After you upgrade DX UIM to 23.4 CU7, you encounter database connectivity failures when MSSQL database encryption or TLS 1.2 is enabled. Probes such as WASP and EMS fail to connect to the UIM database, resulting in the following symptoms:

• WASP is unable to create the datasource.
• EMS remains in a "Down" state.
• Access to Operator Console (OC) and Admin Console is impacted.
• Log files show the error: Failed to createDataSource com.microsoft.sqlserver.jdbc.SQLServerException: "encrypt" property is set to "false" and "trustServerCertificate" property is set to "false".
• Logs indicate certificate path errors: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.
• Probes may also report: The server [HOSTNAME] is not configured to listen with TCP/IP.

• DX Unified Infrastructure Management (UIM) 23.4 CU7
• Microsoft SQL Server with TLS 1.2 or DB Encryption enabled
• MSSQL 2019

The connectivity failure occurs due to an incorrect configuration of the Java TrustStore or the database connection parameters in the data_engine probe. Specifically, manual placement of the .jks file can lead to keystore tampering errors, and using an instance name instead of a hostname/port combination can cause TCP/IP listener failures.

To resolve the database connectivity issues, you must correctly configure the TLS parameters and the data_engine probe:

1. Verify Prerequisites:

   • Ensure the certificate name and database server name use the Fully Qualified Domain Name (FQDN).
   • Verify that the required driver (MSOLEDBSQL) is installed on the server.Installed by default with Installer

2. Configure TLS 1.2 in data_engine:

   • You must create the Java KeyStore (.jks) using the database certificate.
   • Do not manually paste the .jks file into the security folder. Instead, use the data_engine Admin Console or Infrastructure Manager to configure the TLS v1.2 parameters.
   • Browse to the location of your created .jks file within the configuration tool. When you click Apply or OK, the system automatically copies the file to the \security folder as truststore.jks.
   • Note: The Test Connection option verifies the certificate imported into the Microsoft Management Console (MMC) on the DX UIM Server rather than the validity of the .jks file itself.

3. Update Database Connection Parameters:

   • If you see TCP/IP listener errors, modify the Datasource settings in the data_engine GUI.
   • Change the connection string to use the Hostname and Port only.
   • Remove the Instance Name from the configuration.

4. Finalize Configuration:

   • Restart the data_engine probe.
   • Restart the Primary Hub Robot Service to ensure all dependent probes (EMS, WASP, discovery_server) initialize with the new settings.

For detailed steps on certificate management, see Support for TLS v1.2 (Microsoft SQL Server).