HPE Community
IMC
1752770 Members
4829 Online
108789 Solutions
New Discussion юеВ

Re: Failed to connect database

 
SOLVED
Go to solution
HP-Browniee
Respected Contributor

тАО09-28-2016 03:47 AM

тАО09-28-2016 03:47 AM

Re: Failed to connect database

Hi Jacob

Litlle question for you:

Can you share the picture they send you? (delete+new_cipler+suites.png). Just to be sure i do nothing rong. :)

Thanks again

 

0 Kudos
jjacobs
Occasional Advisor

тАО09-28-2016 07:57 AM - edited тАО09-28-2016 07:58 AM

тАО09-28-2016 07:57 AM - edited тАО09-28-2016 07:58 AM

Re: Failed to connect database

Sorry doesn't look like my link worked.

 

 

https://s12.postimg.org/706cf34bh/delete_new_cipler_suites.png

 

0 Kudos
Howiedoit
Frequent Advisor

тАО09-28-2016 11:48 AM

тАО09-28-2016 11:48 AM

Re: Failed to connect database

I too have this same issue. This problem did NOT appear until I did the update to E0403P10 which is also a Critical Security Bulletin. 

Installing this has created more questions than answers.

I shutdown Database, hit the "install" button, go through all the hoops, and it seems to install.

Looking into the "Details" tab: A total of 16 items for deployment. but ONLY the first 7 actually install, stating "DEPLOYED". The rest of them state "For Upgrade". What?? Is this expected?? is this working as it should or completly foobarred.

Yet I can still connect and use the system and the interface seems to be the same?? So why are these other Updates...not installing?

And..since this "upgrade" I am too getting the DB connection error. 

Any insight welcome. 

 

 

 

 

 

0 Kudos
Howiedoit
Frequent Advisor

тАО09-28-2016 12:53 PM - edited тАО09-28-2016 01:02 PM

тАО09-28-2016 12:53 PM - edited тАО09-28-2016 01:02 PM

Re: Failed to connect database

Update:

I removed the TLS Cipher stuff and it seems like the DB connection error may have resolved. I will monitor for a day or two.

However, after that reboot, of course IMC wants to try and install the balance of stuff it couldn't before. Ok..I hit the button to continue.....the upgrade bombs as previously stated. 

"Batch deploy interrupted with error. Log file drive letter:\\program files\iMC\tmp\deploylog_1475090431881.zip"

Then it throws up a text file.....and with-in there...it looks like a bunch of duplicate key errors.

eg:

MSG 2627, Level 14, State 1, Server HP-IMC, Line 1

Violation of PRIMARY KEY constraint 'PK_tbl_perf_FEEC bla bla bla. CANNOT insert duplicate key in object 'imc.tbl_perf_template. The duplicate key value is (496)

Three errors all like this with different (values) then at the end:

The statement has been terminated.

(0 rows affected)    << this repeated 11 times

 

Any help would be appreciated. 

0 Kudos
HP-Browniee
Respected Contributor

тАО10-04-2016 01:38 AM

тАО10-04-2016 01:38 AM

Re: Failed to connect database

Hi jjacbos

I can tell you the problem is solved, by doing what you posted.

Thank you very much for the info and the help.

Kind regards

0 Kudos
wooop
New Member

тАО11-22-2016 08:32 AM

тАО11-22-2016 08:32 AM

Re: Failed to connect database

It seems that you NEED to shorten the string to bellow 1024 or else the setting won't survive after clicking ok/apply and reboot. At least not on a win2012r2 server.

0 Kudos
Alfred Macher
Member

тАО03-02-2017 02:42 AM

тАО03-02-2017 02:42 AM

Re: Failed to connect database

Thx for the tip!

But seeing as it is a major pain to find these strings in the small GPE textbox, shouldn't it also work to copy the whole cipher-string to an editor, removing the two mentioned ones and then using a reg-file to modify the system?

I found the following 4 registry links which are changed by this GP setting:

  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{F6ACAB91-2B97-4107-9017-0BA67B772CF0}Machine\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002]
  • [HKEY_USERS\S-1-5-21-1978417431-1130399592-3233743443-1003\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{F6ACAB91-2B97-4107-9017-0BA67B772CF0}Machine\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002]
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002]
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Cryptography\Configuration\SSL\00010002]

But my guess would be, that only the last 2 entries are actually needed. So you add this line to them and it should work, right?

"Functions"="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_RC4_128_MD5,TLS_RSA_WITH_NULL_SHA256,TLS_RSA_WITH_NULL_SHA,SSL_CK_RC4_128_WITH_MD5,SSL_CK_DES_192_EDE3_CBC_WITH_MD5"

0 Kudos
Alfred Macher
Member

тАО03-02-2017 03:31 AM

тАО03-02-2017 03:31 AM

Re: Failed to connect database

Well, actually, even those 2 reg links are identical (they contain the same data from each other!), so one only needs to make this registry file:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002]
"Functions"="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_RC4_128_MD5,TLS_RSA_WITH_NULL_SHA256,TLS_RSA_WITH_NULL_SHA,SSL_CK_RC4_128_WITH_MD5,SSL_CK_DES_192_EDE3_CBC_WITH_MD5"

 

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.