You are viewing limited content. For full access, please sign in.

Question

Question

Audit Trail Configuration & TLS 1.2

Audit Trail
Updated September 16, 2021
asked on July 27, 2018

Our Client is encountering an issue with Audit Trail 10.3.1 and TLS 1.2. Per our Client, it appears that Audit Trail 10.3.1.90 is using a SQL Server client driver that requires TLS 1.0 communication.

The server on which Audit Trail is installed is TLS 1.2 compliant. When they attempted to run the Audit Trail Repository Setup Wizard, and during the audit database setup step, Audit Trail couldn't communicate with SQL Server. They received a familiar SSL communication error. Upon re-enabling TLS 1.0, they were able to successfully create an audit database using the wizard.

They are guessing that Audit Trail is using the default SQL Server driver included with Windows, and that driver is not TLS 1.2 compliant.

Questions:

  • Is there a way we can choose which SQL Server driver to use for Audit Trail?
  • If no, is there a patch we can apply to Audit Trail to use a TLS 1.2 compliant SQL Server driver.
  • In no, can you please submit this information to Laserfiche Support as a bug/feature request?

 

0 0

Replies

replied on July 30, 2018

See the discussion and links in https://answers.laserfiche.com/questions/59666/What-version-of-SSL-does-LF-use.  Client applications that use .Net framework 4.5 need registry updates to enable newer versions of TLS.

0 0
replied on August 2, 2018

Hi Brian,

 

The Client tried that but still no go. Here is the error that they are encountering now:

 

Event 0, Laserfiche Audit Trail Configuration
ERROR [08001] [Microsoft][ODBC SQL Server Driver][DBNETLIB]SSL Security error
ERROR [01000] [Microsoft][ODBC SQL Server Driver][DBNETLIB]ConnectionOpen (SECCreateCredentials()).
ERROR [01S00] [Microsoft][ODBC SQL Server Driver]Invalid connection string attribute 
Server stack trace: 
   at System.Data.Odbc.OdbcConnection.HandleError(OdbcHandle hrHandle, RetCode retcode)
   at System.Data.Odbc.OdbcConnectionOpen..ctor(OdbcConnection outerConnection, OdbcConnectionString connectionOptions)
   at System.Data.Odbc.OdbcConnectionFactory.CreateConnection(DbConnectionOptions options, DbConnectionPoolKey poolKey, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningObject)
   at System.Data.ProviderBase.DbConnectionFactory.CreateNonPooledConnection(DbConnection owningConnection, DbConnectionPoolGroup poolGroup, DbConnectionOptions userOptions)
   at System.Data.ProviderBase.DbConnectionFactory.TryGetConnection(DbConnection owningConnection, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal oldConnection, DbConnectionInternal& connection)
   at System.Data.ProviderBase.DbConnectionInternal.TryOpenConnectionInternal(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions)
   at System.Data.ProviderBase.DbConnectionInternal.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory)
   at System.Data.Odbc.OdbcConnection.Open()
   at Laserfiche.Catalyst.RetriableDbOperations.DbRetriableOperation`3.<>c__DisplayClassa`1.<Invoke>b__9()
   at Laserfiche.Catalyst.RetriableDbOperations.DbAwsRetryStrategy.Invoke[TResult](Func`1 func)
   at Laserfiche.Catalyst.RetriableDbOperations.DbRetriableOperation`3.InvokeRetriableOperation[TResult](Func`1 func)
   at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Object[]& outArgs)
   at System.Runtime.Remoting.Messaging.StackBuilderSink.SyncProcessMessage(IMessage msg)
 
Exception rethrown at [0]: 
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at AuditRemoting.IReporting.GetAllSQLDataBase()
   at WebAuditConfig.WS.GetDatabaseInfo()

Any ideas on what might be happening here?

Regards

0 0
View 2 previous replies
replied on August 2, 2018

Are you able to use TLS 1.2 on the connection between Audit Trail and Laserfiche server?  If so, that would suggest the problem is not with Audit Trail's or the machine's support of TLS, but maybe with the driver instead.

0 0
replied on August 3, 2018

Brian,

 

How can we verify/use TLS 1.2 on the connection  between Audit Tratil and Laserfiche server?

0 0
replied on August 3, 2018

Are they using TLS 1.2 for only the SQL connections?  I would expect that the protocol transition would be across the organization, in which case you would use the same techniques on the LFS machine as the SQL machine.  This is covered in the thread I posted in my first response.  You can use something like Wireshark to see what version is actually being negotiated between client and server.

I forgot to reply to your earlier question about the driver: Audit Trail 10.3 will use "ODBC Driver 13 for SQL Server", which supports TLS 1.2.  But often in this situation it's not a matter of what the software supports, it's what it is configured to use.

0 0
replied on September 9, 2021

Hi Karim, you found any solution for this issue¿? I got the same error but my client is using audittrail 10.2. frown Thanks! 

0 0
replied on September 16, 2021

This is a known issue for older versions of Audit Trail. Please use 10.4 or higher.

1 0
replied on January 4, 2019

Hi, we're having the same problem. I tried the solutions from the reply above to no avail. Only TLS 1.2 is enabled on the server via the Schannel registy entries. I also added the registry entries for .NET 4.0 also mentioned in the post. I also tried installing the ODBC 13 driver. 

Everything else seems to be connecting fine (Laserfiche server and workflow). These services are all running on the same machine. 

Anything else I can try?

0 0
View 2 previous replies
replied on January 4, 2019

What version of Audit Trail is this?  AT only started using the ODBC 13 driver in version 10.3 (I think), installing it for an older version of AT won't resolve the issue.

0 0
replied on January 4, 2019

It's a fresh install, version 10.3.1.90. 

0 0
replied on January 8, 2019

First, a correction.  Audit Trail recently switched to use version 11 of the ODBC driver.  Second, it does turn out that Audit Trail uses the old driver for the configuration step, which will keep you from successfully configuring the application if TLS 1.0 is not available.  I've committed a fix for this (bug 149401), and I hope we can release a patch shortly.  Since the problem is during configuration, a workaround is to temporarily enable TLS 1.0 at that step.  If that's not an option, you can open a support case to get earlier access.  If you do, reference this post so they know the situation.

0 0
replied on January 15, 2019

Hi, sorry it took me so long to respond.

 

Enabling TLS 1.0 does allow me to configure Audit Trail. However, Audit Trail Reporting also does not work with TLS 1.2. When you try to view a report, the grid area shows a spinner and an SSL error is logged in the event viewer (see below). If I can at least get Reporting working I can live with the configuration requiring TLS 1.0...

 

ERROR [08001] [Microsoft][ODBC SQL Server Driver][DBNETLIB]SSL Security error
ERROR [01000] [Microsoft][ODBC SQL Server Driver][DBNETLIB]ConnectionOpen (SECCreateCredentials()).
ERROR [01S00] [Microsoft][ODBC SQL Server Driver]Invalid connection string attribute 
Server stack trace: 
   at System.Data.Odbc.OdbcConnection.HandleError(OdbcHandle hrHandle, RetCode retcode)
   at System.Data.Odbc.OdbcConnectionOpen..ctor(OdbcConnection outerConnection, OdbcConnectionString connectionOptions)
   at System.Data.Odbc.OdbcConnectionFactory.CreateConnection(DbConnectionOptions options, DbConnectionPoolKey poolKey, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningObject)
   at System.Data.ProviderBase.DbConnectionFactory.CreateNonPooledConnection(DbConnection owningConnection, DbConnectionPoolGroup poolGroup, DbConnectionOptions userOptions)
   at System.Data.ProviderBase.DbConnectionFactory.TryGetConnection(DbConnection owningConnection, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal oldConnection, DbConnectionInternal& connection)
   at System.Data.ProviderBase.DbConnectionInternal.TryOpenConnectionInternal(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions)
   at System.Data.ProviderBase.DbConnectionInternal.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory)
   at System.Data.Odbc.OdbcConnection.Open()
   at Laserfiche.Catalyst.RetriableDbOperations.DbRetriableOperation`3.<>c__DisplayClassa`1.<Invoke>b__9()
   at Laserfiche.Catalyst.RetriableDbOperations.DbAwsRetryStrategy.Invoke[TResult](Func`1 func)
   at Laserfiche.Catalyst.RetriableDbOperations.DbRetriableOperation`3.InvokeRetriableOperation[TResult](Func`1 func)
   at AuditDBService.RemotableReporting.GetReport(RemotableOverallReportParams param, String repo, Int32 pageNum, Int32 pageSize, Int32 NumRows)
   at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Object[]& outArgs)
   at System.Runtime.Remoting.Messaging.StackBuilderSink.SyncProcessMessage(IMessage msg)

Exception rethrown at [0]: 
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at AuditRemoting.IReporting.GetReport(RemotableOverallReportParams param, String repo, Int32 pageNum, Int32 pageSize, Int32 NumRows)
   at WebAuditReport.WS.GetPagedGridData(String reportGuid, String repository, Int32 page, Int32 pageSize)
 

0 0
replied on February 4, 2019

You might also try the steps for allowing TLS 1.2 in the .Net framework outlined here: https://support.laserfiche.com/kb/1013919/configuration-information-for-tls-1-2

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...