IBM Support

IT42937: CTGGE0069 "THE CERTIFICATE CHAIN WAS ISSUED BY AN AUTHORITY THAT IS NOT TRUSTED" MESSAGE ON MICROSOFT SQL INVENTORY

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • The IBM Spectrum Plus Application server inventory for Microsoft
    SQL servers can stop with the following job log message :
    
    ERROR .. CTGGE0069 ,[<ServerAddress>] Failed to connect to the
                        SQL instance: error [ExecSQLStatement:
                        SQLDriverConnect to [<Server>\<Instance>]
                        failed
                        error[[Microsoft][ODBC Driver 18 for SQL
                        Server]SSL Provider: The certificate chain
                        was issued by an authority that is not
                        trusted.]
    
    That error occurs if all of the following conditions are true:
    - ODBC version 18 is used.
    - The ?Force encryption? setting for the SQL Server instance is
      set to No.
    - The client connection string does not explicitly specify a
      value for encryption property, or the Encryption option was
      not explicitly set or updated in the Data Source Name (DSN).
    The Microsoft Windows SQL server ODBC driver version 18 assumes
    data encryption to be ON by default.
    Because of that, the driver tries to validate the server's
    certificate and fails.
    
    IBM Spectrum Protect Plus Versions Affected:
    IBM Spectrum Protect Plus 10.1.x and later
    
    Additional Keywords: SPP, SPPLUS, TS011715141, MSSQL, SSL, ODBC
    

Local fix

  • Use ODBC driver version 17.
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    * IBM Spectrum Protect Plus level 10.1.x                       *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    * See ERROR DESCRIPTION                                        *
    ****************************************************************
    * RECOMMENDATION:                                              *
    * Apply fixing level when available. This problem is currently *
    * projected to be fixed in IBM Spectrum Protect Plus level     *
    * 10.1.13. Note that this is subject to change at the          *
    * discretion of IBM                                            *
    ****************************************************************
    

Problem conclusion

  • This problem has been fixed so that when SQL server has
    encryption turned on, and the server certificate is not
    configured, the SQL jobs can be completed.
    

Temporary fix

Comments

APAR Information

  • APAR number

    IT42937

  • Reported component name

    SP PLUS

  • Reported component ID

    5737SPLUS

  • Reported release

    A1A

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2023-01-23

  • Closed date

    2023-01-31

  • Last modified date

    2023-01-31

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Modules/Macros

  • SQL
    

Fix information

  • Fixed component name

    SP PLUS

  • Fixed component ID

    5737SPLUS

Applicable component levels

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSNQFQ","label":"IBM Spectrum Protect Plus"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"A1A","Line of Business":{"code":"LOB26","label":"Storage"}}]

Document Information

Modified date:
01 February 2024