data_engine will not start after changes in the environment
search cancel

data_engine will not start after changes in the environment

book

Article ID: 212756

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM)

Issue/Introduction

The data_engine probe was running fine up to a point where there were unknown changes in the environment. I am getting the following in the data_engine log:

Apr 13 17:37:41:748 [4788] 0 de: (1) Open [Microsoft OLE DB Provider for SQL Server] [DBNETLIB][ConnectionOpen (SECCreateCredentials()).]SSL Security error.
Apr 13 17:37:41:749 [4788] 0 de: COM Error [0x80004005] Unspecified error - [Microsoft OLE DB Provider for SQL Server] [DBNETLIB][ConnectionOpen (SECCreateCredentials()).]SSL Security error.
Apr 13 17:37:41:749 [4788] 0 de: Unable to connect to database. so exiting

I am also seeing the following in my Windows system event log file:

A fatal error occurred while creating an SSL client credential. The internal error state is 10013.

Environment

Release: UIM 9.x and above

Component: UIM data_engine

Cause

Potential causes:

  • FIPS is not turned on for the system in the Local Security Policy if you are configured to use TLS (1.2) in the data_engine configuration
  • TLS 1.0 was disabled on the machine without actually configuring TLS for the data_engine

Resolution

This can either be an issue where FIPS is not turned on for the system in the Local Security Policy if you are configured to use TLS (1.2) in the data_engine configuration, or TLS 1.0 was disabled on the machine without actually configuring TLS for the data_engine per the following:

https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/unified-infrastructure-management/20-1/installing/pre-installation-planning/install-and-configure-your-database-software/microsoft-sql-server/support-for-tls-v1-2-microsoft-sql-server.html

  • check FIPS (Windows Administrative Tools > Local Security Policy > Local Policies > Security Options > System cryptography: Use FIPS compliant...) should be enabled if using TLS configuration in data_engine
  • check that TLS 1.0 (regedit > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client and Server 'Enabled' set to 1), is enabled if you are not using the TLS configuration in the data_engine.