"Unexpected rethrowing" error prevents a secure SSL connection to SQL Server 2005 (4368650)

"Unexpected rethrowing" error prevents a secure SSL connection to SQL Server 2005

SQL Server database agent cannot connect using SSL to a SQL Server 2005 instance. 

A message similar to the following appears in the error or installer log file.

Failed to establish a SQL-Server JDBC connection protocol to Host [HOSTNAME\DEFAULT_INSTANCE], user account [USERNAME] . Reason : [The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "Unexpected rethrowing".- Profile:MSSQLProfile{host='HOSTNAME', instance= 'DEFAULT_INSTANCE', username='USERNAME', authType= 'SQL_SERVER', port= '1433' useNTLMv2= 'false', socketTimeout= '900', database= 'master', secureConnection= 'OFF', packetSize= '0', ApplicationIntent= 'NONE', enforceSSLVersion= 'NONE', lockTimeout= '10000', codePageOverride = '', selectMethod='' }]. . [SQL-Server Error Code = 0. SQL state : 08S01]

SQLServer 2005 uses 3DES algorithm in TLS connection and with new versions of JRE, this algorithm is disabled.

External references:

Oracle: https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8209658 (JDK-8209658)
Microsoft: https://support.microsoft.com/en-us/help/3135244/tls-1-2-support-for-microsoft-sql-server ​​​​​​​

The Foglight Agent Manager is using the newest Java 8 with Security fixes.  Unfortunately security fixes disables older, deprecated TLS algorithms that Microsoft SQL Server 2005 currently uses (and will always use).  Re-enable those by editing <javahome>/lib/security/java.security and removing DES and 3DES_EDE_CBC from jdk.tls.disabledAlgorithms.

1. Find file “java.security” in folder “jre\lib\security” (for example Quest\Foglight\jre\lib\security or Quest\Foglight Agent Manager\jre\1.8.0.322\jre\lib\security)
2. In this java.security file, find “3DES_EDE_CBC” linked to “jdk.tls.disabledAlgorithms” (Wordpad works better than notepad)
3. Remove it
4. Save the file
5. Restart the FglAM

Example

If it is the file "C:\Quest\Foglight\jre\lib\security"

ORIGINAL:

jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
  DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
  include jdk.disabled.namedCurves

NEW:
jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
  DH keySize < 1024, EC keySize < 224, anon, NULL, \
  include jdk.disabled.namedCurves

Save "java.security" file and restart FglAM; now connection should work.