IBM Support

'Could not connect' error in Datasource Builder using 'Windows Authenticated' User in InfoSphere Guardium

Troubleshooting


Problem

'Could not connect' errors in the GUI and 'Login Failed due to NT user' error in SQL Server Management Studio's 'Log Viewer' due to usage of Windows Authenticated User in Datasource Builder.

Symptom

With InfoSphere Guardium, while trying to 'Test Connection' in Datasource Builder for a Window's Authenticated user the error "Could not connect to: 'jdbc:guardium:sqlserver://xxxxxxx' for user 'xxxxx_MS SQL SERVER(xxx)'. DataSource Connect Exception: Could not connect to: 'MS SQL SERVER - xxxxx' for user 'xxxxxx'. SqlState: 28000 Error Code: 18456. ddd0: [guardium][SQLServer JDBC Driver] An error occurred while attempting to log onto the database. SqlState: 08001 Error Code: 0" pops up.

Cause

For MS SQL Server to support Windows Authentication, an open source driver is recommended. In all other uses, the Data Direct driver pre-loaded in the Guardium appliance is sufficient.

Environment

Guardium 9.0 and Windows-MS SQL Server

Resolving The Problem

The Guardium appliance has been tested successfully with the following open source JDBC drivers: jtds-1.2.8.jar (MS SQL Server), and 1.2.2.jar (MS SQL Server). Any newer version will not work as it uses Java 7.

1 Download the .jar to a safe location.

2 Inside our GUI, select Administration Console > Customer Uploads (if in a managed environment this must be done on the CM)

3 Click the 'Browse..' button under 'Upload MS SQL Server JDBC driver' and browse to your .jar file.

4 Click 'Upload'

5 If on a CM, follow the instructions given in the dialog box. Simply go into Central Management and click 'Distributed Uploaded Jar Files'

6 Restart the GUI of the CM and all appliances. (in CLI can run 'restart GUI')

7 Once restarted and back up, go into the appliance you were trying this from.

8 Go back into Datasource Builder and 'Modify' the Datasource you tried to build this with.

9 There should now be a drop-down box next to Database Type that says 'Change to.' Click it and change to 'MS SQL Server.' (You may have to restart the GUI a couple times to see this)

10 Change the 'Login Name' to just the user. (NOT xxxx\user)

11 In the 'Connection Property' text box add 'domain=xxxx; useNTLMv2=true'

12 Hit 'Apply,' and then 'Test Connection.'

Using these steps you should receive "This datasource can be successfully connected".

If you see a different error with "Could not connect within timeout period of: 60 seconds", you may be facing the problem described here:

[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Guardium Database Activity Monitor","Platform":[{"code":"PF033","label":"Windows"}],"Version":"9.0","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
16 June 2018

UID

swg21672056

Page Feedback