I'm attempting to connect to Redshift. I've double checked my settings, password, etc. but I keep getting the error message in the title:
Invalid connection property value sslmode : require
I'm not sure what other information to provide? Our connection needs ssl:required setting. I experimented by selecting all available drop down options in the drop down, including prefer, allow, among others.
How can I overcome this error when the connection requires ssl mode set to required?
A few months later and gave this another try and found a accidental solution. What's working for me right now is this: I created a brand new connection and forgot to set ssl mode to require, then my connection worked. We do require ssl mode, it seems Dbeaver with aws/redshift driver must default to this. But, as soon as I deliberately go into ssl settings and set this to require, Dbeaver complains per the above with a 'invalid' message.
Related
We have set our Kafka Connect to be able to read credentials from a file, instead of giving them directly in connector config. This is how a login part of connector config looks like:
"connection.user": "${file:/kafka/pass.properties:username}",
"connection.password":
"${file:/kafka/pass.properties:password}",
We also added these 2 lines to "connect-distributed.properties" file:
config.providers=file
config.providers.file.class=org.apache.kafka.common.config.provider.FileConfigProvider
Mind that it works perfectly for JDBC connectors, so there is no problem with the pass.properties file. But for other connectors, such as couchbase, rabbitmq, s3 etc. it causes problems. All these connectors work fine when we give credentials directly but when we try to make Connect to read them from a file it gives some errors. What could be the reason? I don't see any JDBC specific configuration here.
EDIT:
An error about couchbase in connect.log:
[2021-12-02 11:50:19,580] ERROR [com.couchbase.io][SaslAuthenticationFailedEvent][20ms] Authentication Failure - Potential causes: invalid credentials or if LDAP is enabled ensure PLAIN SASL mechanism is exclusively used on the PasswordAuthenticator (insecure) or TLS is used (recommended) {"circuitBreaker":"DISABLED","coreId":"0xbf785c7500000001","remote":"10.30.142.109:11210","status":"UNKNOWN","type":"KV","xerror":{"ref":"ae3ce600-7097-4077-9231-8ced290cd399"}} (com.couchbase.io:533)
[2021-12-02 11:50:19,580] WARN [com.couchbase.endpoint][EndpointConnectionFailedEvent][23ms] Connect attempt 9 failed because of AuthenticationFailureException: Authentication Failure - Potential causes: invalid credentials or if LDAP is enabled ensure PLAIN SASL mechanism is exclusively used on the PasswordAuthenticator (insecure) or TLS is used (recommended) {"circuitBreaker":"DISABLED","coreId":"0xbf785c7500000001","remote":"10.30.142.109:11210","type":"KV"} (com.couchbase.endpoint:523)
com.couchbase.client.core.error.AuthenticationFailureException: Authentication Failure - Potential causes: invalid credentials or if LDAP is enabled ensure PLAIN SASL mechanism is exclusively used on the PasswordAuthenticator (insecure) or TLS is used (recommended) {"circuitBreaker":"DISABLED","coreId":"0xbf785c7500000001","remote":"10.30.142.109:11210","status":"UNKNOWN","type":"KV","xerror":{"ref":"ae3ce600-7097-4077-9231-8ced290cd399"}}
at com.couchbase.client.core.io.netty.kv.SaslAuthenticationHandler.failConnect(SaslAuthenticationHandler.java:488)
at com.couchbase.client.core.io.netty.kv.SaslAuthenticationHandler.maybeFailConnect(SaslAuthenticationHandler.java:293)
at com.couchbase.client.core.io.netty.kv.SaslAuthenticationHandler.channelRead(SaslAuthenticationHandler.java:250)
at com.couchbase.client.core.io.netty.kv.MemcacheProtocolVerificationHandler.channelRead(MemcacheProtocolVerificationHandler.java:84)
at java.lang.Thread.run(Thread.java:748)
It says something about authentication but works fine when credentials are given directly. If the masking is not working correctly, how does it work for JDBC connectors?
Looks like the problem was quote marks in pass.properties file. The interesting thing is, even if credentials are typed with or without quote marks, JDBC connectors work well. Maybe the reason is it is the first line in the file but just a small possibility.
So, do NOT use quote marks in your password files, even if some of the connectors work this way.
When I attempt to connect to an instance of a PostgreSQL database I've created as per the AWS "Create and Connect to a PostgreSQL Database with Amazon RDS" tutorial located here (https://aws.amazon.com/getting-started/tutorials/create-connect-postgresql-db/), I receive an error that reads:
[08001] The connection attempt failed.
java.net.SocketTimeoutException: connect timed out.
The database is set to allow incoming and outgoing traffic on all ports and from all IP addresses. I am completely at a loss as to how to get this working and have reached out to AWS Support for their input, but, as yet, all I've done is follow the directions prescribed by the AWS tutorial--to no avail.
Does anyone know what might be the issue?
Edit: I should mention that all of my, host URL, port number, database name, etc. have been entered correctly into DataGrip, so none of the above are the issue.
All right--I've figured it out.
First off, #Mark B was right--the issue was that I hadn't yet made the database itself publicly accessible via the VPC security group of which it was a member. To do this, from the database detail screen in AWS, I:
clicked (what for me was the one and only) link beneath the "VPC security groups" of the database's dashboard, which directed me to the EC2 Security Groups screen
clicked the security group link related to my database, which directed me to that group's detail page
clicked the "Edit inbound rules" button which directed me to the "Edit inbound rules" screen
clicked the "Add rule" button, which caused a table row containing the following columns: "Type", "Protocol," "Port Range," "Source," "Description - optional"
selected "PostgreSQL" for the "Type" column, which caused the values of "TCP" and "5432" to populate the "Protocol" and "Port range" columns respectively, entered my machine's IP address ("123.456.789.012/32"--no quotes and no parentheses), and left "Description - optional" blank, because, well, it's optional.
Finally, I guess I'd forgotten to explicitly name the database, and so my attempts to enter what for me was ostensibly the database's name (that is, "database-1") resulted in a connection error indicating that "database-1" does not exist. So, for the sake of ease and simply verifying my database connection, I entered "postgres" as the database name in my database client (I'm presently using DataGrip), because "postgres" is the de facto name of a postgreSQL database.
And that should work. I'm sure this is all no-brainer stuff to those more experienced with AWS, but it's new to me and presumably to many others.
Thanks again, #Mark B, for sending me down the right path.
I tried to override connectionstring in Azure portal with this connection :
Server=tcp:server.database.windows.net,1433;Database=mydatabase;User ID=username#server;Password=xxxxxx;Trusted_Connection=False;Encrypt=True;Connection Timeout=30;
It gives me an error Keyword not supported: 'server' and when I tried it as:
metadata=res://*/DataAccess.MyDataBase.csdl|res://*/DataAccess.MyDataBase.ssdl|res://*/DataAccess.MyDataBase.msl;provider=System.Data.SqlClient;provider connection string="data source=tcp:server.database.windows.net,1433;initial catalog=MyDataBase;persist security info=True;user id=username#server;password=xxxxxx;MultipleActiveResultSets=True;App=EntityFramework""
It gives "Keyword not supported: 'metadata'. !!
So what is the exact connectionstring should I write ??
Also I tried all of connection string types as provided in the screenshot.
Ok I found an answer relative to my issue, but also I figured out something
First of all the connection string should be like
metadata=res://*/DataAccess.MyDataBase.csdl|res://*/DataAccess.MyDataBase.ssdl|res://*/DataAccess.MyDataBase.msl;provider=System.Data.SqlClient;provider connection string="Server=tcp:server.database.windows.net,1433;Database=MyDataBase;User ID=username#server;Password=xxxxxx;Trusted_Connection=False;Encrypt=True;Connection Timeout=30;"
And notice the quotation should be " not " , Also as Nick said it should be Custom .
The first connection string ('Server=..') is used for connecting directly to the database, without passing through Entity Framework.
The second connection string ('metadata=..') is an Entity Framework connection string. If you're using EF, you should mark the connection string in the Azure Management portal as 'Custom' as opposed to 'SQL Database'.
In the control panel, there is a spot on the Database Panel that says "Show database connection strings" that gives you complete connection strings for your database for ADO.Net, PHP, Java and ODBC. These can be used as a starting point, from which I added MARS support and a different user/password to mine.
Here is my connection string to help you out. We use this one to override in the Azure WebApps Control Panel.
Server=tcp:[AZURE_DB_NAME].database.windows.net,1433;Database=[DATABASE_NAME];User ID=[USER_ID];Password=[PASSWORD];Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;MultipleActiveResultSets=True
As to the Drop Down, we have it set to SQL Database.
One thing that comes to mind. Have you tried using your connection string in VS Debug mode to see what happens? You just have to configure your AzureDB to allow a remote connection from your IP for that to work. It could provide some insight for you that your connection is correct but something else is failing.
I tried solution from Mohamed Farrag but got this error:
System.ArgumentException: Keyword not supported:
'.ssdl|res://*/dataaccess.MyDataBase.msl;provider'.
After removing DataAccess. from my connection string it worked:
metadata=res://*/MyDataBase.csdl|res://*/MyDataBase.ssdl|res://*/MyDataBase.msl;provider=System.Data.SqlClient;provider connection string="Server=tcp:server.database.windows.net,1433;Database=MyDataBase;User ID=username#server;Password=xxxxxx;Trusted_Connection=False;Encrypt=True;Connection Timeout=30;"
So, I'm executing this command:
cm ci -c="Merge child branch"
And, here's the response:
The selected items are about to be checked in. Please wait ...
WARNING: the secure connection hostname provided in the server
certificate doesn't match the server's hostname. This means that the
certificate was not issued to this hostname or that there is a network
configuration problem with this host.
- Certificate hostname: CN=ip-<obfuscated>
- Server hostname: CN=<obfuscated>
If you want to continue connecting to this host, choose 'Yes'. The certificate
validation will continue (not recommended).
If you want to abandon the connection, choose 'No' (recommended).
Choose an option (Y)es, (N)o (hitting Enter selects 'No'): y
The server you are connecting to has sent a certificate that is not in the
store. This is normal if it is the first time that you connect to this server.
Certificate details:
- Issued to: CN=ip-<obfuscated>
- Issued by: CN=ip-<obfuscated>
- Expiration date: 6/30/2023 6:15:40 AM
- Certificate hash:<obfuscated>
If you trust this host, choose 'Yes' to add the key to Plastic SCM's key store
(recommended if it is the first time you connect to this server).
If you want to carry on connecting just once, without adding the key to the
store, choose 'No'.
If you do not trust this host, choose 'Cancel' to abandon the connection.
Choose an option (Y)es, (N)o, (C)ancel (hitting Enter cancels): y
Assembling checkin data
Validating checkin data
Uploading file data
Confirming checkin operation
The trigger before-checkin [Comment Required] failed. .
In particular, that last line:
The trigger before-checkin [Comment Required] failed. .
But, I thought I was adding a comment. I don't think it's a syntax error. Where should I begin to debug this issue?
By the way, the same "comment required" error happens in the GUI as well even though I clearly have a comment in the comment box:
The Plastic server service I was connected to was down. In short, the first thing I should have done was contact the server administrator.
Note to self: Don't always think Stack Overflow is the only best way to solve your problems.
I'm trying to enforce TLS for out going mail to a single host. I'm no exim expert, in fact I've never even used it, it was all set up by the previous developer.
I just assumed inserting hosts_require_tls = example.co.uk in exmin.conf and restarting the service would work. But when I add this line the service wont start. I checked in the "panic" error log after trying to start the service and it contains
"2011-08-02 12:20:18 Exim configuration error in line 150 of /etc/exim.conf:
main option "hosts_require_tls" unknown"
So I'm obviously being dumb and putting it in the wrong config file or something. Any help would be greatly appreciated. Thanks! :-)
The setting has to be put in the corresponding transport configuration section, probably
remote_smtp:
driver = smtp
hosts_require_tls = example.co.uk
by default. Not in the main configuration (where it is unknown).