Cannot connect to MSSQL server #676

BlueHtml · 2024-11-07T05:37:56Z

Hello, I cannot connect to the MSSQL server in the production environment (previously I was connecting to the local server).

database_url: mssql://user:password@ip:1433/DB

Error: [2024-11-07T03:43:56.138Z WARN sqlpage::webserver::database::connect] Failed to connect to the database: error communicating with database: tls handshake eof. Retrying in 5 seconds.

Could this be an issue with the SSL certificate?

Version information

OS: windows 10 Simplified Chinese zh-CN
Database: MSSQL 2012
SQLPage Version: sqlpage 0.30.1

The text was updated successfully, but these errors were encountered:

lovasoa · 2024-11-07T07:28:17Z

Interesting. Can you please send the full verbose logs here? You can collect logs by launching SQLPage from your terminal with

set RUST_LOG=trace && path\to\sqlpage.exe

Can you also check the encryption setting of your database server and return the logs from the server from the time of the error of you have them?

BlueHtml · 2024-11-07T08:14:07Z

@lovasoa Logs (please help me check for any sensitive information):


[2024-11-07T07:56:12.384Z DEBUG sqlpage::webserver::database::connect] Connecting to a Mssql database on mssql://xxx
[2024-11-07T07:56:12.385Z INFO  sqlpage::webserver::database::connect] Connecting to database: mssql://xxx
[2024-11-07T07:56:12.385Z DEBUG sqlpage::webserver::database::connect] Not creating a custom SQL database connection handler because "\\\\?\\D:\\code\\tmp\\sqlpage\\sqlpage\\on_connect.sql" does not exist
[2024-11-07T07:56:12.389Z TRACE mio::poll] registering event source with poller: token=Token(1408712486144), interests=READABLE | WRITABLE
[2024-11-07T07:56:12.415Z DEBUG sqlx_core_oldapi::mssql::connection::establish] Sending T-SQL PRELOGIN with encryption: On
[2024-11-07T07:56:12.443Z TRACE sqlx_core_oldapi::mssql::connection::tls_prelogin_stream_wrapper] Handshake starting
[2024-11-07T07:56:12.444Z DEBUG rustls::client::hs] No cached session for IpAddress(V4(Ipv4Addr([x, x, x, x])))
[2024-11-07T07:56:12.445Z DEBUG rustls::client::hs] Not resuming any session
[2024-11-07T07:56:12.446Z TRACE rustls::client::hs] Sending ClientHello Message {
        version: TLSv1_0,
        payload: Handshake {
            parsed: HandshakeMessagePayload {
                typ: ClientHello,
                payload: ClientHello(
                    ClientHelloPayload {
                        client_version: TLSv1_2,
                        random: dc8621d0e137bbc3827ff58229db6e790e0aa886897acd65fa9ef31d8153c4bd,
                        session_id: 4c8ab0419b5f8d0655204678103f304f6598bf5651135e10a39c99a7e14ac9df,
                        cipher_suites: [
                            TLS13_AES_256_GCM_SHA384,
                            TLS13_AES_128_GCM_SHA256,
                            TLS13_CHACHA20_POLY1305_SHA256,
                            TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
                            TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
                            TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
                            TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
                            TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
                            TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
                            TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
                        ],
                        compression_methods: [
                            Null,
                        ],
                        extensions: [
                            SupportedVersions(
                                [
                                    TLSv1_3,
                                    TLSv1_2,
                                ],
                            ),
                            EcPointFormats(
                                [
                                    Uncompressed,
                                ],
                            ),
                            NamedGroups(
                                [
                                    X25519,
                                    secp256r1,
                                    secp384r1,
                                ],
                            ),
                            SignatureAlgorithms(
                                [
                                    RSA_PKCS1_SHA1,
                                    ECDSA_SHA1_Legacy,
                                    RSA_PKCS1_SHA256,
                                    ECDSA_NISTP256_SHA256,
                                    RSA_PKCS1_SHA384,
                                    ECDSA_NISTP384_SHA384,
                                    RSA_PKCS1_SHA512,
                                    ECDSA_NISTP521_SHA512,
                                    RSA_PSS_SHA256,
                                    RSA_PSS_SHA384,
                                    RSA_PSS_SHA512,
                                    ED25519,
                                    ED448,
                                ],
                            ),
                            ExtendedMasterSecretRequest,
                            CertificateStatusRequest(
                                Ocsp(
                                    OcspCertificateStatusRequest {
                                        responder_ids: [],
                                        extensions: ,
                                    },
                                ),
                            ),
                            KeyShare(
                                [
                                    KeyShareEntry {
                                        group: X25519,
                                        payload: ae367c4b99c735d73ea01f153b8aae8577b817de71895fcfbfd2ed9d5455cf1e,
                                    },
                                ],
                            ),
                            PresharedKeyModes(
                                [
                                    PSK_DHE_KE,
                                ],
                            ),
                            SessionTicket(
                                Request,
                            ),
                        ],
                    },
                ),
            },
            encoded: 010000d90303dc8621d0e137bbc3827ff58229db6e790e0aa886897acd65fa9ef31d8153c4bd204c8ab0419b5f8d0655204678103f304f6598bf5651135e10a39c99a7e14ac9df0014130213011303c02cc02bcca9c030c02fcca800ff0100007c002b00050403040303000b00020100000a00080006001d00170018000d001c001a020102030401040305010503060106030804080508060807080800170000000500050100000000003300260024001d0020ae367c4b99c735d73ea01f153b8aae8577b817de71895fcfbfd2ed9d5455cf1e002d0002010100230000,
        },
    }
[2024-11-07T07:56:12.460Z TRACE sqlx_core_oldapi::mssql::connection::tls_prelogin_stream_wrapper] Writing 234 bytes of TLS handshake
[2024-11-07T07:56:12.484Z TRACE mio::poll] deregistering event source from poller
[2024-11-07T07:56:12.484Z WARN  sqlpage::webserver::database::connect] Failed to connect to the database: error communicating with database: tls handshake eof. Retrying in 5 seconds.

lovasoa · 2024-11-07T08:25:38Z

Thank you. Maybe the database does not support encrypted connections? Can you try connecting with encryption disabled, and report the same logs?

You can disable encryption by adding ?encrypt=false to the connection string.

BlueHtml · 2024-11-07T09:07:02Z

@lovasoa Yes, you are right. It works fine after adding ?encrypt=false.

I couldn't find this option in the configuration.md. Can we include it?

lovasoa · 2024-11-07T12:37:37Z

Yes, I'll add a reference to supported connection string parameters.

Even better, we should be able to make it just work by default. We currently support both fully encrypted and fully cleartext connections, but I suspect your database expects sql server's third mode, that is partially encrypted connections where only the password is encrypted. We should add support for that too.

BlueHtml · 2024-11-07T13:47:06Z

Alright, we can give it a try.

lovasoa · 2024-11-20T22:32:23Z

I implemented login packet encryption for mssql.

However, looking back at your logs above, I'm not sure that would solve the initial issue.

I also added much more verbose debug logging during the connection phase, which will make debugging issues like this one easier.

Could you please test the latest pre-release of sqlpage (v0.31), try to connect to the same database (without setting encrypt in the connection string), and if it still fails, report the details logged here ?

lovasoa · 2024-11-20T22:36:01Z

I implemented login packet encryption for mssql.

However, looking back at your logs above, I'm not sure that would solve the initial issue.

I also added much more verbose debug logging during the connection phase, which will make debugging issues like this one easier.

Could you please test the latest pre-release of sqlpage (v0.31), try to connect to the same database (without setting encrypt in the connection string), and if it still fails, report the details logged here ?

BlueHtml · 2024-11-23T11:24:44Z

@lovasoa Hello, whether or not ?encrypt=false is added, an error occurs ( please help me check for any sensitive information ).

The log without ?encrypt=false is as follows:

[2024-11-23T10:50:13.610Z DEBUG sqlpage::webserver::database::connect] Connecting to a Mssql database on mssql://xxx
[2024-11-23T10:50:13.610Z INFO  sqlpage::webserver::database::connect] Connecting to database: mssql://xxx
[2024-11-23T10:50:13.611Z DEBUG sqlpage::webserver::database::connect] Not creating a custom SQL database connection handler because "\\\\?\\D:\\down\\idm\\zip\\sqlpage-windows-debug_2\\sqlpage\\on_connect.sql" does not exist
[2024-11-23T10:50:13.619Z TRACE mio::poll] registering event source with poller: token=Token(2165452922112), interests=READABLE | WRITABLE
[2024-11-23T10:50:13.647Z DEBUG sqlx_core_oldapi::mssql::connection::establish] Sending T-SQL PRELOGIN with encryption: PreLogin { version: Version { major: 0, minor: 6, build: 38, sub_build: 0 }, encryption: On, instance: None, thread_id: None, trace_id: None, multiple_active_result_sets: None }
[2024-11-23T10:50:13.686Z DEBUG sqlx_core_oldapi::mssql::connection::establish] Received PRELOGIN response: PreLogin { version: Version { major: 11, minor: 0, build: 3000, sub_build: 0 }, encryption: On, instance: None, thread_id: None, trace_id: None, multiple_active_result_sets: None }
[2024-11-23T10:50:13.686Z TRACE sqlx_core_oldapi::mssql::connection::establish] Mssql login phase and data packets encrypted
[2024-11-23T10:50:13.688Z TRACE sqlx_core_oldapi::mssql::connection::tls_prelogin_stream_wrapper] Handshake starting
[2024-11-23T10:50:13.689Z DEBUG rustls::client::hs] No cached session for DnsName("db.com")
[2024-11-23T10:50:13.690Z DEBUG rustls::client::hs] Not resuming any session
[2024-11-23T10:50:13.690Z TRACE rustls::client::hs] Sending ClientHello Message {
        version: TLSv1_0,
        payload: Handshake {
            parsed: HandshakeMessagePayload {
                typ: ClientHello,
                payload: ClientHello(
                    ClientHelloPayload {
                        client_version: TLSv1_2,
                        random: 416d52fe2026a154578f50e90aade1f07ebab1a8769d7892e005c3ad5be00a8d,
                        session_id: f85470a897efe0d18b35208a428b7d66fba1ba46dbaef12181dbeafbdb645af2,
                        cipher_suites: [
                            TLS13_AES_256_GCM_SHA384,
                            TLS13_AES_128_GCM_SHA256,
                            TLS13_CHACHA20_POLY1305_SHA256,
                            TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
                            TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
                            TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
                            TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
                            TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
                            TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
                            TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
                        ],
                        compression_methods: [
                            Null,
                        ],
                        extensions: [
                            SupportedVersions(
                                [
                                    TLSv1_3,
                                    TLSv1_2,
                                ],
                            ),
                            EcPointFormats(
                                [
                                    Uncompressed,
                                ],
                            ),
                            NamedGroups(
                                [
                                    X25519,
                                    secp256r1,
                                    secp384r1,
                                ],
                            ),
                            SignatureAlgorithms(
                                [
                                    RSA_PKCS1_SHA1,
                                    ECDSA_SHA1_Legacy,
                                    RSA_PKCS1_SHA256,
                                    ECDSA_NISTP256_SHA256,
                                    RSA_PKCS1_SHA384,
                                    ECDSA_NISTP384_SHA384,
                                    RSA_PKCS1_SHA512,
                                    ECDSA_NISTP521_SHA512,
                                    RSA_PSS_SHA256,
                                    RSA_PSS_SHA384,
                                    RSA_PSS_SHA512,
                                    ED25519,
                                    ED448,
                                ],
                            ),
                            ExtendedMasterSecretRequest,
                            CertificateStatusRequest(
                                Ocsp(
                                    OcspCertificateStatusRequest {
                                        responder_ids: [],
                                        extensions: ,
                                    },
                                ),
                            ),
                            ServerName(
                                [
                                    ServerName {
                                        typ: HostName,
                                        payload: HostName(
                                            DnsName(
                                                "db.com",
                                            ),
                                        ),
                                    },
                                ],
                            ),
                            KeyShare(
                                [
                                    KeyShareEntry {
                                        group: X25519,
                                        payload: da7c23f88c378be9a11dac2b6013df9ee51019d67386c9b76653e0f855e25359,
                                    },
                                ],
                            ),
                            PresharedKeyModes(
                                [
                                    PSK_DHE_KE,
                                ],
                            ),
                            SessionTicket(
                                Request,
                            ),
                        ],
                    },
                ),
            },
            encoded: 010000ee0303416d52fe2026a154578f50e90aade1f07ebab1a8769d7892e005c3ad5be00a8d20f85470a897efe0d18b35208a428b7d66fba1ba46dbaef12181dbeafbdb645af20014130213011303c02cc02bcca9c030c02fcca800ff01000091002b00050403040303000b00020100000a00080006001d00170018000d001c001a02010203040104030501050306010603080408050806080708080017000000050005010000000000000011000f00000c64622e686f74656c2e636f6d003300260024001d0020da7c23f88c378be9a11dac2b6013df9ee51019d67386c9b76653e0f855e25359002d0002010100230000,
        },
    }
[2024-11-23T10:50:13.700Z TRACE sqlx_core_oldapi::mssql::connection::tls_prelogin_stream_wrapper] Writing 255 bytes of TLS handshake
[2024-11-23T10:50:13.726Z TRACE mio::poll] deregistering event source from poller
[2024-11-23T10:50:13.727Z WARN  sqlpage::webserver::database::connect] Failed to connect to the database: error communicating with database: tls handshake eof. Retrying in 5 seconds.

The log with ?encrypt=false added is as follows:

[2024-11-23T10:50:53.143Z DEBUG sqlpage::webserver::database::connect] Connecting to a Mssql database on mssql://xxx?encrypt=false
[2024-11-23T10:50:53.144Z INFO  sqlpage::webserver::database::connect] Connecting to database: mssql://xxx?encrypt=false
[2024-11-23T10:50:53.145Z DEBUG sqlpage::webserver::database::connect] Not creating a custom SQL database connection handler because "\\\\?\\D:\\down\\idm\\zip\\sqlpage-windows-debug_2\\sqlpage\\on_connect.sql" does not exist
[2024-11-23T10:50:53.155Z TRACE mio::poll] registering event source with poller: token=Token(2262229274624), interests=READABLE | WRITABLE
[2024-11-23T10:50:53.177Z DEBUG sqlx_core_oldapi::mssql::connection::establish] Sending T-SQL PRELOGIN with encryption: PreLogin { version: Version { major: 0, minor: 6, build: 38, sub_build: 0 }, encryption: Off, instance: None, thread_id: None, trace_id: None, multiple_active_result_sets: None }
[2024-11-23T10:50:53.205Z DEBUG sqlx_core_oldapi::mssql::connection::establish] Received PRELOGIN response: PreLogin { version: Version { major: 11, minor: 0, build: 3000, sub_build: 0 }, encryption: Off, instance: None, thread_id: None, trace_id: None, multiple_active_result_sets: None }
[2024-11-23T10:50:53.206Z INFO  sqlx_core_oldapi::mssql::connection::establish] Mssql login phase encrypted, but data packets will be unencrypted
[2024-11-23T10:50:53.207Z TRACE sqlx_core_oldapi::mssql::connection::tls_prelogin_stream_wrapper] Handshake starting
[2024-11-23T10:50:53.207Z DEBUG rustls::client::hs] No cached session for DnsName("db.com")
[2024-11-23T10:50:53.208Z DEBUG rustls::client::hs] Not resuming any session
[2024-11-23T10:50:53.209Z TRACE rustls::client::hs] Sending ClientHello Message {
        version: TLSv1_0,
        payload: Handshake {
            parsed: HandshakeMessagePayload {
                typ: ClientHello,
                payload: ClientHello(
                    ClientHelloPayload {
                        client_version: TLSv1_2,
                        random: 1954d0768710302e32cd3910fc7e8bec519e593e887630d4712402adf35f3806,
                        session_id: 32aac659ebfc1f247562cffbb7b4e6b2937254e574b242bf7325bb69ca7588f6,
                        cipher_suites: [
                            TLS13_AES_256_GCM_SHA384,
                            TLS13_AES_128_GCM_SHA256,
                            TLS13_CHACHA20_POLY1305_SHA256,
                            TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
                            TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
                            TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
                            TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
                            TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
                            TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
                            TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
                        ],
                        compression_methods: [
                            Null,
                        ],
                        extensions: [
                            SupportedVersions(
                                [
                                    TLSv1_3,
                                    TLSv1_2,
                                ],
                            ),
                            EcPointFormats(
                                [
                                    Uncompressed,
                                ],
                            ),
                            NamedGroups(
                                [
                                    X25519,
                                    secp256r1,
                                    secp384r1,
                                ],
                            ),
                            SignatureAlgorithms(
                                [
                                    RSA_PKCS1_SHA1,
                                    ECDSA_SHA1_Legacy,
                                    RSA_PKCS1_SHA256,
                                    ECDSA_NISTP256_SHA256,
                                    RSA_PKCS1_SHA384,
                                    ECDSA_NISTP384_SHA384,
                                    RSA_PKCS1_SHA512,
                                    ECDSA_NISTP521_SHA512,
                                    RSA_PSS_SHA256,
                                    RSA_PSS_SHA384,
                                    RSA_PSS_SHA512,
                                    ED25519,
                                    ED448,
                                ],
                            ),
                            ExtendedMasterSecretRequest,
                            CertificateStatusRequest(
                                Ocsp(
                                    OcspCertificateStatusRequest {
                                        responder_ids: [],
                                        extensions: ,
                                    },
                                ),
                            ),
                            ServerName(
                                [
                                    ServerName {
                                        typ: HostName,
                                        payload: HostName(
                                            DnsName(
                                                "db.com",
                                            ),
                                        ),
                                    },
                                ],
                            ),
                            KeyShare(
                                [
                                    KeyShareEntry {
                                        group: X25519,
                                        payload: 94539e3ad4b0c60288b115ddf2b60d1ce6c803c0983f87ade5d0d3cef7130071,
                                    },
                                ],
                            ),
                            PresharedKeyModes(
                                [
                                    PSK_DHE_KE,
                                ],
                            ),
                            SessionTicket(
                                Request,
                            ),
                        ],
                    },
                ),
            },
            encoded: 010000ee03031954d0768710302e32cd3910fc7e8bec519e593e887630d4712402adf35f38062032aac659ebfc1f247562cffbb7b4e6b2937254e574b242bf7325bb69ca7588f60014130213011303c02cc02bcca9c030c02fcca800ff01000091002b00050403040303000b00020100000a00080006001d00170018000d001c001a02010203040104030501050306010603080408050806080708080017000000050005010000000000000011000f00000c64622e686f74656c2e636f6d003300260024001d002094539e3ad4b0c60288b115ddf2b60d1ce6c803c0983f87ade5d0d3cef7130071002d0002010100230000,
        },
    }
[2024-11-23T10:50:53.220Z TRACE sqlx_core_oldapi::mssql::connection::tls_prelogin_stream_wrapper] Writing 255 bytes of TLS handshake
[2024-11-23T10:50:53.255Z TRACE mio::poll] deregistering event source from poller
[2024-11-23T10:50:53.255Z WARN  sqlpage::webserver::database::connect] Failed to connect to the database: error communicating with database: tls handshake eof. Retrying in 5 seconds.

lovasoa · 2024-11-23T11:35:56Z

Thank you for helping investigate this!

You have properly redacted the database password.

The problem does not seem to be where I thought. The database reports it has encryption enabled, and SQLPage thus correctly starts a handshake, but something closes the connection prematurely. Do you have a firewall, or are you on an Enterprise network that may be doing this? Can you connect to the same database from the same computer using other tools? If you have the time,I would love to get a packet capture (using Wireshark) both of the failing connection and of a working connection that from a different software. You can send this to contact@ophir.dev if you are not sure how to redact it.

If you can to completely disable encryption (even for the database password) in the latest version, going back to the fully unencrypted connection that worked, you can use ?encrypt=not_supported.

PeteKersker · 2025-04-29T22:33:37Z

I'm still pretty new to this, so I'm not sure if I should comment on a closed item or open a new one. So, I'll start here and move my comment if needed.

First, I'm starting to test your product and I really like it. Well done!

My use case is that I have an existing site that I developed with DNN and all the site data is located on a Windows server with an MS SQL database. All of my new development is on a new server (Ubuntu 22.04) with different open source software. I would like to use your product to reach through to my current DNN/MSSQL database and create quick "apps" that I can integrate in various places.

Here's the problem: my connection (from Ubuntu Server #2 to Windows Server #1) does not work until I use ?encrypt=not_supported as described above. The log error is "Failed to connect to the database: error communicating with database: tls handshake eof. Retrying in 5 seconds." This same error occurs whether I set encrypt to true or false. I'm able to connect to the database through DBeaver just fine.

Are there any tests I can run in my environment that would help you troubleshoot this issue?

lovasoa · 2025-04-30T05:56:58Z

Hello and welcome to SQLPage!
Happy to hear you like it.
Can you open a new issue, and paste your trace level debug logs (you can redact the database password from them)?
You can set the log level with RUST_LOG=trace

PeteKersker · 2025-04-30T19:34:47Z

I just created #905 . I think it has everything you requested. I'll watch for your thoughts.

BlueHtml added the bug Something isn't working label Nov 7, 2024

lovasoa closed this as completed in f2e7e9e Nov 20, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Cannot connect to MSSQL server #676

Cannot connect to MSSQL server #676

BlueHtml commented Nov 7, 2024

lovasoa commented Nov 7, 2024

Uh oh!

BlueHtml commented Nov 7, 2024

Uh oh!

lovasoa commented Nov 7, 2024

Uh oh!

BlueHtml commented Nov 7, 2024

Uh oh!

lovasoa commented Nov 7, 2024

Uh oh!

BlueHtml commented Nov 7, 2024

Uh oh!

lovasoa commented Nov 20, 2024

Uh oh!

lovasoa commented Nov 20, 2024

Uh oh!

BlueHtml commented Nov 23, 2024

Uh oh!

lovasoa commented Nov 23, 2024

Uh oh!

PeteKersker commented Apr 29, 2025

Uh oh!

lovasoa commented Apr 30, 2025

Uh oh!

PeteKersker commented Apr 30, 2025

Uh oh!

Cannot connect to MSSQL server #676

Cannot connect to MSSQL server #676

Comments

BlueHtml commented Nov 7, 2024

Version information

lovasoa commented Nov 7, 2024

Uh oh!

BlueHtml commented Nov 7, 2024

Uh oh!

lovasoa commented Nov 7, 2024

Uh oh!

BlueHtml commented Nov 7, 2024

Uh oh!

lovasoa commented Nov 7, 2024

Uh oh!

BlueHtml commented Nov 7, 2024

Uh oh!

lovasoa commented Nov 20, 2024

Uh oh!

lovasoa commented Nov 20, 2024

Uh oh!

BlueHtml commented Nov 23, 2024

Uh oh!

lovasoa commented Nov 23, 2024

Uh oh!

PeteKersker commented Apr 29, 2025

Uh oh!

lovasoa commented Apr 30, 2025

Uh oh!

PeteKersker commented Apr 30, 2025

Uh oh!