I've set up MySQL to be accessible by TLS authenticated connections only. However, when attempting to access the connection to the server,
having specified the [client] connection in .my.cnf on the client the connection fails to use them to authenticate
but if they are not specified in /my.cnf but just dumped (as they were before) in /etc/ssl/certs/ then the connection picks them up.
The guide I've been working through is https://openvpn.net/vpn-server-resources/configuration-database-management-and-backups/#create-ssl-connection-to-mysql using the on-prem stream. However to test it explicitly I've been connecting from the host at the command line. I've been consulting https://dev.mysql.com/doc/refman/5.7/en/using-encrypted-connections.html
I've confirmed that the connection uses the certificates using \s in MySQL from the connection at the command line. However I don't know how I can force the certificates to be the specified ones in .my.cnf, to make the deployment explicit. So the question is explicitly: Why is MySQL picking up the certificates automatically yet can't when they are specified in .my.cnf.
I just set up a new MySQL database with the MySQL workbench & created a user for it with all necessary privileges. I am using this database for use with my php code. But I can't seem to connect to it on my live server (pages are hosted on windows server 2012). Everything works fine in my local environment with xampp and the new MySQL database is exactly the same as the xampp one. I think I am maybe using the wrong host name or something. As host name I copied the name that is displayed after "Host:" when you click on Server Status in MySQL workbench. The database name, user & password should all be correct. But when my code tries to access the db I get a "The domain page isn’t working. Domain is currently unable to handle this request."
You either have no network connection to the server at all or it is blocked due to firewall or routing misconfiguration.
If you do have network access in general, you might forgot to
FLUSH PRIVILEGES;
or you have not enabled networking over TCP, the default is to listen only to localhost (on unix systems via unix sockets, on microsoft I guess it's simply TCP).
Read about the following configuration parameter which will solve your networking issue:
bind-address
If you have a very old MySQL server version, the parameter is enable-networking but it shouldn't be the case anymore.
Let me begin by saying, I am aware of this thread and others around the web that seek to trouble shoot this issue.
The solutions posted there do not apply to my issue. I have spent 5 hours trying to resolve this before deciding to ask the question.
The problem:
When I attempt to log into SSMS (or connect from a java application) using SQL Authentication I get this error:
A connection was successfully established with the server, but then an
error occurred during the login process. (provider: Shared Memory
Provider, error: 0 - No process is on the other end of the pipe.)
(Microsoft SQL Server, Error: 233)
Although it does work, it is not an option for me to use integreated authentication.
The database I am attempting to connect to is on the same machine as my SSMS instance. There is no network, this is a stand-alone system.
NAMED PIPES is ENABLED in my configuration, I HAVE rebooted since, TCP IP is a higher priority than named pipes in my configuration.
I have even gone as far as to uninstall SQL Server and reinstall it, to no avail.
The details of my SQL Server instance are as follows:
Microsoft SQL Server Management Studio - 10.0.2531.0
Microsoft Analysis Services Client Tools - 10.0.1600.22
Microsoft Data Access Components (MDAC) - 6.1.7601.17514
Microsoft MSXML - 3.0 5.0 6.0
Microsoft Internet Explorer - 9.0.8112.16421
Microsoft .NET Framework - 2.0.50727.5466
Operating System - 6.1.7601
Configuration details are as follows:
http://i45.tinypic.com/vxdz7c.png
http://i45.tinypic.com/vxdz7c.jpg
I connect from java using this code.
Class.forName("com.microsoft.sqlserver.jdbc.SQLServerDriver");
String connectionUrl = "jdbc:sqlserver://localhost;database=AdventureWorks;integratedSecurity=false;User=JIMBO; Password=JIMBO;";
Connection con = DriverManager.getConnection(connectionUrl);
But please remember, this error also occurs when I atttempt to log in to SSMS directly.
Thanks in advance.
-Jim
To force TCP/IP being used replace localhost with 127.0.0.1 in your connection string.
As you are using a username and password make sure SQL authentication is enabled. By default only Windows integrated is enabled on sqlserver 2008.
With SqlServer authentication keep in mind that a password policy is in place to enforce security.
Forcing the TCP/IP connection (by providing 127.0.0.1 instead of localhost or .) can reveal the real reason for the error. In my case, the database name specified in connection string was incorrect.
So, here is the checklist so far:
Make sure Named Pipe is enabled in configuration manager (don't forget to restart the server).
Make sure SQL Server Authentication (or Mixed Mode) is enabled.
Make sure your user name and password are correct.
Make sure the database you are connecting to exists.
My resolution was to login using the Windows Login then go to security>Logins locate the troubled ID And retype the used password. The restart the services...
Adding "user instance=False" to connection string solved the problem for me.
<connectionStrings>
<add name="NorthwindEntities" connectionString="metadata=res://*/Models.Northwind.csdl|res://*/Models.Northwind.ssdl|res://*/Models.Northwind.msl;provider=System.Data.SqlClient;provider connection string="data source=.\SQLEXPRESS2008R2;attachdbfilename=|DataDirectory|\Northwind.mdf;integrated security=True;user instance=False;multipleactiveresultsets=True;App=EntityFramework"" providerName="System.Data.EntityClient" />
</connectionStrings>
This problem was caused for me by this error which appeared just prior in the application error log.
"A read operation on a large object failed while sending data to the client. A common cause for this is if the application is running in READ UNCOMMITTED isolation level. This connection will be terminated."
I was storing PDFs in a SQL table and when attempting to SELECT from that table it spit out that error, which resulted in the error mentioned in your question.
The solution was to delete the columns that had large amounts of text, in my case Base64 encoded files.
perhaps this comes too late, but still it could be nice to "document it" for others out there.
I received the same error after experimenting and testing with Remote Desktop Services on a MS Server 2012 with MS SQL Server 2012.
During the Remote Desktop Services install one is asked to create a (local) certificate, and so I did. After finishing the test/experiments I removed the Remote Desktop Services. That's when this error appeared (I cannot say whether the error occured during the test with RDS, I don't remember if I used/tried the SQL Connection during the RDS test).
I am not sure how to solve this since the default certificate does not work for me, but the "RDS" certificate does.
BTW, the certificates are found in App: "SQL Server Configuration Manager" -> "SQL Server Network Configuration" -> Right click: "Protocols for " -> Select "Properties" -> Tab "Certificate"
My default SQL Certificate is named: ConfigMgr SQL Server Identification Certificate, has expiration date: 2114-06-09.
Hope this can give a hint to others.
/Kim
For me it was because only Windows Authentication was enabled. To change security authentication mode. In SQL Server Management Studio Object Explorer, right-click the server, and then click Properties. On the Security page, under Server authentication, select the new server authentication mode, and then click OK.
Change Server Authentication Mode - MSDN - Microsoft
https://msdn.microsoft.com/en-AU/library/ms188670.aspx
This Might help as reference
I had the same issue, after multiple trial of suggested solution on this site and others, I found a solution for my scenario. The account was locked out
How to Check if the account is Locked out...
Login to the server using higher privileged account (like SA or admin rights)
Expand security ==> select the login name ==>open the property window of the login ==> select the status page on the property window
Make sure This 3 Things
1, permission to connect database is GRANTED
2, Login is ENABLED
3, Status
SQL server authentication
Login is not locked out (Uncheck the box)
Thanks
Tsige
I just executed connection.close() by adding it as first statement and it was solved. Then i removed the line.
One follow up to this. I had installed SQL Server 2014 with only Windows Authentication. After enabling Mixed Mode, I couldn't log in with a SQL user and got the same error message as the original poster. I verified that named pipes were enabled but still couldn't log in after several restarts. Using 127.0.0.1 instead of the hostname allowed me to log in, but interestingly, required a password reset prompt on first login:
Once I reset the password the account worked. What's odd, is I specifically disabled password policy and expiration.
Another cause is if the user's default database is unavailable.
I had an account that was used for backing up two databases. When the backup user's default database was taken off-line, the "no process on the other end of the pipe" error started.
Came here looking for a solution to a similar issue, which I just introduced by changing Schannel settings of our IIS server using "IIS Crypto" by Nartac... By disabling the SHA-1 hash, the local SQL Server was not able to be reached anymore, even though I didn't use an encrypted connection (not useful for an ASP.Net site accessing a local SQL Express instance using shared memory).
Thanks Count Zero for pointing me in the right direction :-)
So, lesson learned: do not disable SHA-1 on your IIS server if you have a local SQL Server instance.
For me the issue seems to have been caused by power failure. Restarting the server computer solved it.
I am trying to make the connection to a remote mysql database in CloverETL Designer (Community Version)
Documentation with examples on this subject seem fragmented so I have tried to piece the bits together but I'm not use if they are correct. I would be grateful for any suggestions or further clarification on this subject.
Here is what I have so far:
The SSL Certificate
As an alternative VPN connection the server guys passed me the raw CA certificate, which I saved as a .crt file in the conn folder of the CloverETL workspace.
CloverETL Connections
I created a new DB connection and tested it was working without SSL
In the graph window I created a simple graph
Switching to Source View I added the parameter attribute to the connection code like this:
<Connection database="MYSQL" dbURL="jdbc:mysql://hostname/database_name" id="JDBC0" jdbcSpecific="MYSQL" name="CPM" parameters="ssl=${WORKSPACE}/conn/mysql_cpm_cert.crt" password="password" type="JDBC" user="username"/>
Then I tested the connection to the database by creating new metadata from a DB table
The problem is that I don't know if the connect is now secure or not.
Here's the list of resources that I used to piece together the information:
components:bulkloaders:mysql_data_writer [CloverETL wiki]
MySQL :: MySQL 5.0 Reference Manual :: 6.3.6.3 SSL Command Options
Thanks
CPM
Your setup almost certainly does not use ssl. Both links you posted are not usable - first describes bulk loader and second connection via command line client. But what you need is to configure JDBC. So I would use http://dev.mysql.com/doc/refman/5.0/en/connector-j-reference-configuration-properties.html section "Security."
I would set:
useSSL=true
requireSSL=true
You will do that by adding items in table (Custom JDBC properties) on second tab (Advanced) of Connection Wizard. In source it should appear like "jdbc.useSSL=true jdbc.requireSSL=true" not "parameters=".
Then connection should fail, because in your default java key store is missing your certificate. It can be imported via http://docs.oracle.com/javase/1.4.2/docs/tooldocs/windows/keytool.html section "Importing Certificates"
I hope this helps.
I've got a trio of Windows servers (data1, data2 and datawitness) that aren't part of any domain and don't use AD. I'm trying to set up mirroring based on the instructions at http://alan328.com/SQL2005_Database_Mirroring_Tutorial.aspx. I've had success right up until the final set of instructions where I tell data1 to use datawitness as the witness server. That step fails with the following message:
alter database MyDatabase set witness = 'TCP://datawitness.somedomain.com:7024'
The ALTER DATABASE command could not be sent to the remote server instance 'TCP://datawitness.somedomain.com:7024'. The database mirroring configuration was not changed. Verify that the server is connected, and try again.
I've tested both port 7024 as well as 1433 using telnet and both servers can indeed connect with each other. I'm also able to add a connection to the witness server from SQL Server Manager on the primary server. I've used the Configuration Manager on both servers to enabled Named Pipes and verify that IP traffic is enabled and using port 1433 by default.
What else could it be? Do I need any additional ports open for this to work? (The firewall rules are very restrictive, but I know traffic on the previously mentioned ports is explicitly allowed)
Caveats that are worth mentioning here:
Each server is in a different network segment
The servers don't use AD and aren't part of a domain
There is no DNS server configured for these servers, so I'm using the HOSTS file to map domain names to IP addresses (verified using telnet, ping, etc).
The firewall rules are very restrictive and I don't have direct access to tweak them, though I can call in a change if needed
Data1 and Data2 are using SQL Server 2008, Datawitness is using SQL Express 2005. All of them use the default instance (i.e. none of them are named instances)
After combing through blogs and KB articles and forum posts and reinstalling and reconfiguring and rebooting and profiling, etc, etc, etc, I finally found the key to the puzzle - an entry in the event log on the witness server reported this error:
Database mirroring connection error 2 'DNS lookup failed with error: '11001(No such host is known.)'.' for 'TCP://ABC-WEB01:7024'.
I had used a hosts file to map mock domain names for all three servers in the form of datax.mydomain.com. However, it is now apparent that the witness was trying to comunicate back using the name of the primary server, which I did not have a hosts entry for. Simply adding another entry for ABC-WEB01 pointing to the primary web server did the trick. No errors and the mirroring is finally complete.
Hope this saves someone else a billion hours.
I'd like to add one more sub answer to this specific question, as my comment on Chris' answer shows, my mirror was showing up as disconnected (to the witness) Apperently you need to reboot (or in my case i just restarded the service) the witness server.
As soon as i did this the mirror showed the Witness connection as Connected!
See: http://www.bigresource.com/Tracker/Track-ms_sql-cBsxsUSH/