How to upgrade JCS on Windows so that it can connect to an TLS enabled SQL Server SAM Endpoint.

Document ID : KB000009787
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

We have recently setup TLS on our Microsoft SQL Servers and disabled TLS 1.0 and 1.1. This can be found on Microsoft's TechNet TLS/SSL Settings article. Now when I try to create a MS SQL Server PUPM Endpoint in Enterprise Manager I get this error: 

Error

 

Background:

This is due to the version of JVM provided with the Java Connector Server component and the JDBC driver version supportability of TLS. These steps describe how to update both components on an Windows Enterprise Manager. If you have installed any Windows Distribution Servers or Windows Load Balancing Enterprise Manager those servers will also have to be upgraded. 

 

The JVM upgrade will use the existing JDK provided with the install of the Enterprise Manager Server. So our paths will be the default c:\ drive installs paths. You maybe using a custom path and upgrading Java on regular intervals to different paths. Please keep these steps in mind when you upgrade Java JDK on the system. 

 

The SQL JDBC upgrade will require you to download the latest from Microsoft

Environment:
Windows Enterprise Manager 12.9.x
Instructions:

Stop JCS  via Services MMC CA Privileged Identity Manager Connector Server (Java)

JVM upgrade steps:

  1. Set the following registry key value [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ComputerAssociates\Identity Manager\Procrun 2.0\im_jcs\Parameters\Java] "Jvm"="C:\\jdk1.8.0\\jre\\bin\\server\\jvm.dll"

  2. Set the following REG_MULTI_SZ key value [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ComputerAssociates\Identity Manager\Procrun 2.0\im_jcs\Parameters] "Environment"="PATH=%PATH%;C:\jdk1.8.0\jre\bin"

SQL JDBC Driver jar file upgrade steps: 

  1. Remove the exiting sqljdbc_2005__V1.2.jar driver from C:\Program Files\CA\AccessControlServer\Connector Server\extlib\

  2. Add the sqljdbc42.jar from the JDBC Driver zip to C:\Program Files\CA\AccessControlServer\Connector Server\extlib\

Start JCS via Services MMC CA Privileged Identity Manager Connector Server (Java)

Additional Information:

The Linux documentation steps can be found in KB TEC1285491.