-
Notifications
You must be signed in to change notification settings - Fork 282
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Encrypt=False does not work when coupled with .NET6 bullseye docker image (Encounter fatal crash with no exception). #1436
Comments
@ekjsim are you using Kerberos for authentication? |
a possible duplication of #1390. |
Yes, im using Kerberos for authentication. @JRahnama Connection String: "SERVER=hostname;DATABASE=databasename;Integrated Security=SSPI;Encrypt=False;" # Base image
FROM mcr.microsoft.com/dotnet/aspnet:6.0-bullseye-slim AS base
WORKDIR /
# Install krb5
RUN apt-get update
RUN apt-get remove krb5-config krb5-user
RUN apt install -y krb5-config
RUN apt-get install -y krb5-user
RUN mkdir /etc/krb5.conf.d/
COPY ["krb5.conf", "/etc/krb5.conf"]
COPY ["default.keytab", "/etc/default.keytab"]
# Install cron
RUN apt-get -y install cron
RUN echo "@reboot root kinit username-k -t /etc/default.keytab" >> /etc/crontab
RUN echo "0 */6 * * * root kinit username -k -t /etc/default.keytab" >> /etc/crontab
WORKDIR /app
EXPOSE 80
# SDK image
FROM mcr.microsoft.com/dotnet/sdk:6.0-bullseye-slim AS build
WORKDIR /build |
@JRahnama I have tested the temporary workaround and confirm that it will fix the issue that I'm facing. Hence, Im confirming that this symptom is a issue #1390. Adding the code below as suggested in #1390 (comment) will resolve the error. if (OperatingSystem.IsLinux() && Environment.Version.Major >= 6)
{
Log.Information("Ensuring Gss is Initialized ({ApplicationContext})...", AppName);
EnsureGssInitialized();
} The full snippet of the "Program" code that I have. public class Program
{
public static readonly string Namespace = typeof(Program).Namespace;
public static readonly string AppName = Namespace;
[DllImport("System.Net.Security.Native", EntryPoint = "NetSecurityNative_EnsureGssInitialized")]
internal static extern int EnsureGssInitialized();
public static int Main(string[] args)
{
var configuration = GetConfiguration();
Log.Logger = CreateSerilogLogger(configuration);
try
{
if (OperatingSystem.IsLinux() && Environment.Version.Major >= 6)
{
Log.Information("Ensuring Gss is Initialized ({ApplicationContext})...", AppName);
EnsureGssInitialized();
}
Log.Information("Starting cron ({ApplicationContext})...", AppName);
ShellHelper.Run("cron");
Log.Information("Configuring web host ({ApplicationContext})...", AppName);
var webHost = CreateHostBuilder(configuration, args).Build();
Log.Information("Starting web host ({ApplicationContext})...", AppName);
webHost.Run();
return 0;
}
catch (Exception e)
{
Log.Fatal(e, "Program terminated unexpectedly ({ApplicationContext})!", AppName);
return 1;
}
finally
{
Log.CloseAndFlush();
}
} Thank you for your help and we will be looking forward to the next revision. |
@ekjsim our next hot release is scheduled around mid January 2022. I am closing this issue as a duplicate and you can follow the progress on that PR. You can also test with the nuget provided from a built artifact in that thread. |
In my case, I was running All connections failed with
From SQL logs, it turned out the problem was with the mounted volumes: By not mounting Docker volumes, I could connect. So the original error message threw me off in the wrong direction, debugging SSL and TLS1.2. Maybe this helps some others googling this. |
Describe the bug
When Connection Encrypt=False, connection does not open and program just crashed with no exception.
When Connection Encrypt=True, failed with
A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: TCP Provider, error: 35 - An internal exception was caught)
which is expected as the onpremise SQL Server is not configured with SSL.Below are some of the scenarios we have tested with SQLClient 4.0.0 with:
a) 5.0.404-bullseye-slim-amd64 linux docker container (Encrypt=False). Connection is established as correctly.
b) 5.0.404-bullseye-slim-amd64 linux docker container (Encrypt=True). Exception is thrown as expected.
c) 6.0.101-bullseye-slim-amd64 linux docker container (Encrypt=False). No exception thrown, program just terminated.
d) 6.0.101-bullseye-slim-amd64 linux docker container (Encrypt=True). Exception thrown as expected.
This is the surprising thing:
The same code, same SQL server, and same SQLClient library works on 5.0.404 but failed without even an exception message on 6.0.101
To reproduce
Include a complete code listing (or project/solution) that we can run to reproduce the issue.
Partial code listings, or multiple fragments of code, will slow down our response or cause us to push the issue back to you to provide code to reproduce the issue.
Expected behavior
Connection happens
Further technical details
Microsoft.Data.SqlClient version: 4.0.0
.NET target: .NET 6.0.101
SQL Server version: SQL Server 2016 (v13.0.5830.85)
Operating system: Docker Container (bullseye-slim)
Nuget Packages:
Autofac.Extensions.DependencyInjection" Version="7.2.0"
Dapper" Version="2.0.123"
MediatR" Version="9.0.0"
MediatR.Extensions.Microsoft.DependencyInjection" Version="9.0.0"
Microsoft.AspNet.WebApi.Client" Version="5.2.7"
Microsoft.AspNetCore.Authentication.JwtBearer" Version="5.0.13"
Microsoft.AspNetCore.Mvc.NewtonsoftJson" Version="5.0.13"
Microsoft.AspNetCore.Mvc.Razor.RuntimeCompilation" Version="5.0.13"
Microsoft.Data.SqlClient" Version="4.0.0"
Microsoft.Extensions.Logging" Version="6.0.0"
Serilog.AspNetCore" Version="4.1.0"
Serilog.Sinks.Splunk" Version="3.7.0"
Swashbuckle.AspNetCore" Version="6.2.3"
Additional context
Need help to further debug / understand the issue
The text was updated successfully, but these errors were encountered: