Oracle HS (12c) - mysql

I'm trying to set up HS from a 12c database that will eventually send data across to a remote MySQL server.
I have installed the odbc driver;
root ~ # rpm -ivh mysql-connector-odbc-5.3.4-1.el6.x86_64.rpm
This is my listener.ora file;
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
(ADDRESS = (PROTOCOL = TCP)(HOST = ap-ora-records-test.ap.local)(PORT = 1521))
)
)
This is my tnsnames.ora file;
RECORDSDB =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = ap-ora-records-test.ap.local)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = recordsdb.ap.local)
)
)
MYSQL =
(DESCRIPTION=
(ADDRESS=(PROTOCOL=tcp)(HOST=ap-ora-records-test.ap.local)(PORT=1521))
(CONNECT_DATA=(SID=MYSQL))
(HS=OK)
)
I connected to the database, and created the database link;
SQL> CREATE DATABASE LINK MYSQL
2 CONNECT TO "root" IDENTIFIED BY "removed"
3 USING 'mysql';
Restarting the lsnrctl;
./bin/lsnrctl reload
./bin/lsnrctl stop
./bin/lsnrctl start
./bin/lsnrctl status
./bin/lsnrctl status
LSNRCTL for Linux: Version 12.1.0.1.0 - Production on 08-SEP-2014 10:54:42
Copyright (c) 1991, 2013, Oracle. All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1521)))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 12.1.0.1.0 - Production
Start Date 08-SEP-2014 10:42:05
Uptime 0 days 0 hr. 12 min. 37 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File /u01/app/oracle/product/12.1.0/dbhome_1/network/admin/listener.ora
Listener Log File /u01/app/oracle/product/12.1.0/dbhome_1/log/diag/tnslsnr/ap-ora-records-test/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=ap-ora-records-test.ap.local)(PORT=1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=ap-ora-records-test.ap.local)(PORT=8080))(Presentation=HTTP)(Session=RAW))
Services Summary...
Service "recordsdb.ap.local" has 1 instance(s).
Instance "recordsdb", status READY, has 1 handler(s) for this service...
Service "recordsdbXDB.ap.local" has 1 instance(s).
Instance "recordsdb", status READY, has 1 handler(s) for this service...
The command completed successfully
As well as tnsping;
oracle /u01/app/oracle/product/12.1.0/dbhome_1 $ ./bin/tnsping ap-ora-records-test
TNS Ping Utility for Linux: Version 12.1.0.1.0 - Production on 08-SEP-2014 10:42:44
Copyright (c) 1997, 2013, Oracle. All rights reserved.
Used parameter files:
/u01/app/oracle/product/12.1.0/dbhome_1/network/admin/sqlnet.ora
Used EZCONNECT adapter to resolve the alias
Attempting to contact (DESCRIPTION=(CONNECT_DATA=(SERVICE_NAME=))(ADDRESS=(PROTOCOL=TCP)(HOST=::1)(PORT=1521))(ADDRESS=(PROTOCOL=TCP)(HOST=127.0.0.1)(PORT=1521)))
OK (0 msec)
I then tried getting a piece of data - SQL> SELECT * from MYSQL.users#mysql; which gave the following result;
ERROR at line 1:
ORA-28545: error diagnosed by Net8 when connecting to an agent
Unable to retrieve text of NETWORK/NCR message 65535
ORA-02063: preceding 2 lines from MYSQL
Where am I going wrong?
edit 1:
This is my creation code;
CREATE SHARED PUBLIC DATABASE LINK mysql_remote_shared
CONNECT TO root IDENTIFIED BY password
AUTHENTICATED BY root IDENTIFIED BY password
USING 'mysql';

Related

How can I connect to a moto mysql instance?

I created an RDS DB Instance using a mocked boto3 rds client. Here's how I set it up in my conftest.py
#pytest.fixture
def aws_credentials():
"""Mocked AWS Credentials for moto."""
os.environ["AWS_ACCESS_KEY_ID"] = "testing"
os.environ["AWS_SECRET_ACCESS_KEY"] = "testing"
os.environ["AWS_SECURITY_TOKEN"] = "testing"
os.environ["AWS_SESSION_TOKEN"] = "testing"
#pytest.fixture
def rds_client(aws_credentials, aws_region):
with mock_rds():
client = boto3.client("rds", region_name=aws_region)
yield client
Following the example here (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.Connecting.Python.html) I set up my mysql connector like this:
db_instance = rds_client.create_db_instance(DBInstanceIdentifier="TestDBInstanceIdentifier",
DBInstanceClass="db.m4.large", Engine="mysql",
MasterUsername="root", DBName="TestDBName")
print("RDS Instance-----------------------------------------------------")
print(db_instance)
host = db_instance['DBInstance']['Endpoint']['Address']
port = db_instance['DBInstance']['Endpoint']['Port']
user = db_instance['DBInstance']['MasterUsername']
dbname = db_instance['DBInstance']['DBName']
print("Starting connection")
token = rds_client.generate_db_auth_token(DBHostname=host, Port=port, DBUsername=user, Region=aws_region)
mydb = mysql.connector.connect(host=host, database=dbname, user=user, passwd=token, port=port)
However, the connector can't find the DB:
FAILED test_read_rds_db - mysql.connector.errors.DatabaseError: 2005 (HY000): Unknown MySQL server host 'TestDBInstanceIdentifier.aaaaaaaaaa.us-east-1.rds.amazonaws.com' (8)
Has someone been able to set this up before?

Moto does not offer this functionality. It mocks the AWS API, but does not expose any RDBMS-functionality.
You could look into Localstack instead. It uses Moto in the background to mock calls to AWS, but offers features on top of that such as the ability to connect to an RDS instance.
See the docs here: https://docs.localstack.cloud/aws/rds/

ORA-29106: Cannot import PKCS #12 wallet

We are facing connectivity issues, while trying to connect via sqlplus from our Solaris server to Oracle Cloud.
Error: ORA-29106: Cannot import PKCS #12 wallet

ORA-29106: Cannot import PKCS #12 wallet
If using the client less than 12 version
Bug: 23335686 -> update Your client
ORA-12518: TNS:listener could not hand off client connection
Check Your Client Server sqlnet.ora and tnsnames.ora file
sqlnet.ora: check WALLET_LOCATION -> DIRECTORY
tnsnames.ora: check TNSNAME

for me it helped:
# new lines in listener.ora
SSL_CLIENT_AUTHENTICATION = FALSE
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = /opt/oracle/somewhere/hidden/wallets)
)
)
ADR_BASE_LISTENER = /opt/oracle

RADIUS Server redundant MySQL

I am currently building a test setup for a RADIUS application running FreeRADIUS V.3.xx in combination with MySQL. The entire setup is to be redundant. All servers are running on virtual machines running openSUSE 13.1
My problem is that I can't seem to find the correct configuration for redundant MySQL servers. Does anyone have experience with this ?
What I've done up until now, is basically follow the relevant portion of the official freeradius wiki... tried coming up with variations using group, detail, direkt manipulation of rlm_sql_mysql socket... anything I could think of.. but without success. Currently it's back to the "wiki status"
That is:
I removed the link to sql from .../mods-enabled/ as that caused the redundant servers to fail even the instantiation...
File: .../radius.conf
Section: modules {...}
Added entries:
sql sql1{ ...#config...}
sql sql2{ ...#config...}
Section: instantiate {...} Added entry:
redundant redundant_sql {
sql1
sql2
handled
}
And then added redundant_sql in File: .../sites-available/default (linked to sites-enabled)
Sections: authorize {...} & post-auth{...} (I don't need accounting)
Here is some of the debug output:
Instantiation (Both sql1 and sql2 have to be accessible for the RADIUS server to start.. which is shitty but not the current problem):
radiusd: #### Instantiating modules ####
instantiate {
}
modules {
# Loaded module rlm_sql
# Instantiating module "sql1" from file /etc/raddb/radiusd.conf
sql sql1 {
driver = "rlm_sql_mysql"
server = "**IP sql1**"
port = "3306"
login = "radius"
password = <<< secret >>>
radius_db = "radius"
read_groups = yes
read_clients = no
delete_stale_sessions = yes
sql_user_name = "%{User-Name}"
default_user_profile = ""
client_query = "SELECT id, nasname, shortname, type, secret, server FROM nas"
authorize_check_query = "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id"
authorize_reply_query = "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id"
authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id"
authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id"
group_membership_query = "SELECT groupname FROM radusergroup WHERE username = BINARY '%{SQL-User-Name}' ORDER BY priority"
simul_count_query = ""
simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL"
safe_characters = "#abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
}
rlm_sql (sql1): Creating new attribute sql1-SQL-Group
rlm_sql (sql1): Registering sql_groupcmp for sql1-SQL-Group
accounting {
reference = "%{tolower:type.%{Acct-Status-Type}.query}"
}
post-auth {
reference = ".query"
}
mysql {
tls {
}
}
rlm_sql (sql1): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (sql1): Attempting to connect to database "radius"
rlm_sql (sql1): Initialising connection pool
pool {
start = 5
min = 4
max = 32
spare = 3
uses = 0
lifetime = 0
cleanup_interval = 30
idle_timeout = 60
retry_delay = 1
spread = no
}
rlm_sql (sql1): Opening additional connection (0)
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql (sql1): Opening additional connection (1)
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql (sql1): Opening additional connection (2)
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql (sql1): Opening additional connection (3)
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql (sql1): Opening additional connection (4)
rlm_sql_mysql: Starting connect to MySQL server
# Instantiating module "sql2" from file /etc/raddb/radiusd.conf
sql sql2 {
driver = "rlm_sql_mysql"
server = "**IP sql2**"
port = "3306"
login = "radius"
password = <<< secret >>>
radius_db = "radius"
read_groups = yes
read_clients = no
delete_stale_sessions = yes
sql_user_name = "%{User-Name}"
default_user_profile = ""
client_query = "SELECT id, nasname, shortname, type, secret, server FROM nas"
authorize_check_query = "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id"
authorize_reply_query = "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id"
authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id"
authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id"
group_membership_query = "SELECT groupname FROM radusergroup WHERE username = BINARY '%{SQL-User-Name}' ORDER BY priority"
simul_count_query = ""
simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL"
safe_characters = "#abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
}
rlm_sql (sql2): Creating new attribute sql2-SQL-Group
rlm_sql (sql2): Registering sql_groupcmp for sql2-SQL-Group
accounting {
reference = "%{tolower:type.%{Acct-Status-Type}.query}"
}
post-auth {
reference = ".query"
}
mysql {
tls {
}
}
rlm_sql (sql2): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (sql2): Attempting to connect to database "radius"
rlm_sql (sql2): Initialising connection pool
pool {
start = 5
min = 4
max = 32
spare = 3
uses = 0
lifetime = 0
cleanup_interval = 30
idle_timeout = 60
retry_delay = 1
spread = no
}
rlm_sql (sql2): Opening additional connection (0)
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql (sql2): Opening additional connection (1)
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql (sql2): Opening additional connection (2)
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql (sql2): Opening additional connection (3)
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql (sql2): Opening additional connection (4)
rlm_sql_mysql: Starting connect to MySQL server
After stopping sql1 and sending a request this happens:
...#irrelevant stuff
Received Access-Request Id 36 from **IP switch**:8345 to **IP RADIUS**:1812 length 128
User-Name = '**mac-address**'
User-Password = '**mac-address**'
NAS-IP-Address = **IP switch**
NAS-Port = 3
NAS-Port-Id = 'Port 3'
NAS-Port-Type = Ethernet
NAS-Identifier = '**nas name**'
Service-Type = Call-Check
Framed-MTU = 1500
Called-Station-Id = '**mac-address**'
Calling-Station-Id = '**mac-address**'
(1) # Executing section authorize from file /etc/raddb/sites-enabled/default
(1) authorize {
(1) [preprocess] = ok
(1) update request {
(1) EXPAND %{tolower:%{1}%{2}%{3}%{4}%{5}%{6}}
(1) --> **mac-address**
(1) Calling-Station-Id := '"**mac-address**"'
(1) User-Name := '&Calling-Station-Id -> '**mac-address**''
(1) User-Password := '&Calling-Station-Id -> '**mac-address**''
(1) } # update request = noop
(1) [updated] = updated
(1) } # if (Calling-Station-Id =~ **Syntax check** = updated
(1) ... skipping else for request 1: Preceding "if" was taken
(1) } # rewrite_calling_station_id rewrite_calling_station_id = updated
(1) detail : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
(1) detail : --> /var/log/radius/radacct/**IP switch**/detail-20151019
(1) detail : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/radius/radacct/**IP switch**/detail-20151019
(1) detail : EXPAND %t
(1) detail : --> Mon Oct 19 15:03:18 2015
(1) [detail] = ok
(1) redundant redundant_sql {
(1) sql1 : EXPAND %{User-Name}
(1) sql1 : --> **mac-address**
(1) sql1 : SQL-User-Name set to '**mac-address**'
rlm_sql (sql1): Reserved connection (4)
(1) sql1 : EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
(1) sql1 : --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = '**mac-address**' ORDER BY id
rlm_sql (sql1): Executing query: 'SELECT id, username, attribute, value, op FROM radcheck WHERE username = '**mac-address**' ORDER BY id'
rlm_sql_mysql: MYSQL check_error: 2006, returning RLM_SQL_RECONNECT
rlm_sql (sql1): Reconnecting (4)
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Couldn't connect socket to MySQL server radius#**IP sql1**:radius
rlm_sql_mysql: Mysql error 'Can't connect to MySQL server on '**IP sql1**' (111 "Connection refused")'
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql1): Reserved connection (3)
rlm_sql (sql1): Executing query: 'SELECT id, username, attribute, value, op FROM radcheck WHERE username = '**mac-address**' ORDER BY id'
rlm_sql_mysql: MYSQL check_error: 2006, returning RLM_SQL_RECONNECT
rlm_sql (sql1): Reconnecting (3)
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Couldn't connect socket to MySQL server radius#**IP sql1**:radius
rlm_sql_mysql: Mysql error 'Can't connect to MySQL server on '**IP sql1**' (111 "Connection refused")'
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql1): Reserved connection (2)
rlm_sql (sql1): Executing query: 'SELECT id, username, attribute, value, op FROM radcheck WHERE username = '**mac-address**' ORDER BY id'
rlm_sql_mysql: MYSQL check_error: 2006, returning RLM_SQL_RECONNECT
rlm_sql (sql1): Reconnecting (2)
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Couldn't connect socket to MySQL server radius#**IP sql1**:radius
rlm_sql_mysql: Mysql error 'Can't connect to MySQL server on '**IP sql1**' (111 "Connection refused")'
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql1): Reserved connection (1)
rlm_sql (sql1): Executing query: 'SELECT id, username, attribute, value, op FROM radcheck WHERE username = '**mac-address**' ORDER BY id'
rlm_sql_mysql: MYSQL check_error: 2006, returning RLM_SQL_RECONNECT
rlm_sql (sql1): Reconnecting (1)
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Couldn't connect socket to MySQL server radius#**IP sql1**:radius
rlm_sql_mysql: Mysql error 'Can't connect to MySQL server on '**IP sql1**' (111 "Connection refused")'
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql1): Failed to reconnect (1), no free connections are available
rlm_sql (sql1): Executing query: 'SELECT id, username, attribute, value, op FROM radcheck WHERE username = '**mac-address**' ORDER BY id'
Segmentation fault
After destructing the last connection to sql1 I'd expect the "redundant" to kick in and sql2 to be contacted... but RADIUS aborts instead.
I know I only ** the IP and macs, but everything else will be reset properly anyway if this project graduates the "test-setup-stage".
I'd really appreciate any help as I'm kinda at the end of my rope here.
Thanks a lot if you've even read up to here!

This is a defect in FreeRADIUS and you should open an issue ticket on the FreeRADIUS issue tracker with the information you posted above, and if you can, the backtrace from running it under a debugger.
For gdb you should be able to do:
gdb --args <path to radiusd> -X
run
bt
The backtrace will show where the issue is. I had a quick attempt at reproducing it on the v3.1.x branch, and couldn't, but that may be because the bug requires connections to be open before hand, to trigger the defect.

First of all, thank you for your help Arran Cudbard-Bell!
For anyone else who has run into the same problem; using the newest tarball (Version 3.0.10: tar.bz2 (PGP Signature)) and building from that includes bugfixes that solve the redundancy issue.
Also note, that the entry in the wiki is not complete. If more than one instance of sql is to be used, the following must be done in addition:
If you were formerly running a single instance of sql, remove the sql softlink from raddb/mods-enabled/
When configuring the sql1 and sql2 moldules write: group_attribute = "${.:instance}-SQL-Group" before $INCLUDE
${modconfdir}/${.:name}/main/${dialect}/queries.conf", as the standard config will throw errors if you don't.
Though this is documented in the config files themselves, the wiki doesn't mention it.
--Thanks # all & closed--

Asterisk 1.8 cdr-adaptive mysql

i'm having a little problem. I'm using Debian and I got asterisk 1.8 and I want to use CDR along with mysql.
In Asterisk 1.8 you apparently gotta use cdr-adaptive module instead of the regular. That is just what I did. Now I have 1 error when I "module reload cdr_adaptive_odbc.so" and I can't solve it :
WARNING[23172]: cdr_adaptive_odbc.c:123 load_config: No such connection 'MySQL-asterisk' in the 'adaptive-connection' section of cdr_adaptive_odbc.conf. Check res_odbc.conf.
Now here are all the files related, I can't understand what is wrong :
/etc/odbc.ini :
[MySQL]
Description = MySQL ODBC MyODBC Driver
Driver = /usr/lib/libmyodbc3.so
FileUsage = 1
[Text]
Description = ODBC for Text Files
Driver = /usr/lib/libodbctxt.so
Setup = /usr/lib/libodbctxtS.so
FileUsage = 1
CPTimeout =
CPReuse =
[PostgreSQL]
Description = PostgreSQL driver for Linux & Win32
Driver = /usr/lib/libodbcpsql.so
Setup = /usr/lib/libodbcpsqlS.so
FileUsage = 1
[DB2]
Description = DB2 Driver
Driver = /opt/IBM/db2/V8.1/lib64/libdb2.so
FileUsage = 1
DontDLClose = 1
DMEnvAttr = SQL_ATTR_UNIXODBC_ENVATTR={DB2INSTANCE=db2inst1}
[MySQL-asterisk]
Description = MySQL asterisk database
Driver = MySQL
Socket = /var/run/mysqld/mysqld.sock
Server = localhost
User = root
Password = XXXXX
Database = ics
Option = 3
/etc/asterisk/cdr_adaptive_odbc.conf :
[adaptive-connection]
connection = MySQL-asterisk
table = cdr
alias start => calldate
/etc/asterisk/res_odbc.conf :
[Asterisk]
enabled => yes
dsn => MySQL-asterisk
username => root
password => XXX
;pooling => no
;limit => 0
pre-connect => yes
This is what I get when i check the cdd status :
Call Detail Record (CDR) settings
----------------------------------
Logging: Enabled
Mode: Simple
Log unanswered calls: No
* Registered Backends
-------------------
Adaptive ODBC
cdr-custom
ODBC
csv
radius
res_config_sqlite
And this is what I get when i check de odcb
ODBC DSN Settings
-----------------
Name: Asterisk
DSN: MySQL-asterisk
I can't figure out what's wrong. Anyone has an idea ?

I assume you've fixed this now. I ran into a similar issue and the problem stemmed from the documentation. It refers to connection= in cdr_adaptive_odbc.conf being the DSN name. It's the name you want and not the DSN. So in your case:
connection = Asterisk
then at the command line do a
CLI> module reload cdr_adaptive_odbc.so
and you should see a screenfull as Asterisk finds the tables and does any mappings you have specified.

Create Certificate with domain account

Is it possible to create an endpoint in SQL Server 2008 Service Broker with support for
Certificate based authentication and using domain account for Authorization?
e.g.
CREATE ENDPOINT ServiceBrokerEndpoint
AUTHORIZATION [domain\username]
STATE=STARTED AS TCP (LISTENER_PORT = 4022, LISTENER_IP = ALL)
FOR SERVICE_BROKER (MESSAGE_FORWARDING = DISABLED, MESSAGE_FORWARD_SIZE = 10, AUTHENTICATION = CERTIFICATE [CertificateName], ENCRYPTION = SUPPORTED ALGORITHM RC4)

Try this
-------------------------------------
-- connect to server
-------------------------------------
use master;
go
create master key encryption by password = '...';
create certificate [<servername>]
with subject = '<servername>'
, start_date = '20100216'
, expiry_date = '20150216';
create endpoint broker
state = started
as tcp (listenner_port = 4022)
for service_broker (authentication = certificate [<servername>]);
-- Export the public key to disk
backup certificate [<servername>]
to file = '\\someshare\<servername>.cer';
--------------------------------
-- connect to client
--------------------------------
use master;
go
create master key encryption by password = '...';
create certificate [<clientname>]
with subject = '<clientname>'
, start_date = '20100216'
, expiry_date = '20150216';
create endpoint broker
state = started
as tcp (listenner_port = 4022)
for service_broker (authentication = certificate [<clientname>]);
-- Export the public key to disk
backup certificate [<clientname>]
to file = '\\someshare\<clientname>.cer';
--create an identity for server and import the server's certificate:
create login [<servername>] with password = '...';
alter login [<servername>] disable;
create user [<servername>];
create certificate [<servername>]
authorization [<servername>]
from file = '\\someshare\<servername>.cer';
--authorize <servername> to connect on the broker endpoint
grant connect on endpoint::broker to [<servername>];
---------------------------------------
-- connect to the server
---------------------------------------
--create an identity for client and import the client's certificate:
create login [<clientname>] with password = '...';
alter login [<clientname>] disable;
create user [<clientname>];
create certificate [<clientname>]
authorization [<clientname>]
from file = '\\someshare\<clientname>.cer';
--authorize <clientname> to connect on the broker endpoint
grant connect on endpoint::broker to [<clientname>];