CABI 4.30 Unable to connect with TLS 1.2 enabled, TLS 1.0 and 1.1 disabled

book

Article ID: 207557

calendar_today

Updated On:

Products

DX Infrastructure Management

Issue/Introduction

After installing or upgrading to CABI 4.30 (bundled) in an environment where TLS 1.2 is enabled, and TLS 1.0 and 1.1 are disabled, CABI will not start.

Environment

Release : 20.3

Component : UIM - CABI

Resolution

-On the CABI robot, go to ..\Nimsoft\probes\service\wasp\webapps\cabijs\META-INF and edit context.xml file.

-For both the "<Resource " items, change the URL as follows (your URL will contain the actual database details of course) - you need to add "CryptoProtocolVersion=TLSv1.2" in the URL as seen below:

"jdbc:tibcosoftware:sqlserver://mydbserver.com:1433;databaseName=CA_UIM;sendTimestampEscapeAsString=false;encryptionMethod=ssl;CryptoProtocolVersion=TLSv1.2;trustServerCertificate=true;TrustStore=C:/Program Files (x86)/Nimsoft/security/truststore.jks;TrustStorePassword=(password);"

Restart the CABI robot after making this change.

Additional Information

Note: If you are installing CABI 4.30 for the first time in a TLS 1.2 environment, (not upgrading from a prior version of the cabi probe), the installation will fail initially.  To work around this, you must:

- On the SQL Server, take a backup of the registry keys related to disabling TLS 1.0 and 1.1

- remove those keys from the registry on the SQL server

- restart the entire CABI robot, which will force a retry of the installation

- once the install completes, put the registry keys back in place.