Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

error creating database object: error verifying connection: failed to send SQL Batch: write tcp wsasend: An existing connection was forcibly closed by the remote host. #5679

Closed
svisamsetty opened this issue Nov 4, 2018 · 6 comments
Closed

error creating database object: error verifying connection: failed to send SQL Batch: write tcp wsasend: An existing connection was forcibly closed by the remote host. #5679

svisamsetty opened this issue Nov 4, 2018 · 6 comments
Assignees
@heatherezell
Labels
bug Used to indicate a potential bug secret/database

Comments

@svisamsetty
Copy link

I am getting the following error when trying to write a configuration for a local MSSQL database.

error creating database object: error verifying connection: failed to send SQL Batch: write tcp 127.0.0.1:58416->127.0.0.1:1433: wsasend: An existing connection was forcibly closed by the remote host.

If I continuously try for about 50 times, the connection get written without an error randomly. 1 in about 50 times.

Steps to reproduce the behavior:

  1. Start the vault server.
  2. Enable the database secret engine from the vault ui.
  3. Run the command:
    vault write database/config/productdb plugin_name=mssql-database-plugin connection_url='sqlserver://{{username}}:{{password}}@127.0.0.1:1433' allowed_roles="processadmin" username="sa" password="admin@123"

Expected behavior
Write the database configuration without throwing the error

Environment:
Operating System: Windows 10 Professional
Vault version: 0.11.4
Microsoft SQL Server Express (64-bit) Version 12.0.2000.8

Vault server configuration file(s):

Using dev mode; vault server --dev

Additional context
Seems to happen when using Windows Binary.
@kasperbrandenburg
Copy link

I got this exact problem as well, Works sometimes, I do see that the Vault > MSSQL connection jumps between addresses, IPv4 <> IPv6, maybe this is related. Running Wireshark on the traffic, i'm also seeing some SSPI message[malformed packet] errors.

Environment:
Windows 10 (Version 1803, build; 17134.829)
Vault v1.1.3 ('9bc820f700f83a7c4bcab54c5323735a581b34eb')
Microsoft SQL Server 2019 (CTP2.4) - 15.0.1400.75 (X64)

C:\Users\kasper\Downloads\vault_1.1.3_windows_amd64>vault write database/config/my-mssql-database plugin_name=mssql-database-plugin connection_url='sqlserver://{{username}}:{{password}}@localhost:1433' allowed_roles="*" username="my_auth_creds" password="my_auth_creds!!"

C:\Users\kasper\Downloads\vault_1.1.3_windows_amd64>vault write database/config/my-mssql-database plugin_name=mssql-database-plugin connection_url='sqlserver://{{username}}:{{password}}@localhost:1433' allowed_roles="*" username="my_auth_creds" password="my_auth_creds!!"
Error writing data to database/config/my-mssql-database: Error making API request.

URL: PUT http://localhost:8200/v1/database/config/my-mssql-database
Code: 400. Errors:

* error creating database object: error verifying connection: read tcp [::1]:50625->[::1]:1433: wsarecv: An existing connection was forcibly closed by the remote host.

C:\Users\kasper\Downloads\vault_1.1.3_windows_amd64>vault write database/config/my-mssql-database plugin_name=mssql-database-plugin connection_url='sqlserver://{{username}}:{{password}}@localhost:1433' allowed_roles="*" username="my_auth_creds" password="my_auth_creds!!"

C:\Users\kasper\Downloads\vault_1.1.3_windows_amd64>

Server trace log;

2019-07-01T13:52:23.550+0200 [DEBUG] rollback: attempting rollback: path=cubbyhole/
2019-07-01T13:52:23.550+0200 [DEBUG] rollback: attempting rollback: path=sys/
2019-07-01T13:52:23.550+0200 [DEBUG] rollback: attempting rollback: path=identity/
2019-07-01T13:52:23.550+0200 [DEBUG] rollback: attempting rollback: path=database/
2019-07-01T13:52:23.550+0200 [DEBUG] rollback: attempting rollback: path=secret/
2019-07-01T13:53:04.315+0200 [TRACE] secrets.database.database_a1069c7d.mssql-database-plugin: initialize: transport=builtin status=started
2019-07-01T13:53:04.323+0200 [TRACE] secrets.database.database_a1069c7d.mssql-database-plugin: initialize: transport=builtin status=finished verify=true err="error verifying connection: read tcp [::1]:50625->[::1]:1433: wsarecv: An existing connection was forcibly closed by the remote host." took=8.1093ms
2019-07-01T13:53:04.323+0200 [TRACE] secrets.database.database_a1069c7d.mssql-database-plugin: close: transport=builtin status=started
2019-07-01T13:53:04.325+0200 [TRACE] secrets.database.database_a1069c7d.mssql-database-plugin: close: transport=builtin status=finished err=<nil> took=2.6453ms
2019-07-01T13:53:10.894+0200 [TRACE] secrets.database.database_a1069c7d.mssql-database-plugin: initialize: transport=builtin status=started
2019-07-01T13:53:10.901+0200 [TRACE] secrets.database.database_a1069c7d.mssql-database-plugin: initialize: transport=builtin status=finished verify=true err=<nil> took=7.0761ms
2019-07-01T13:53:10.901+0200 [TRACE] secrets.database.database_a1069c7d.mssql-database-plugin: close: transport=builtin status=started
2019-07-01T13:53:10.904+0200 [TRACE] secrets.database.database_a1069c7d.mssql-database-plugin: close: transport=builtin status=finished err=<nil> took=2.648ms
2019-07-01T13:53:23.516+0200 [DEBUG] rollback: attempting rollback: path=auth/token/
2019-07-01T13:53:23.516+0200 [DEBUG] rollback: attempting rollback: path=identity/
2019-07-01T13:53:23.516+0200 [DEBUG] rollback: attempting rollback: path=sys/
2019-07-01T13:53:23.516+0200 [DEBUG] rollback: attempting rollback: path=secret/
2019-07-01T13:53:23.516+0200 [DEBUG] rollback: attempting rollback: path=cubbyhole/
2019-07-01T13:53:23.517+0200 [DEBUG] rollback: attempting rollback: path=database/
2019-07-01T13:54:23.513+0200 [DEBUG] rollback: attempting rollback: path=auth/token/```

@michelvocks michelvocks added bug Used to indicate a potential bug secret/database labels Nov 12, 2019
@spangenberg
Copy link
Contributor

I just tested with Vault Version 1.3.2 on Windows 10 Home with SQLServer running on a different host with mcr.microsoft.com/mssql/server:2017-CU17-ubuntu container.
I got no connection problems at all.

Closing this issue, feel free to comment if the problem persists.

@spangenberg spangenberg self-assigned this Feb 12, 2020
@lkasiuipath
Copy link

I am seeing this error repeatedly with no intermittent success

  1. Vault dev server installed (version v1.3.2)
  2. SQLExpress local instance running, TCP enabled, IPAll set for 1433 port, can connect with no issues via SSMS (windows auth and sql auth)
  3. Firewall rules added InBound rules for 1433 and 8200 ports

vault write database/config/my-mssql-database plugin_name=mssql-database-plugin connection_url='sqlserver://{{username}}:{{password}}@localhost\SQLEXPRESS:1433' allowed_roles="*" username="..." password="..."

vault write database/config/my-mssql-database plugin_name=mssql-database-plugin connection_url='sqlserver://{{username}}:{{password}}@Local\SQLEXPRESS:1433' allowed_roles="*" username="..." password="..."

vault write database/config/my-mssql-database plugin_name=mssql-database-plugin connection_url='sqlserver://{{username}}:{{password}}@127.0.0.1\SQLEXPRESS:1433' allowed_roles="*" username="..." password="..."

Any idea on what am I doing wrong ?

@spangenberg spangenberg removed their assignment Apr 9, 2020
@spangenberg spangenberg reopened this Apr 9, 2020
@aphorise
Copy link
Contributor

aphorise commented Sep 2, 2022
edited
Loading

I suspect this issue is no longer relevant in the most recent versions (1.11.3).

Hey @svisamsetty @ikatson @kasperbrandenburg - is this issue still applicable for you folks or have you retested since?

@aphorise
Copy link
Contributor

I believe this issue is no longer relevant and may be closed.

@heatherezell
Copy link
Contributor

I'm going to go ahead and close this issue now. Please feel free to open a new one if needed - note, we accept bug reports and enhancement requests for "n-2" versions of Vault, which as of this writing would be 1.10+. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@heatherezell heatherezell

Labels
bug Used to indicate a potential bug secret/database
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@catsby @spangenberg @aphorise @michelvocks @svisamsetty @kasperbrandenburg @lkasiuipath @heatherezell