TLDR: In DPA 2023.2.0.501, connections to instances using AAD accounts appear to no longer work. Change your connections to use local SQL Server accounts instead before you upgrade. Issue might have been introduced by the MS JDBC driver update to version 12.2, in version 2023.2.0.501.
Hi,
After upgrading to DPA 2023.2.0.501, a number of my Managed Instance connections stopped working (DPA was unable to establish a connect to them). When checking the DPA logs, I found this error.
Date: 5/3/23, 7:30:03 AM
DB: [Managed Instance Name]
com.microsoft.sqlserver.jdbc.SQLServerException: Failed to load MSAL4J Java library for performing ActiveDirectoryPassword authentication.
at com.microsoft.sqlserver.jdbc.SQLServerConnection.getFedAuthToken(SQLServerConnection.java:5642)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.onFedAuthInfo(SQLServerConnection.java:5618)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.processFedAuthInfo(SQLServerConnection.java:5463)
at com.microsoft.sqlserver.jdbc.TDSTokenHandler.onFedAuthInfo(tdsparser.java:311)
at com.microsoft.sqlserver.jdbc.TDSParser.parse(tdsparser.java:131)
at com.microsoft.sqlserver.jdbc.TDSParser.parse(tdsparser.java:42)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.sendLogon(SQLServerConnection.java:6490)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.logon(SQLServerConnection.java:5068)
at com.microsoft.sqlserver.jdbc.SQLServerConnection$LogonCommand.doExecute(SQLServerConnection.java:5002)
at com.microsoft.sqlserver.jdbc.TDSCommand.execute(IOBuffer.java:7685)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.executeCommand(SQLServerConnection.java:4048)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:3487)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:3077)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectInternal(SQLServerConnection.java:2919)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(SQLServerConnection.java:1787)
at com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(SQLServerDriver.java:1229)
at com.confio.ignite.common.security.ssl.driver.SslConnectionDriverImpl.lambda$connect$0(SourceFile:40)
at java.base/jdk.internal.reflect.Native
This issue was only effecting Managed Instances, where DPA was using an AAD account to connect. Local SQL Server accounts are working fine. To work around this problem without losing any historic data, you must do the following.
- Create a local SQL Server account for DPA
- In DPA, go to Options > Update Connections > Select the instance > Click Next
- Change the Monitoring User and Password to the local SQL Server account you created
- Set the JDBC URL Properties value to authentication=NotSpecified;encrypt=true;trustServerCertificate=true
- Click Next and complete the update
In the release notes for the 2023.2.0.501 release, I noticed this.
Microsoft JDBC driver version 12.2
DPA has upgraded its MS JDBC driver to version 12.2 to improve connections and access security to Microsoft SQL Server 2022 instances.
Could be a coincidence, but it seems like this change might have introduced the above problem.
Hopefully this post can help someone else who has encountered this problem.