Upgrade troubleshooting: Microsoft SQL Server and Java 10
With release version 10.3 introducing support for Java 10, older versions of MS SQL Server may encounter compatibility issues. The following section covers potential workarounds. Collection occurs from the Microsoft SQL Server database used by the system the data collector is collecting from. The version of Java used by IT Analytics version 10.3 disables some insecure TLS algorithms by default. If collection fails with the following error in the collector logs, the version of MS SQL Server may be incompatible and not allow collection using the TLS algorithms enabled by default with Java 10.
Failed to establish JDBC connection to: jdbc:jtds:sqlserver://... java.sql.SQLException: Network error IOException: null at net.sourceforge.jtds.jdbc.JtdsConnection.<init>(JtdsConnection.java:437)
Upgrade MS SQL Server to the latest version to enable secure collection. Your MS SQL Server version may not be supported for IT Analytics version 10.3. If upgrade is not possible, a workaround can be attempted to restore compatibility. If the following steps do not resolve the issue, your version of MS SQL Server is not supported.
Use the following steps to modify the enabled algorithms to allow communication with the data collector:
Edit <collector install dir>/jre/conf/security/java.security.
Search for jdk.tls.disabledAlgorithms.
Copy the existing lines and comment (to have a backup for easy restore).
#jdk.tls.disabledAlgorithms=TLSv3, RC4, MD5withRSA, DH keySize < 1024, \ # EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC jdk.tls.disabledAlgorithms=TLSv3, RC4, MD5withRSA, DH keySize < 1024, \ EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC
Remove 3DES_EDE_CBC.
#jdk.tls.disabledAlgorithms=TLSv3, RC4, MD5withRSA, DH keySize < 1024, \ # EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC jdk.tls.disabledAlgorithms=TLSv3, RC4, MD5withRSA, DH keySize < 1024, \ EC keySize < 224, DES40_CBC, RC4_40
Save the file.
Run and verify collection succeeds.
If does not succeed, each of the following algorithms can be individually re-enabled in an attempt to restore compatibility.
If does not succeed, restore, remove RC4_40, save, re-run .
#jdk.tls.disabledAlgorithms=TLSv3, RC4, MD5withRSA, DH keySize < 1024, \ # EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC jdk.tls.disabledAlgorithms=TLSv3, RC4, MD5withRSA, DH keySize < 1024, \ EC keySize < 224, DES40_CBC, 3DES_EDE_CBC
If does not succeed, restore, remove DES40_CBC, save, re-run .
#jdk.tls.disabledAlgorithms=TLSv3, RC4, MD5withRSA, DH keySize < 1024, \ # EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC jdk.tls.disabledAlgorithms=TLSv3, RC4, MD5withRSA, DH keySize < 1024, \ EC keySize < 224, RC4_40, 3DES_EDE_CBC
If does not succeed, restore, change the DH keySize as follows, save, re-run .
#jdk.tls.disabledAlgorithms=TLSv3, RC4, MD5withRSA, DH keySize < 1024, \ # EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC jdk.tls.disabledAlgorithms=TLSv3, RC4, MD5withRSA, DH keySize < 768, \ EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC
After a working configuration is found, restart the collector service.