Forum Discussion
CirrocumulusMSSQL Health Check Unresponsive
I'm tasked with setting up two read-only MSSQL instances behind our F5. I received a login from our DBAs to use for the monitor and I am able to connect to both instances with the login using SSMS. The problem comes into play when I configure a monitor. It will show both instances as down when I know that they are up and connecting via the login. If I do not use a monitor on the pool, I am able to connect to the instance via the Virtual Server using the login without issue. I turned on Debug for the monitor and this is the output that is shown:
2017-08-03 11:08:53.342: jdbc:sqlserver://10.0.x.x:1433;databaseName=;(Thread-401544): DB DriverManager.getConnection failed: "The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "java.lang.RuntimeException: Could not generate DH keypair"."com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "java.lang.RuntimeException: Could not generate DH keypair". at com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(SQLServerConnection.java:1368) at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1412) at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:1058) at com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:833) at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(SQLServerConnection.java:716) at com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(SQLServerDriver.java:841) at java.sql.DriverManager.getConnection(DriverManager.java:579) at java.sql.DriverManager.getConnection(DriverManager.java:221) at ) at ) at ) at java.lang.Thread.run(Thread.java:722)Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1886) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1844) at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1827) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1346) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323) at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1379) ... 10 moreCaused by: java.lang.RuntimeException: Could not generate DH keypair at sun.security.ssl.DHCrypt.(DHCrypt.java:136) at sun.security.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:621) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:205) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868) at sun.security.ssl.Handshaker.process_record(Handshaker.java:804) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339) ... 12 moreCaused by: java.security.InvalidAlgorithmParameterException: Prime size must be multiple of 64, and can only range from 512 to 1024 (inclusive) at com.sun.crypto.provider.DHKeyPairGenerator.initialize(DHKeyPairGenerator.java:120) at java.security.KeyPairGenerator$Delegate.initialize(KeyPairGenerator.java:658) at sun.security.ssl.DHCrypt.(DHCrypt.java:127) ... 19 more
Anyone have any idea on what is going on here and how to mitigate this issue? I tried setting the count to 2 but that did not work either. Any help would be greatly appreciated!
1 Reply
JustCooLpOOLeUpdate:
I was configuring this on a 1600 which was using 11.6 HF4. That is where the error was being thrown. I was able to configure it on iSeries 2600 running 12.1.2 Build 0.0249 and on a 5000 running version 12 Build 3.0.654.
As the 1600 boxes are no longer licensed, I'm probably not going to worry about upgrading but thought I would pass this along in the event anyone came across the same issue.
