• Forums
    • Public Forums
      • Community Connect
      • Dynatrace SaaS & Managed
        • Dynatrace SaaS & Managed Open Q&A
      • Application Monitoring & UEM
        • AppMon & UEM Free Trial
        • AppMon & UEM Open Q&A
        • AppMon & UEM Plugins
      • Data Center RUM
        • DC RUM Open Q&A
        • Enterprise Synthetic Monitoring
      • Dynatrace Synthetic Monitoring
        • Dynatrace Synthetic Open Q&A
        • Dynatrace Synthetic EAP Feedback
      • Keynote Synthetic Monitoring
        • Keynote Synthetic Open Q&A
        • Keynote Synthetic EAP Feedback
      • BSM Open Q&A
      • Server Monitoring Open Q&A
      • Dynatrace Open Q&A en Español
  • Home /
  • Public Forums /
  • Data Center RUM /
  • DC RUM Open Q&A /
avatar image
  • Home /
  • .. /
  • DC RUM Open Q&A /

Decoding MS SQL TDS over SSL

  • Export to PDF
Chuan W. created · Jul 22, 2016 at 03:09 AM
1

Hi Guys,

Any one have experience with decoding MS SQL over SSL successfully ?

I am over at customer site doing a PoC and Gigamon HB-1 was used to decrypting the SSL but I discover that it is not decrypting it. How I know it is not decrypting is that any non successfuly decrypt SSL will still be forward to AMD.

Hence, over at the AMD, doing a `show ssldecr servers`, i can see that the encrypted DB traffic is there. I did try to load the ssl key into AMD and it seem that it is not decrypting too.

Anyone have experience on this area ?

thub.nodes.view.add-new-comment
tds
Martin V.

People who like this

1 Show 4
10 |2000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image Erik S. · Jul 22, 2016 at 01:38 PM 1
Share

The normal TDS decode should work fine for both encrypted and non-encrypted MS SQL as long as the correct key is present. I've done this many times. When there are issues, I've usually found it is not the correct key for the certificate the SQL server is presenting.

-- Erik

avatar image Martin V. · Mar 09 at 06:51 PM 0
Share

Experiencing the same at our site. Would love to know how to address this as well.

avatar image Babar Q. Martin V. · Mar 10 at 07:17 AM 0
Share

Hello Martin,

Check the similar post, might be helpful in your case:

https://answers.dynatrace.com/questions/160903/how-to-decrypt-symmetric-sql-encrypted-traffic.html

Regards,

Babar

avatar image Erik S. · Mar 15 at 11:35 PM 0
Share

In working on this in the past, the default install of MS SQL will create a default SSL certificate that will be used should the server allow and client requests encryption or the server simply requires it. Microsoft provides no supported way to export the private key for this default certificate.

The only way forward I have found in this scenario is to get/create a certificate externally and import that certificate for the SQL server to use, also putting the private key for this certificate on the AMD. In my experience, as long as the SQL server uses a certificate the AMD has a matching private key for, the AMD can decrypt and analyze the SQL sessions without issue.

-- Erik

Welcome the
Dynatrace Community Forums

Check out the Forum User Guide and Forum Guidelines to learn how to get started.

Community Member of the Month
July 2017

Announcing Dynatrace's Community Member of the Month for July 2017, Wai C.! Click here to read more!

Article

Contributors

avatar image
Follow

Follow this article

15 People are following this .

avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image

Navigation

Decoding MS SQL TDS over SSL

Related Articles

  • Forums
  • Public Forums
    • Community Connect
    • Dynatrace SaaS & Managed
      • Dynatrace SaaS & Managed Open Q&A
    • Application Monitoring & UEM
      • AppMon & UEM Free Trial
      • AppMon & UEM Open Q&A
      • AppMon & UEM Plugins
    • Data Center RUM
      • DC RUM Open Q&A
      • Enterprise Synthetic Monitoring
    • Dynatrace Synthetic Monitoring
      • Dynatrace Synthetic Open Q&A
      • Dynatrace Synthetic EAP Feedback
    • Keynote Synthetic Monitoring
      • Keynote Synthetic Open Q&A
      • Keynote Synthetic EAP Feedback
    • BSM Open Q&A
    • Server Monitoring Open Q&A
    • Dynatrace Open Q&A en Español