Database connection failure due to SSL or TSL error

During an upgrade from Maximo® Manage 8.5.x to 8.6.x or later versions, with a Db2® database, the process stops at the activating workspace point. A Security Socket Layer (SSL) or Transport Layer Security (TSL) error is the cause and the solution is to specify the SSL version explicitly in the JDBC connection string.

Background

The error message from the server bundle pod might look like the following.
25 Apr 2023 04:24:59:367 [ERROR] [sql] BMXAA6421E - The system could not connect to the JDBC source: jdbc:db2://c-db2wh-1640014734526263-db2u-engn-svc.mas-cpd.svc:50001/BLUDB:sslConnection=true;Unsupported protocolSSL_TLSv2
25 Apr 2023 04:24:59:368 [ERROR] [maximo] BMXAA6538E - Failed to initialize MAXIMO business object services.
psdi.util.MXSystemException: access#DBConnectFail
Caused by: java.lang.IllegalArgumentException: Unsupported protocolSSL_TLSv2
          at sun.security.ssl.ProtocolVersion.namesOf(ProtocolVersion.java:292) ~[?:?]
          at sun.security.ssl.SSLSocketImpl.setEnabledProtocols(SSLSocketImpl.java:362) ~[?:?]
          at com.ibm.db2.jcc.t4.w.run(w.java:123) ~[db2jcc.jar:?]
          at java.security.AccessController.doPrivileged(AccessController.java:747) ~[?:?]
          at com.ibm.db2.jcc.t4.a0.a(a0.java:435) ~[db2jcc.jar:?]
          at com.ibm.db2.jcc.t4.a0.<init>(a0.java:97) ~[db2jcc.jar:?]
          at com.ibm.db2.jcc.t4.a.b(a.java:367) ~[db2jcc.jar:?]
The operator log would display a message to indicate the TLS error as shown in the following example.
[0;31mfatal: [localhost]: FAILED! => {"changed": true, "rc": 1, "return_code": 1, "stderr": "", "stderr_lines": [], "stdout": "Calling isValidDBConnection ...\nValidating DB connection from script /opt/IBM/SMP/maximo/is-updatedb-needed.sh using the querycount utility to check for the maxvars table.\nDB Connection return code = 255\nNote: A return code of 0 (table found) or 1 (table not found) indicates a successful query via a valid DB connection and that an exception has not occurred. Otherwise, there's a problem connecting to the database.\nisvalidconn.log\n==================\nDEBUG***:queryType=table\nException\njava.lang.IllegalArgumentException: Unsupported protocolSSL_TLSv2\n\tat java.base/sun.security.ssl.ProtocolVersion.namesOf(ProtocolVersion.java:292)\n\tat java.base/sun.security.ssl.SSLSocketImpl.setEnabledProtocols(SSLSocketImpl.java:362)\n\tat com.ibm.db2.jcc.t4.w.run(w.java:123)\n\tat java.base/java.security.AccessController.doPrivileged(AccessController)

Necessary information for IBM support

Collect MustGather data for Maximo Application Suite by using the MustGather tool. For more information, see Read First: Collect MustGather data for IBM® Maximo Application Suite using the MustGather tool.

Resolution

  1. In the Maximo Application Suite user interface, update the database URL in one of the following ways.
    • Go to Workspaces from the menu and select the Manage tile. Click Database connection in the Integration and dependencies section.
    • Alternatively, go to Configurations from the menu and click Database connection in theStorage section.
      Note: The change in database URL affects all applications in Maximo Application Suite, not just Maximo Manage.
  2. Click the Edit icon and ensure that the sslVersion=TLSv1.2 property is included in the database URL. The following URL is an example only.
    jdbc:db2://HOSTNAME:50001/BLUDB:sslConnection=true;sslVersion=TLSv1.2;
For more information, see Known Issues.