Hi Marcus,

Please see my response and next steps added to your post below:

"
Ok I have some new information on this. It is partially fixed and partially still broken and i am not sure how to resolve it.
We have 5 Breeze Servers on 1 VM Farm same subnet in 1 Breeze Cluster.
Cluster Global Parameter for All Connections other than SIP = TLSv1.2
>> This configuration governs all breeze internal components like what's the TLS version to set for "incoming" HTTP/Websocket/JDBC connections. Using this property Breeze configures all it's internal software.
Database servers are external and they've their own configuration for SSL hence cluster level setting does not affect them. (Because Breeze is acing as a client here and cannot force it's own TLS version to server.)
I'll make sure that we add developer documentation to clarify this in better manner - sorry for the confusion on this configuration.

If I try to connect using the TLS checkbox from my JDBC Source to a MS SQL Server with jdbc url - jdbc:sqlserver://Servername:Port;databaseName=database; , all 5 servers fail and are trying to use TLS 1.0 according to my server side traces.
In my JDBC settings regardless if i check or uncheck the TLS Checkbox(This checkbox does nothing) using jdbc url - jdbc:sqlserver://Servername:Port;databaseName=database; all 5 servers fail and are trying to use TLS 1.0 according to my server side traces.
>>
This tells that - Database server is not accepting any non TLS connections at all. When TLS checkbox is unchecked you get TLS error is the indication of it.
Now why it uses TLSv1.0 by default? It's because when protocol is not specified, that's the default protocol set by JDBC driver. (Please refer com.microsoft.sqlserver.jdbc.SQLServerDriverPropertyInfo)
When you tick TLS checkbox, it simply tells Breeze that far end DB server accepts TLS connections, so please make id certificate available if it's asked.
How the incoming connection is treated is entirely up to database server and it's JDBC driver.


But if I add the parameter sslProtocol=TLSv1.2 to my jdbc url - jdbc:sqlserver://Servername:Port;databaseName=database;sslProtocol=TLSv1.2; ,3 out of the 5 servers get a connection test successful. My traces on the sql server show the unsuccessful servers are still trying to use 1.0 still and the successful ones are using 1.2 and actually connecting to SQL.
>>
This means database server only accepts v1.2 traffic, totally reasonable.
What is the problem and why do all 5 servers not care about what is set from the cluster level and also why do only 3 of 5 servers connect using tls 1.2 when the jdbc url is shared by all 5 servers.
>>
Now to real problem - this should not happen, all five servers from node should be able to connect to the database when TLSv1.2 is set.
Can you follow below debug steps and we can try to figure out what's going wrong.
1. First thing that comes to mind is, on two servers where connection is faiing, data replication(DRS) may not be happening.
I.e. The URL is updated in SMGR DB but breeze side copy is not updated. Can you please confirm below
a. DRS between breeze node and SMGR is successful.
b. Once DRS is successful, login to breeze node and run following query from mgmtia
"select * from zr_ext_jdbc_datasource"
and check the "url" field - it should contail URL with sslProtocol=TLSv1.2 string.
If so, then restart the node.
2. Let's say DRS, URL all is good, and you're still facing this problem then that means for some reason datasource created in application server is not getting updated.
So please go to the JDBC provider snap-in that's created for the provider that you've created. E.g. if you've created a JDBC provider called "MSSQL64" then there'd be a snap-in installed on cluster with that name.
Please go to that snap-in from "Breeze->services" page on SMGR and reinstall this snap-in on two failing nodes, then restart the nodes.
3. If this also does not fix the issue then we may need to dig further by going into admin console of the application server, but I think one of the above should fix the issue.

Thanks for your patience,
Prasanna
"

Hi Vignesh,

Based on error message it seems like, Breeze is sending data to MySQL but is not receiving any response back from it.
Can you please follow below for debugging this:
1. Make sure that MySQL server is reachable from Breeze.
2. With the JDBC URL mentioned in data source, please try connecting to MySQL server using a standalone program - I strongly suspect that MySQL is not responding back.
3. Make sure firewall on MySQL side allows the connection from external hosts, specifically from breeze eth0 IP.
4. Capture MySQL side server logs when connection is attempted by Breeze, we'd get to know why server is rejecting it.

Regards,
Prasanna

Agree with John here.
Also I would follow below approach:
1. If DB allows insecure access (just temporarily), setup for non TLS access. Then test connection.
This is to establish that non TLS connection works.
2. Next set DB in SSL mode.
3. Add DB's server cert to Breeze's WAS trust-store. Add Breeze's server cert to DB's trust-store.
4. If the connection does not work yet, check logs on DB end. (You generally find a lot more details in DB connection logs on DB end)
5. Also you could enable SSL handshake to see where exactly the handshake fails (If that's the reason.)

Regards,
Prasanna

Hi Rahul,

I've got below answer from Breeze A&A experts:

You do not need redirect URL.
Please make sure grant_type=client_credentials

For
"Also, when I upload the certificate, all i need to do is to create JWT token using client id & certificate in the asked JWT format and then call the token URL which should then authenticate my request using JWT token and generate the bearer token."
>>make sure grant_type=client_credentials

For
Am i missing anything? Unfortunately there is no working example for client credentials flow except the documentation. hence i want it make sure my understanding is correct
>>
Steps are correct, can you use JWT view the token?
Make sure that resource server recognizes the token for information such as client_id, scope and etc.

Hope this helps.

Regards,
Prasanna

Hi Jackjoy,

Sorry for the delayed response. Breeze does not support speech to text.

Regards,
Prasanna Kulkarni

Hi Jackjoy,

Thanks for the query. I've forwarded this request to EDP experts, we'll let you know shortly.

Regards,
Prasanna

Hi,

Thanks for the interest in BotConnector.
I've requested BotConnector experts to look at this query, they'll reply soon.

Thanks,
Prasanna

Hi Patrick,
We'll soon get back to you on this query.

Regards,
Prasanna

Hi Alok,

Snap-in does not need to change any FW rules explicitly, breeze takes care of it.

This problem you've mentioned, can be because of couple of reasons:

1. Breeze cluster/node is in Deny New Service mode:
When either breeze cluster or node is in "Deny New Service" mode, it does not accept any new communications on snap-in opened ports.
Remedy:
Please make sure that breeze cluster and node are in "Accept New Service"
Following command can be used to check whether ports are opened up in firewall or not.

firewall-cmd --direct --get-all-rules | grep 6100

The result should contain "ACCEPT" word. (If the problem is not solved, please post the output of above command in you reply for me to debug further, thanks.)

2. Client contacts wrong interface:
When snap-in requests the port to be opened, breeze opens it on eth1 interface, same port is not reachable via eth0.
Remedy:
Please make sure that your client code is trying to open client socket on <eth1 IP>:6100 and not on <eth0 IP>:6100

Thanks,
Prasanna

Hi Marcus,

On DB side, does the DB credential mentioned for connection A permitted to access dbo schema?

Regards,
Prasanna

Replying in order to subscribe to this thread.

Regards,
Prasanna

Hi,

Thanks for the screenshots, they're helping.

There are two different issues:
1. The screenshot and pop-up shown in error.png, is not actually an error. It's a guiding message to administrator that administrator should install the JDBC provider snap-in on desired cluster. (Detailed helping message is there in error.png)
What this means is as below -
a. Once you create a JDBC Provider, click OK on this pop-up.
b. Go to "Service Management" page and a snap-in with "Deployment Type = JDBC Provider" would be created, the snap-in name would be same as JDBC Provider you created in step 1a.
c. You should install this snap-in on any cluster where this JDBC provider is needed. (Installation is similar to any other regular snap-in.)
d. Then you can go to "Configuration->JDBC Sources" configuration page and create data sources by providing external DB details.

2. The service_database.png shows a screen which lists all the services, which are using Breeze's built-in cluster DB. This screen does not show any information regarding JDBC Providers or JDBC Data Sources that we create to connect to external DB.
To create/check JDBC data sources please visit, "Configuration->JDBC Sources" page.

If you face any problems when/after performing above mentioned steps, please let me know.

Thanks,
Prasanna

Hello,

Regarding -
"I just add an JDBC provider resource and JDBC data source from the breeze platform. and click "test connection" , it works ok. I want to know how to use this configure in the eclipse develop platform ?"

You can use defined JDBC data source just like regular JDBC data source to acquire JDBC connection, connect the DB and do DML operations on the external database.

Please see example code below -

javax.naming.Context ctx = new javax.naming.InitialContext();
Object obj = ctx.lookup(jdniName); //This jndiName is the JNDI name that you mentioned on UI when defining the data source.
javax.sql.DataSource dataSource = (javax.sql.DataSource) obj;
java.sql.Connection con = dataSource.getConnection();

This is how you can acquire JDBC connection using the data source that you defined. You can put similar code in one of your classes inside the snap-in code.

Thanks,
Prasanna

Hi Smythe,

There is a separate custom property section on JDBC Data source configuration page.
Can you please set following custom properties:
1. "databaseName" with value as "Breeze_Call_Priority"? (This property tells driver that when it reaches till SQL Server host, it needs to look for Breeze_Call_Priority database.
2. "portNumber" with value as whatever port sql server is listening for JDBC connections. (Generally it is 1433, but please check on your setup)
3. "serverName" with value of MS-SQL server IP or FQDN
4. "instanceName" with value of MS-SQL server instance (I suppose sql03 in your case)
5. generateSimpleParameterMetadata with value true


Also, please make sure the sqlserver host(I suppose mdrcsql04 in your case) is pingable from breeze node.

If things do not work even after this, please run "ce-report" command on your breeze node (after trying test connection from UI) and then please attach the ce-report output here.

Thanks,
Prasanna

Hi Smythe,

Can you please provide me your configuration details?
Specifically values for following properties:
1. URL
2. User Name
3. JNDI Name
4. sqljdbc jar version
5. Driver class name from JDBC provider for your data source

Also, can you please confirm that URL is of below format for MS SQL server:
dbc:sqlserver://<Database server IP or FQDN>;database=<database name>

Sorry, it's a lot of information that I'm asking but this might help in understanding the issue.

Thanks,
Prasanna