Connector Solution User rule import is failing, it shows the following error: [DBNETLIB][ConnectionOpen (SECCreateCredentials()).]SSL Security error.

Products

IT Management Suite

Issue/Introduction

When the customer is trying to run a Connector Solution User rule import, it shows the following error:

The import rule '02 - Detalhes do CI Usuario' failed. Error: [DBNETLIB][ConnectionOpen (SECCreateCredentials()).]SSL Security error.

The Notification Server logs show the following full error:

An error occurred executing resource import rule: '02 - Detalhes do CI Usuario' (486a0709-f9c5-4a25-adc9-606d2cc6f70c)

[DBNETLIB][ConnectionOpen (SECCreateCredentials()).]SSL Security error.
[System.Data.OleDb.OleDbException @ Microsoft OLE DB Provider for SQL Server]
at System.Data.OleDb.OleDbConnectionInternal..ctor(OleDbConnectionString constr, OleDbConnection connection)
at System.Data.OleDb.OleDbConnectionFactory.CreateConnection(DbConnectionOptions options, DbConnectionPoolKey poolKey, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningObject)
at System.Data.ProviderBase.DbConnectionFactory.CreateNonPooledConnection(DbConnection owningConnection, DbConnectionPoolGroup poolGroup, DbConnectionOptions userOptions)
at System.Data.ProviderBase.DbConnectionFactory.TryGetConnection(DbConnection owningConnection, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal oldConnection, DbConnectionInternal& connection)
at System.Data.ProviderBase.DbConnectionInternal.TryOpenConnectionInternal(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions)
at System.Data.ProviderBase.DbConnectionInternal.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory)
at System.Data.OleDb.OleDbConnection.Open()
at Altiris.Connector.DataSource.OleDbDataSource.GetColumns(Boolean bForImport)
at Altiris.Connector.DataSource.DataSourceBaseItem.get_ImportColumns()
at Altiris.Connector.ImportExportRules.ResourceImport.GenerateColumnsList(ResourceDataMapping mapping, IDataSource dataSource, String filterExpressionString, Boolean isChunked)
at Altiris.Connector.ImportExportRules.ResourceImport.StartImport_Full(ResourceDataConnectorRule itemTask, ResourceDataMapping mapping, IDataSource dataSource, ResourceImportResults results, DateTime lastImportDt, Boolean bAllowResourceDeletes, Boolean bAllowResourceCreates, Boolean bAllowResourceUpdates, String[] trusteeMemberships, Guid retiredAssetStateGuid, Boolean bLoggingEnabled, Boolean bTestOnly)

Exception logged from:
at Altiris.Connector.ImportExportRules.ResourceImport.StartImport_Full(Altiris.Connector.ImportExportRules.ResourceDataConnectorRule, Altiris.Connector.ImportExportRules.ResourceDataMapping, Altiris.Connector.DataSource.IDataSource, Altiris.Connector.ImportExportRules.RunResults.ResourceImportResults, System.DateTime, Boolean, Boolean, Boolean, String[], System.Guid, Boolean, Boolean)
at Altiris.Connector.ImportExportRules.ResourceImport.StartImport(Altiris.Connector.ImportExportRules.ResourceDataConnectorRule, Altiris.Connector.ImportExportRules.ResourceDataMapping, Altiris.Connector.DataSource.IDataSource, System.DateTime, Boolean, Boolean, Boolean, System.Guid, String[], Int32, Boolean, Boolean)
at Altiris.Connector.ImportExportRules.ResourceDataConnectorRule.OnRunImportRule(Boolean)
at Altiris.Connector.ImportExportRules.BaseDataConnectorRule.ExecuteTask(System.Collections.Hashtable, Altiris.NS.ItemTaskManagement.ItemTaskState)
at Altiris.NS.TaskManagement.CoreTaskServiceThreadBase<T,TStartArgs>.ExecuteThreadProc(Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, Object)
at System.Threading.ThreadHelper.ThreadStart(Object)

-----------------------------------------------------------------------------------------------------
Date: 07/10/2021 14:04:10, Tick Count: 1092935921 (12.15:35:35.9210000), Size: 3,94 KB
Process: AeXSvc (4932), Thread ID: 88, Module: Altiris.Connector.dll
Priority: 1, Source: Altiris.Connector.ImportExportRules.ResourceImport.StartImport_Full

Environment

ITMS 8.5, 8.6

Cause

The customer disabled TLS 1.0, leaving only TLS 1.1 and 1.2 enabled on both the SQL and SMP servers.

This is due to the SQLOLEDB provider not supporting TLS 1.2. If TLS 1.0 and TLS 1.1 are not present or enabled on the server it will break the provider's function, causing an error to appear.

https://support.microsoft.com/en-us/topic/kb3135244-tls-1-2-support-for-microsoft-sql-server-e4472ef8-90a9-13c1-e4d8-44aad198cdbe

Resolution

To resolve this, Microsoft has published the MSOLEDSQL driver, which features backward compatibility with SQLOLEDB and can be used as a replacement. To do this, download the driver from Microsoft (https://www.microsoft.com/en-us/download/details.aspx?id=56730) and install it on the server, then change the connection string provider from SQLOLEDB to MSOLEDBSQL and recycle the site's application pool. In the Symantec Management Console, if the MS SQL Server database is selected as the data source type, the console is hard-coded to use SQLOLEDB as a provider. It is required to change the provider to use 'Directly enter Connection String' in the data source type and specify a connection string using MSOLEDBSQL. This requires entering a username and password in plain text. Developers are working on a change in the upcoming release 8.7 to not require a password in plain text so it is hidden from users.

For more information, refer to Microsoft's blog post on the subject: https://docs.microsoft.com/en-us/archive/blogs/sqlnativeclient/released-microsoft-ole-db-driver-for-sql-server

Starting with our ITMS 8.7 Release, you should be able to choose the desired connection string provider. Now OLEDB data source has "Provider Name" field where the default value is "SQLOLEDB" for "MS SQL Server database" source type.

You can change/use another specified provider like "MSOLEDBSQL" and it should work. You can specify a valid Windows and SQL user for authentication.

You can run on Microsoft SQL Management Studio the following query to see available providers:

EXEC master.dbo.sp_MSset_oledb_prop