Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cant connection to SQL Server from dockerized net6.0 app #1446

Open
ch0mik opened this issue Dec 28, 2021 · 13 comments
Open

cant connection to SQL Server from dockerized net6.0 app #1446

ch0mik opened this issue Dec 28, 2021 · 13 comments

Comments

@ch0mik
Copy link

ch0mik commented Dec 28, 2021
edited
Loading 

"Error":"Microsoft.Data.SqlClient.SqlException (0x80131904): A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: TCP Provider, error: 35 - An internal exception was caught)

 ---> System.Security.Authentication.AuthenticationException: The remote certificate was rejected by the provided RemoteCertificateValidationCallback.

   at System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken message, ExceptionDispatchInfo exception) in /builddir/build/BUILD/dotnet-9e8b04bbff820c93c142f99a507a46b976f5c14c/src/runtime.4822e3c3aa77eb82b2fb33c9321f923cf11ddde6/artifacts/source-build/self/src/src/libraries/System.Net.Security/src/System/Net/Security/SslStream.Implementation.cs:line 610

   at System.Net.Security.SslStream.CompleteHandshake(SslAuthenticationOptions sslAuthenticationOptions) in /builddir/build/BUILD/dotnet-9e8b04bbff820c93c142f99a507a46b976f5c14c/src/runtime.4822e3c3aa77eb82b2fb33c9321f923cf11ddde6/artifacts/source-build/self/src/src/libraries/System.Net.Security/src/System/Net/Security/SslStream.Implementation.cs:line 657

   at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm) in /builddir/build/BUILD/dotnet-9e8b04bbff820c93c142f99a507a46b976f5c14c/src/runtime.4822e3c3aa77eb82b2fb33c9321f923cf11ddde6/artifacts/source-build/self/src/src/libraries/System.Net.Security/src/System/Net/Security/SslStream.Implementation.cs:line 435

   at System.Net.Security.SslStream.AuthenticateAsClient(SslClientAuthenticationOptions sslClientAuthenticationOptions) in /builddir/build/BUILD/dotnet-9e8b04bbff820c93c142f99a507a46b976f5c14c/src/runtime.4822e3c3aa77eb82b2fb33c9321f923cf11ddde6/artifacts/source-build/self/src/src/libraries/System.Net.Security/src/System/Net/Security/SslStream.cs:line 296

   at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation) in /builddir/build/BUILD/dotnet-9e8b04bbff820c93c142f99a507a46b976f5c14c/src/runtime.4822e3c3aa77eb82b2fb33c9321f923cf11ddde6/artifacts/source-build/self/src/src/libraries/System.Net.Security/src/System/Net/Security/SslStream.cs:line 282

   at Microsoft.Data.SqlClient.SNI.SNITCPHandle.EnableSsl(UInt32 options)

   at Microsoft.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)

   at Microsoft.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)

   at Microsoft.Data.SqlClient.TdsParser.ConsumePreLoginHandshake(Boolean encrypt, Boolean trustServerCert, Boolean integratedSecurity, Boolean& marsCapable, Boolean& fedAuthRequired)

   at Microsoft.Data.SqlClient.TdsParser.Connect(ServerInfo serverInfo, SqlInternalConnectionTds connHandler, Boolean ignoreSniOpenTimeout, Int64 timerExpire, Boolean encrypt, Boolean trustServerCert, Boolean integratedSecurity, Boolean withFailover, SqlAuthenticationMethod authType)

   at Microsoft.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean ignoreSniOpenTimeout, TimeoutTimer timeout, Boolean withFailover)

   at Microsoft.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString connectionOptions, SqlCredential credential, TimeoutTimer timeout)

   at Microsoft.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(TimeoutTimer timeout, SqlConnectionString connectionOptions, SqlCredential credential, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance)

   at Microsoft.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, SqlCredential credential, Object providerInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString userConnectionOptions, SessionData reconnectSessionData, Boolean applyTransientFaultHandling, String accessToken, DbConnectionPool pool)

   at Microsoft.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, DbConnectionPoolKey poolKey, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection, DbConnectionOptions userOptions)

   at Microsoft.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnectionPool pool, DbConnection owningObject, DbConnectionOptions options, DbConnectionPoolKey poolKey, DbConnectionOptions userOptions)

   at Microsoft.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection owningObject, DbConnectionOptions userOptions, DbConnectionInternal oldConnection)

   at Microsoft.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection owningObject, DbConnectionOptions userOptions, DbConnectionInternal oldConnection)

   at Microsoft.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, UInt32 waitForMultipleObjectsTimeout, Boolean allowCreate, Boolean onlyOneCheckConnection, DbConnectionOptions userOptions, DbConnectionInternal& connection)

   at Microsoft.Data.ProviderBase.DbConnectionPool.WaitForPendingOpen()

--- End of stack trace from previous location ---

with newest Microsoft.Data.SqlClient or 3.0.1 the same on net6.0 docker image (RedHat UBI : redhat-registry.artifactory.mbank.pl/ubi8/dotnet-60-runtime ) and compiled as targetFramework = net6.0

but the same code, but 3.1 runtime from RedHat UBI and compiled as targetFramework = .net core 3.1 works fine with newest Microsoft.Data.SqlClient

I see thats on Debian`s images is the same : #1436
similar case : #1402
@JRahnama
Copy link
Contributor

@ch0mik could it be related to #1390? have you tried to update to net 6 latest patch release?

@ch0mik
Copy link
Author

ch0mik commented Dec 29, 2021

@JRahnama Hi, im will waiting ofcourse for patch. Additional Im trying with

 ServicePointManager.ServerCertificateValidationCallback +=  (sender, cert, chain, sslPolicyErrors) => true;

and ConnString as ... ;Encrypt=False; or TrustServerCertificate=True - the same effect : the POD crash

Regards
Pawel

@JRahnama
Copy link
Contributor

@ch0mik are you using Kerberos for authentication?

@ch0mik
Copy link
Author

ch0mik commented Dec 30, 2021

@JRahnama yes, Im use Kerberos for Auth as SideCar and shared folder for sharing token file
on 3.1 with the same code works fine, but when is compiled (targetFramework = net6.0) into redhat-registry.artifactory.mbank.pl/ubi8/dotnet-60-runtime - the pod crash when i can connect to the SQL Server

see the stack trace above.

Regards
Pawel

@JRahnama
Copy link
Contributor

it is more similar to #1390. There is an issue with dotnet run time issue. Our hot fix release is scheduled around mid January.

@ch0mik
Copy link
Author

ch0mik commented Jan 17, 2022
edited
Loading

@JRahnama hi!, i found that fix has been released : https://github.com/dotnet/runtime/releases/tag/v6.0.1

fix : 85ed860 has been merged

@JRahnama
Copy link
Contributor

Does the fix work in your case?

@joemcbride
Copy link

joemcbride commented Jan 21, 2022
edited
Loading

v6.0.1 SDK/runtime does not work for our case, using Microsoft.Data.SqlClient 4.0.1 from a .NET Core 6.0 web app and running SQL Server in a Linux Docker Container. Using UserId/Password authentication running on local machine. Same issue on both macOS and Windows. 😞

@jmezach
Copy link

jmezach commented Feb 11, 2022

Sounds like this is related to #1402

@ch0mik
Copy link
Author

ch0mik commented Feb 15, 2022

@JRahnama i think the problem back with 6.0.2 runtime ...

@ch0mik
Copy link
Author

ch0mik commented Feb 16, 2022

only works the workaround

        [DllImport("System.Net.Security.Native", EntryPoint = "NetSecurityNative_EnsureGssInitialized")]
        internal static extern int EnsureGssInitialized();

...

 if (OperatingSystem.IsLinux() && Environment.Version?.Major >= 6)
            {
                EnsureGssInitialized();
                Console.WriteLine("Enabled WorkAround for net6.0 @Linux and SQL");
            }

@ch0mik ch0mik closed this as completed Feb 16, 2022
@ch0mik ch0mik reopened this Feb 16, 2022
@angularsen
Copy link

angularsen commented Apr 9, 2022
edited
Loading

In my case, I was running mssql/server:2019-later in Docker on an Azure Pipelines build agent.

All connections failed with A connection was successfully established with the server, but then an error occurred during the pre-login handshake..

Encrypt=False in the connection string did not help.

From SQL logs, it turned out the problem was with the mounted volumes: ERROR: BootstrapSystemDataDirectories.
This is a known issue: microsoft/mssql-docker#602 (comment)

By not mounting Docker volumes, I could connect. So the original error message threw me off in the wrong direction, debugging SSL and TLS1.2.

Maybe this helps some others googling this.

@jrichardsz
Copy link

Hi. Any update?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@joemcbride @angularsen @jmezach @ch0mik @jrichardsz @JRahnama