After upgrading the Foglight Agent Manager (and FMS) to 6.1.0 or higher, connections to hosts to fail with TLS and SSL errors.
For SQL Server agents as an example, error messages like the following appear
ERROR [ConnectionManagementThread-[MSSQLPool-AGENTNAME]-[][MSSQLProfile{host='AGENTNAME', instance= 'DEFAULT_INSTANCE', username='.', authType= 'WINDOWS_DEFAULT', port= '0' useNTLMv2= 'true', socketTimeout= '900', database= 'master', secureConnection= 'OFF', packetSize= '0', ApplicationIntent= 'NONE', enforceSSLVersion= 'NONE', lockTimeout= '10000', codePageOverride = '', selectMethod='' }]] com.quest.qsi.fason.framework.connections.jdbc.JDBCConnectionImpl - Failed to create new connection. [MSSQLProfile{host='AGENTNAME', instance= 'DEFAULT_INSTANCE', username='.', authType= 'WINDOWS_DEFAULT', port= '0' useNTLMv2= 'true', socketTimeout= '900', database= 'master', secureConnection= 'OFF', packetSize= '0', ApplicationIntent= 'NONE', enforceSSLVersion= 'NONE', lockTimeout= '10000', codePageOverride = '', selectMethod='' }]
com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "The server selected protocol version TLS10 is not accepted by client preferences [TLS12]". ClientConnectionId:65bdbe0a-ad9e-4dcb-b67b-07403a1ec21f
Caused by: javax.net.ssl.SSLHandshakeException: The server selected protocol version TLS10 is not accepted by client preferences [TLS12]
Numerous Usability Connection Availability or Usability OS Connection Availability alarms may also be fired indicating that the connections have failed.
WORKAROUND
Edit the value in the java.security file directly.
As per OpenJDK developers (outside of Quest) the workaround is not advisable in Production environments since using disabled algorithms degrades the secure communication between the FglAM and the host servers provided the newer algorithms.
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center