Database Job failed when TLS 1.2 is Enabled
search cancel

Database Job failed when TLS 1.2 is Enabled

book

Article ID: 137242

calendar_today

Updated On:

Products

Workload Automation Agent CA 7 Workload Automation CA Workload Automation DE CA Workload Automation AE - Scheduler (AutoSys)

Issue/Introduction

Database job failed with SQL Server exception like below;

The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed.

The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: Unable to find certificate chain.". 
  

Environment

Release : 11.3, 11.4

Component : CA Workload Automation Agent for Databases

Cause

The Microsoft SQL JDBC Driver configured for the Agent for Database plugin does not support the SQL Server with JRE version.


You can check the following;

1. JRE version in use by the Agent using this command

- Windows

cd <Agent_Installdir>

jre\bin\java -version


- Unix\Linux

cd <Agent_Installdir>

./jre/bin/java -version


2. Microsoft SQL JDBC Driver configured for the Agent for Database plugin in <Agent_Installdir>/jars/ext subdirectory

 

3. Version of Agent and Database plugin using this command

cd <Agent_Installdir>

cybAgent -vv


where <Agent_Installdir> is Agent installation directory.

Resolution

Make sure the Agent plugin is configured with Microsoft JDBC Driver version that supports Java version shipped with the Agent. The JDBC driver location is <Agent_Installdir>/jars/ext.

Examples of Microsoft JDBC Drivers for SQL Server;

Microsoft JDBC Driver 7.4 for SQL Server (mssql-jdbc-7.4.1.jre8.jar)

Microsoft JDBC Driver 7.2 for SQL Server (mssql-jdbc-7.2.2.jre8.jar)

Microsoft JDBC Driver 6.4 for SQL Server (mssql-jdbc-6.4.0.jre8.jar)

Microsoft JDBC Driver 4.2 or 6.0 for SQL Server (sqljdbc42.jar)

Importantly, completely remove any unsupported Microsoft SQL JDBC Driver and keep ONLY supported JDBC driver for the JRE version in <Agent_Installdir>/jars/ext subdirectory. 

Also, update the DB URL connection string in the job definition and/or agentparm.txt file by adding ';encrypt=true;trustServerCertificate=true' to use SSL encryption and skip the trust certificate chain validation.

You need to restart the Agent for the change to take effect.

Powered by Wolken Software