IBM Security Guardium

 View Only
  • 1.  Guardium VA - Getting Time Out Error while Testing the Data Source

    Posted Fri April 22, 2022 08:54 AM
    Hello Seniors, Greetings!! Hope all is well.

    I am trying to create Data Source for "MS SQL Server" for Guardium VA, However upon testing data source, I am getting "time out" error as mentioned below. Firewall Ports and User\pwd is okay. Can anyone suggest on this error OR Did anyone face such error in their Env, Can please suggest me. thanks in advance. 

    Could not connect to: 'jdbc:guardium:sqlserver://X.X.X.X:1435;CryptoProtocolVersion=TLSv1,TLSv1.1,TLSv1.2' for user: "VA USER". DataSourceConnectException: Could not connect to: 'X.X.X.X:1435' for user: 'VA USER' within timeout period of: 60 seconds. TimeoutException: null."


  • 2.  RE: Guardium VA - Getting Time Out Error while Testing the Data Source

    Posted Wed April 27, 2022 07:25 AM
    Hello Akash,

    can you check the PORT of MSSQL , by default it should be 1433, unless they have changed to 1435 ,

    ------------------------------
    MAHESHKUMAR M
    ------------------------------



  • 3.  RE: Guardium VA - Getting Time Out Error while Testing the Data Source

    Posted Wed April 27, 2022 07:29 AM

    Hello Mahesh,

    Thank you for the response. Yes, the Port is correct it is user defined not the default one. Let me know if you know any other cause for this. thank you.

     

     

    ------------------------------
    Akashkumar Parmar
    ------------------------------






  • 4.  RE: Guardium VA - Getting Time Out Error while Testing the Data Source

    Posted Thu April 28, 2022 04:42 AM
    Hello Akash,

    Is this first time you are connecting to this SQLServer instance? 
    Can you try telnet to this port 1435 from guardian ?

    Thank you

    ------------------------------
    MAHESHKUMAR M
    ------------------------------



  • 5.  RE: Guardium VA - Getting Time Out Error while Testing the Data Source

    Posted Thu April 28, 2022 07:48 AM

    Hello Mahesh,

     

    Thank you for the response. Yes, we are able to Telnet on given port from Guardium CLI.

     

    ------------------------------
    Akashkumar Parmar
    ------------------------------

     






  • 6.  RE: Guardium VA - Getting Time Out Error while Testing the Data Source

    Posted Thu April 28, 2022 04:15 PM
    There can be multiple reasons you receive connection timeout.  The obvious is ensuring SQL services are running and that you can connect to the SQL instance from something like SQL Server Management Studio (SSMS).  First I'd start with ensuring the IP/Port/Service Name are correct.  This is easy code to use to identify the IP and port.  You'll want to be sure the FQDN resolves to the IP from the script below.

    SELECT local_net_address,
    local_tcp_Port,
    count(*) as connections
    FROM sys.dm_exec_connections
    WHERE local_tcp_port is not null
    GROUP BY local_net_address, local_tcp_Port

    You would use service name instead of port if you're using named instances in MS SQL.

    Also validate that your connection properties are correct.  We use the following.  You can try adding only AuthenticationMethod then also try adding encryptionMethod and validateServerCertificate.  Consider changing validateservercertificate to false.

    Here is what our current connection properties are:
    AuthenticationMethod=ntlm2java;encryptionMethod=SSL;validateServerCertificate=true

    You should only be using the datadirect driver and not the jTDS driver that is manually uploaded.  The jTDS driver was deprecated years ago and I don't think it supports some of the latest encryption protocols.  I believe IBM will be replacing the jTDS MS SQL driver upload for the MS SQL jdbc driver in the future.

    The username if using the datadirect driver you can use the 'domainname\username'.  Or you can add domain=domainname to the connection properties.

    ------------------------------
    Walter York
    ------------------------------



  • 7.  RE: Guardium VA - Getting Time Out Error while Testing the Data Source

    Posted Fri April 29, 2022 08:24 AM

    Hello Walter, Hope all is well.

     

    Thank you for your valuable suggestions. I will try this and hopefully it will work. Thanks again.

     

    ------------------------------
    Akashkumar Parmar
    ------------------------------