Attempts to add a SQL Server agent using Windows_Custom authentication fail during database validation. The following error is returned:
Failed to establish a SQL-Server JDBC connection protocol to Host [HOSTNAME\DEFAULT_INSTANCE], user account [domain\username] . Reason : [java.io.IOException: Configuration Error:
Line 1: expected [{], found [QUEST]- Profile:MSSQLProfile{host='HOSTNAME', instance= 'DEFAULT_INSTANCE', username='domain\username', authType= 'WINDOWS_CUSTOM', port= '0' useNTLMv2= 'false', socketTimeout= '900', database= 'master', secureConnection= 'OFF', packetSize= '0', ApplicationIntent= 'NONE', enforceSSLVersion= 'NONE', lockTimeout= '10000', codePageOverride = '', selectMethod='' }].
In addition, Windows agent connections using WinRM with Kerberos authentication may also fail. Credential alarms can show errors such as:
>> Failure: Cannot establish connection to hostname: WinRM request to http://hostname:5985/wsman failed: [Caused by: IOException <WinRM request to http://hostname:5985/wsman failed: >]
On each Foglight Agent Manager (FglAM) restart, the auth.login.config file is detected as invalid, deleted, and recreated. Example:
VERBOSE [Startup Thread] com.quest.glue.core.KerberosConfigurationUtil - Invalid configuration file [FGLAM_HOME]\state\default\.\config\auth.login.config deleted
VERBOSE [Startup Thread] com.quest.glue.core.KerberosConfigurationUtil - Writing the configuration file [FGLAM_HOME]\state\default\.\config\auth.login.config
Invalid comment entries are inserted during creation of the auth.login.config file (e.g., lines starting with # QUEST SOFTWARE...). These cause the Kerberos configuration to be considered invalid, resulting in authentication and connection failures.
WORKAROUND
Remove the first block of # QUEST SOFTWARE... comment lines from the [FGLAM_HOME]\state\default\config\auth.login.config file, and then retry the connection.
Once cleaned, the file should contain only a single /* ... */ comment block followed by the configuration entries. For example:
/*
* QUEST SOFTWARE PROPRIETARY INFORMATION
*
* This software is confidential. Quest Software Inc., or one of its
* subsidiaries, has supplied this software to you under terms of a
* license agreement, nondisclosure agreement or both.
*
* You may not copy, disclose, or use this software except in accordance with
* those terms.
*
*
* Copyright 2025 Quest Software Inc.
* ALL RIGHTS RESERVED.
*
* QUEST SOFTWARE INC. MAKES NO REPRESENTATIONS OR
* WARRANTIES ABOUT THE SUITABILITY OF THE SOFTWARE,
* EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE, OR
* NON-INFRINGEMENT. QUEST SOFTWARE SHALL NOT BE
* LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
* AS A RESULT OF USING, MODIFYING OR DISTRIBUTING
* THIS SOFTWARE OR ITS DERIVATIVES.
*/
com.sun.security.jgss.initiate {
com.sun.security.auth.module.Krb5LoginModule required client=TRUE refreshKrb5Config=TRUE;
};
com.ibm.security.jgss.initiate {
com.ibm.security.auth.module.Krb5LoginModule required refreshKrb5Config=TRUE;
};
STATUS
This issue has been logged as defect Id. FOG-14182 and it is waiting for a fix in a future release of Foglight.