with the lower version of gskit.
NOTE: newer version of gskit can read stash created by lower version. But stash file created by 8.0.50.69 and newer versions is not readable by gskit version that is lower than 8.0.50.69 release.
Hope this help solve your issue.
Kevin See
Db2 Hybrid Cloud Security Team
I had the same issue today while opening an SSL connection from a Db2 Client to a Db2 server.
SQL30081N with error code 414. Db2 docs pointed to this https://www.ibm.com/support/knowledgecenter/en/SSVJJU_6.3.0/com.ibm.IBMDS.doc/progref506.htm and the hint was
414 – Incorrectly formatted certificate received from partner.
We figured out sometime later, we have just imported the public key of our server into the client trust keyring. Correct is to import only the public keys of the root server and the intermediate server into the client trust store. You do not need to import the server public key (signed by the intermediate server) into the client trust store.
I hope, the original poster has already found a solution and I just wanted to leave here my solution for the next person with the same issue.
I would recommend to investigate how the SSL / TLS communication is configured, how the certificate is managed.
The SSL-specific error is documented as GSKit issue related to certificates. You probably have checked the recommendations for the error SQL30081N. The error SQL30081N even has protocol-specific details for the error codes.
Related
I'm trying to run a python script through a cronjob inside my EKS cluster. When it tries to connect to my aurora instance, it fails stating that I'm using an unsupported SSL protocol.
unsupported protocol log trace
Any clue? The aurora's mysql version is 5.6, the python is 3.8 and the mysql connector package is 8.0.25
Even though the actual error message is a little different but I'm guessing this is most likely related to the missing TLS certificate issue stated here.
You should probably have the certificate available to the pod/cronjob you are trying to run in the cluster.
I use SQL Server on Azure and I make a bulk insert with Python but I constantly get error. How can I solve the problem?
Error : TCP Provider, error: 0 - An existing connection was forcibly closed by the remote host
Best,
Thanks
As per the Microsoft official document, this error message returned when the secure TLS handshake is negotiated between the client and the server by using TLS_DHE cipher suite.
To fix this issue, make sure that both the client and server involved in a connection are running Windows that have the leading zero fixes for TLS_DHE installed. It's recommended to install the updates since they enhance the conformance to TLS_DHE specifications.
If you can't update the windows, a workaround is available here.
I've been trying to connect to a MySQL database remotely but I keep getting the error:
2055: Lost connection to MySQL server at 'local.mysql.database.azure.com:3306', system error: 1 [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1045)
Using the exact same connection details I am able to connect to the database through MySQL Workbench and through Node. For some reason the connection won't go through in python.
This user's as not created to require SSL.
I've been trying to figure out the problem but I'm drawing blanks.
Below is my python login block.
config = {
'host':'local.mysql.database.azure.com',
'user':'user#local',
'password':'password',
'database':'random_db'
}
I've been able to connect to a MySQL instance on the Google Cloud Platform with the exact same connection block but it doesn't work for the Azure connection. I've looked for differences between the two platforms which could have caused this and the only thing I could find was that the Azure MySQL version was 5.7.32log while the GCP was 8.0.18.
I am also currently running python 3.7.0, not sure if that changes anything.
Is there another module I could use if that is the problem, or do I need to downgrade something? I have no idea.
According to this 5.7.29 is the latest 5.7 supported so 5.7.32 would give wrong version error.
I am facing this error while using Cx_Oracle package in python environment. I upgraded to oracle 12c from 11g but it still gets me this error. Also, I am using ojdbc6.jar.
DatabaseError: ORA-28040: No matching authentication protocol
From 12c onward, minimum supported version default has changed from 11 to 12 and SQLNET.ALLOWED_LOGON_VERSION is now replaced with the SQLNET.ALLOWED_LOGON_VERSION_SERVER and SQLNET.ALLOWED_LOGON_VERSION_CLIENT parameters
You need to add these two parameters in your sqlnet.ora file, you can find that file at
ORACLE_HOME/network/admin/
After you made the changed, do not forget to reload the listener using lsnrctl reload
For more see Oracle Official Doc
This helped me while using cx-Oracle 8.0.1
add in sqlnet.ora
SQLNET.ALLOWED_LOGON_VERSION_SERVER=11
The error disapears, but I got instead
ORA-01017: Invalid Username/Password
The workaround was to change the password:
alter user UUUUU identified by PWD;
After this the user PASSWORD_VERSIONS were set from 10 to 12 and everything worked fine!
select PASSWORD_VERSIONS from dba_users where username = 'UUUUU';
PASSWORD_VERSIONS
-----------------
10G 11G 12C
ojdbc6.jar is driver for JVM/Java
Cx_Oracle is C/C++ library depending on libclnth.so library.
The errors states that your client is either to old (or too new) and you can not authenticate to the database. There is no auth protocol that both sides implement/accept.
Either you should upgrade your client or change
sqlnet.ora set SQLNET.ALLOWED_LOGON_VERSION to version of your client library.
I have an Azure web app with a Flask template. I want it to connect to a SQL database. I made one. I installed pymssql. For testing purposes I added to the views.py in the root folder:
import pymssql
conn = pymssql.connect(server='mydb.database.windows.net', user='mydbnameadmin#mydb', password='secret', database='mydb')
I first tested locally on my kubuntu box. To make sure I was getting a connection, I entered the wrong password, and the server threw an error. I entered it correctly and the error disappeared. Cool. Also the SQL dashboard on the azure portal reported sucessfull connections. So then I pushed my changes (including updating the requirements.txt) to my github repo and it was sucked into my web application. When I tried running the web app, on the index page:
The page cannot be displayed because an internal server error has
occurred.
After turning on and inspecting the detailed logs all I get it:
HTTP Error 500.0 - Internal Server Error
The page cannot be displayed because an internal server error has occurred.
Most likely causes:
IIS received the request; however, an internal error occurred during the processing of the request. The root cause of this error depends on which module handles the request and what was happening in the worker process when this error occurred.
IIS was not able to access the web.config file for the Web site or application. This can occur if the NTFS permissions are set incorrectly.
IIS was not able to process configuration for the Web site or application.
The authenticated user does not have permission to use this DLL.
The request is mapped to a managed handler but the .NET Extensibility Feature is not installed.
IIS. What's that doing here? I thought MS was trendy and hosted this service on a linux box 0_0
I remove the second line
conn = pymssql.connect(server='mydb.database.windows.net', user='mydbnameadmin#mydb', password='secret', database='mydb')
and the error disappeared. If I run a server locally, which still uses the Azure SQL server, I don't have any issues.
This seems to be the same issue I have:
https://social.msdn.microsoft.com/Forums/sqlserver/en-US/e20bb2a3-bdbe-4e49-8b92-b36fe50577da/having-trouble-deploying-flask-app-into-azure-with-azure-database?forum=windowsazurewebsitespreview&prof=required
but they say whether they actually got it working with a SQL database...
what do people think?
Thanks
my requirements.txt
alembic==0.7.7
azure==0.11.1
Flask==0.10.1
Flask-Migrate==1.5.0
Flask-Script==2.0.5
Flask-SQLAlchemy==2.0
futures==3.0.3
itsdangerous==0.24
Jinja2==2.8
Mako==1.0.1
MarkupSafe==0.23
pymssql==2.1.1
python-dateutil==2.4.2
six==1.9.0
SQLAlchemy==1.0.8
Werkzeug==0.10.4
wheel==0.24.0
Per my understanding, Azure Web sites are hosted on Windows Server 2012 VM by default, which would not install FreeTDS and also we don't have permission to install it. And the pymssql is based on FreeTDS.
So we can use pyodbc to connect the Azure SQL as a workaround way to handle it in ease.
I was able to successfully connect my Python code to a SQL Database on Azure using the pymssql 2.1 library.
I don't know if this is what is causing the problem but I did include a couple of extra parameters in my connection string... maybe that will help. I specified the driver explicitly and the Encrypt parameter since SSL is always enabled for SQL Azure (I believe)
myConnection = pyodbc.connect('Driver={SQL Server};'
'Server=tcp:1234567.database.windows.net,1433;'
'Database=MyAzureDatabase;'
'Uid=geekgirl#123456;Pwd=abcdef;'
'Encrypt=yes')
If that doesn't work, maybe try adding some error handling around the connect statement to try and get a more specific error message.
Fingers crossed!
I had this problem, but I eventually realized it was because I was using the 64-bit version of Python in Visual Studio, but Azure only supports the 32-bit version.
I was seeing:
DLL load failed: %1 is not a valid Win32 application.
Once I switched to installing and using the 32-bit version I was able to use Flask and pyodbc with no problems.