JDBC Connection Hangs Since Security Update KB2539636 - by Robert A. Butler

Status : 

  External<br /><br />
		This item may be valid but belongs to an external system out of the direct control of this product team.<br /><br />
		A more detailed explanation for the resolution of this particular item may have been provided in the comments section.


7
0
Sign in
to vote
ID 696635 Comments
Status Resolved Workarounds
Type Bug Repros 4
Opened 10/25/2011 10:09:47 AM
Access Restriction Public

Description

Prior to Windows Update installing the "Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2539636)" JDBC connections were working correctly. After the update, all connections hang and eventually throw a SQLException saying the connection has been reset.

I suspect this is due to changes in the "System.Net.Sockets" namespace code per this article: http://technet.microsoft.com/en-us/security/bulletin/ms11-069. Specifically, it states: "The security update addresses the vulnerability by correcting the manner in which the .NET Framework validates the trust level within the System.Net.Sockets namespace." I can't be sure that this is the case, but I ran the code in the morning successfully. After the update and the required restart, I have not been able to connect to the database. Upgrading SQL Server 2008R2 (developer edition) to SP1 did not resolve the issue.

Pausing the executing in debug mode reveals that the code is hung trying to read from the connection with the following stack trace:

Thread [main] (Suspended)	
	SocketInputStream.socketRead0(FileDescriptor, byte[], int, int, int) line: not available [native method]	
	SocketInputStream.read(byte[], int, int) line: not available	
	TDSChannel.read(byte[], int, int) line: 1647	
	TDSReader.readPacket() line: 3694	
	SQLServerConnection$LogonCommand(TDSCommand).startResponse(boolean) line: 5026	
	SQLServerConnection$LogonCommand(TDSCommand).startResponse() line: 4978	
	SQLServerConnection.sendLogon(SQLServerConnection$LogonCommand, AuthenticationJNI) line: 2528	
	SQLServerConnection.logon(SQLServerConnection$LogonCommand) line: 1905	
	SQLServerConnection.access$000(SQLServerConnection, SQLServerConnection$LogonCommand) line: 41	
	SQLServerConnection$LogonCommand.doExecute() line: 1893	
	SQLServerConnection$LogonCommand(TDSCommand).execute(TDSWriter, TDSReader) line: 4575	
	SQLServerConnection.executeCommand(TDSCommand) line: 1400	
	SQLServerConnection.connectHelper(ServerPortPlaceHolder, int, int) line: 1045	
	SQLServerConnection.login(String, String, int, String, FailoverInfo, int, long) line: 817	
	SQLServerConnection.connect(Properties, SQLServerPooledConnection) line: 700	
	SQLServerDriver.connect(String, Properties) line: 842	
	DriverManager.getConnection(String, Properties, ClassLoader) line: not available	
	DriverManager.getConnection(String) line: not available	
	... proprietary code ... (see sample code in "Steps to Reproduce")	
	NativeMethodAccessorImpl.invoke0(Method, Object, Object[]) line: not available [native method]	
	NativeMethodAccessorImpl.invoke(Object, Object[]) line: not available	
	DelegatingMethodAccessorImpl.invoke(Object, Object[]) line: not available	
	Method.invoke(Object, Object...) line: not available	
	FrameworkMethod$1.runReflectiveCall() line: 44	
	FrameworkMethod$1(ReflectiveCallable).run() line: 15	
	FrameworkMethod.invokeExplosively(Object, Object...) line: 41	
	InvokeMethod.evaluate() line: 20	
	BlockJUnit4ClassRunner.runNotIgnored(FrameworkMethod, EachTestNotifier) line: 79	
	BlockJUnit4ClassRunner.runChild(FrameworkMethod, RunNotifier) line: 71	
	BlockJUnit4ClassRunner.runChild(Object, RunNotifier) line: 49	
	ParentRunner$3.run() line: 193	
	ParentRunner$1.schedule(Runnable) line: 52	
	BlockJUnit4ClassRunner(ParentRunner<T>).runChildren(RunNotifier) line: 191	
	ParentRunner<T>.access$000(ParentRunner, RunNotifier) line: 42	
	ParentRunner$2.evaluate() line: 184	
	BlockJUnit4ClassRunner(ParentRunner<T>).run(RunNotifier) line: 236	
	JUnit4TestClassReference(JUnit4TestReference).run(TestExecution) line: 50	
	TestExecution.run(ITestReference[]) line: 38	
	RemoteTestRunner.runTests(String[], String, TestExecution) line: 467	
	RemoteTestRunner.runTests(TestExecution) line: 683	
	RemoteTestRunner.run() line: 390	
	RemoteTestRunner.main(String[]) line: 197
Sign in to post a comment.
Posted by Microsoft on 11/10/2015 at 2:27 PM
HI,

We will take a look into it and come back to this thread.

Thanks

Luiz Santos
Sotware Engineer
Posted by Microsoft on 1/18/2012 at 12:52 PM
Switching to Java 6 update 30 will reduce (but not eliminate) connection failures.

Microsoft will deliver an interoperability hotfix for this issue. The fix for SQL Server 2008 was released on January 17th. The fix for SQL Server 2008R2 is forthcoming. We will update this connect case once the 2008R2 fix is available.
Posted by Microsoft on 11/14/2011 at 9:43 AM
As moses70 suggested, this issue is due to an upgrade to Java 6.0 update 29. We are in touch with Oracle regarding the Java 6u29 issue and we are jointly looking at various options to address the connection issue. We will post an update on this connect case and our blog once we have completed the investigation.
http://blogs.msdn.com/b/jdbcteam/
Posted by moses70 on 10/29/2011 at 6:12 AM
Log output from jdbc driver:
(please note: the problem occurs the same without the JNI library and integrated security)


11:59:48.343 WARN de.m1b.conzept.creator.KundenReader - Status: Connecting BCM Database...
11:59:48.345 FINE ..er.jdbc.internals.SQLServerDriver - Property:serverName Value:sqlserver.contoso.com
11:59:48.345 FINE ..er.jdbc.internals.SQLServerDriver - Property:instanceName Value:EXPR2008_BCM
11:59:48.345 FINE ..er.jdbc.internals.SQLServerDriver - Property:databaseName Value:BCM2010
11:59:48.345 FINE ..er.jdbc.internals.SQLServerDriver - Property:integratedSecurity Value:true
11:59:48.354 FINE ..dbc.internals.SQLServerConnection - ConnectionID:1 created by (SQLServerDriver:1)
11:59:48.359 FINE ..dbc.internals.SQLServerConnection - ConnectionID:1 This attempt server name: sqlserver.contoso.com port: 5356 InstanceName: EXPR2008_BCM2010 useParallel: false
11:59:48.359 FINE ..dbc.internals.SQLServerConnection - ConnectionID:1 This attempt endtime: 1319882403355
11:59:48.359 FINE ..dbc.internals.SQLServerConnection - ConnectionID:1 This attempt No: 0
11:59:48.359 FINE ..dbc.internals.SQLServerConnection - ConnectionID:1 Connecting with server: sqlserver.contoso.com port: 5356 Timeout slice: 14996 Timeout Full: 15
11:59:48.374 FINE ..dbc.internals.SQLServerConnection - ConnectionID:1 ClientConnectionId: d6e5bd7c-78b1-4642-9694-84d88d19f112 Server returned major version:10
11:59:48.569 FINE ...jdbc.internals.AuthenticationJNI - Init pacakage is called
11:59:48.569 FINE ...jdbc.internals.AuthenticationJNI - szDllFileName: 'secur32.dll'
11:59:48.574 FINE ...jdbc.internals.AuthenticationJNI - SPNInit
11:59:48.574 FINE ...jdbc.internals.AuthenticationJNI - szDllFileName: 'ntdsapi.dll'
11:59:48.575 FINE ...jdbc.internals.AuthenticationJNI - SPNInit success
11:59:48.575 FINE ...jdbc.internals.AuthenticationJNI - SNISecInitPacakge successful
11:59:48.575 FINE ...jdbc.internals.AuthenticationJNI - sqlserver.contoso.com
11:59:48.575 FINE ...jdbc.internals.AuthenticationJNI - GetDnsName
11:59:48.587 FINE ...jdbc.internals.AuthenticationJNI - GetDnsName success
11:59:48.587 FINE ...jdbc.internals.AuthenticationJNI - AuthenticationJNI_SNISecGenClientContext called
11:59:48.587 FINE ...jdbc.internals.AuthenticationJNI - sqlserver.contoso.com
11:59:48.587 FINE ...jdbc.internals.AuthenticationJNI - MSSQLSvc/sqlserver.contoso.com:5356
11:59:48.587 FINE ...jdbc.internals.AuthenticationJNI - MSSQLSvc/sqlserver.contoso.com:5356
11:59:48.588 FINE ...jdbc.internals.AuthenticationJNI - Calling the SNISecGenClientContext
11:59:48.588 FINE ...jdbc.internals.AuthenticationJNI - SNISecGenClientContext called
11:59:48.588 FINE ...jdbc.internals.AuthenticationJNI - negotiate
11:59:48.588 FINE ...jdbc.internals.AuthenticationJNI - MSSQLSvc/sqlserver.contoso.com:5356
11:59:48.588 FINE ...jdbc.internals.AuthenticationJNI - SEC Init succeeded
11:59:48.594 FINE ...jdbc.internals.AuthenticationJNI - AuthenticationJNI_SNISecGenClientContext called
11:59:48.594 FINE ...jdbc.internals.AuthenticationJNI - sqlserver.contoso.com
11:59:48.594 FINE ...jdbc.internals.AuthenticationJNI - MSSQLSvc/sqlserver.contoso.com:5356
11:59:48.594 FINE ...jdbc.internals.AuthenticationJNI - MSSQLSvc/sqlserver.contoso.com:5356
11:59:48.595 FINE ...jdbc.internals.AuthenticationJNI - Calling the SNISecGenClientContext
11:59:48.595 FINE ...jdbc.internals.AuthenticationJNI - SNISecGenClientContext called
11:59:48.595 FINE ...jdbc.internals.AuthenticationJNI - negotiate
11:59:48.595 FINE ...jdbc.internals.AuthenticationJNI - MSSQLSvc/sqlserver.contoso.com:5356
11:59:48.595 FINE ...jdbc.internals.AuthenticationJNI - SEC Init succeeded

[Here is the deadlock]

Posted by moses70 on 10/29/2011 at 6:09 AM
For me, it seems related to Oracle Java Update JRE 6 Update 29.
The above behavior has been reproduced on many different configurations. It only fails with JRE6 Update 29 and Update 30-ea.

There is already a bug report in the java bug database:
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7105007

It's not quite clear what the exact cause is, more discussions here:
http://social.msdn.microsoft.com/Forums/en-AU/sqldataaccess/thread/d385a39c-f3f0-4583-ae9e-274c786b42ec?prof=required

It happens even with simplest test programs.
Posted by Microsoft on 10/25/2011 at 3:07 PM
asked customer support to review issue and follow up