Company Firewall
Updated
by
kevin cardoen
Troubleshooting corporate firewall / network restrictions
In some cases, strict network security in corporate environments might block access to Snowflake, the underlying technology that the SD Worx Insights Cloud is based on.
Solution
Please contact your network team and request to bypass the following list of endpoints in the network configuration:
Type | Host | Port |
SNOWFLAKE_DEPLOYMENT | kx42541.west-europe.azure.snowflakecomputing.com | 443 |
SNOWFLAKE_DEPLOYMENT_REGIONLESS | ofzhshi-kx42541.snowflakecomputing.com | 443 |
STAGE | mbxbxesfcb1stg.blob.core.windows.net | 443 |
SNOWSQL_REPO | sfc-repo.snowflakecomputing.com | 443 |
OUT_OF_BAND_TELEMETRY | client-telemetry.snowflakecomputing.com | 443 |
Detailed Description
1.1.1 Problem
- Power BI Desktop or Excel using an ODBC driver fails the SSL certificate problem:
- Error returned: 'OLE DB or ODBC error: [DataSource.Error] ERROR [HY000] [Snowflake][Snowflake] (25) Result download worker error: Worker error: [Snowflake][Snowflake] (4) REST request for URL <>.... : CURLerror (curl_easy_perform() failed) - code=60 msg='SSL peer certificate or SSH remote key was not OK' osCode=9 osMsg='Bad file descriptor'. . '.*
1.1.2 Cause
- When the result of a client's query is a smaller, the result comes directly from the Snowflake server. But when the result set is larger (e.g. over 1000 records), the data is pulled directly from the internal Snowflake cloud storage (Azure Blob). This error is seen in the latter cases.
- ODBC curl dump logs show an error that occurs after the server certificate was flown to the client .
1.1.3 Optional : Generate a curl dump log to verify the TLS communication for yourself :
- Open registry editor as administrator, and add a string value to the registry.
- for 64-bit driver
HKEY_LOCAL_MACHINE\SOFTWARE\Snowflake\Driver
- for 32 bit driver
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Snowflake\Driver
- LogLevel=6
- CurlVerboseMode=true
- LogPath=C:\your_path_to_log
- Collect the following log files:
- C:\your_path_to_log\Snowflake_odbc_curl.dump
- Open the file with notepad and search for :
- Connected to *******.blob.core.windows.net
You should see the following in the log file :
A faulty TLS communication :
Connected to *******.blob.core.windows.net (X0.X50.X6.X) port 443 (#0).
Info ALPN, offering http/1.1.
Info successfully set certificate verify locations:.
Info CAfile: C:\Program Files\Snowflake ODBC
Driver\etc\cacert.pem. CApath: none.
Info TLSv1.3 (OUT), TLS handshake, Client hello (1):.
Info TLSv1.3 (IN), TLS handshake, Server hello (2):.
Info TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):.
***Info TLSv1.3 (IN), TLS handshake, Certificate (11):.
Info TLSv1.3 (OUT), TLS alert, unknown CA (560):.
Info SSL certificate problem: self signed certificate in certificate chain.****
Info Closing connection 0.
VS
A good TLS communication Connected to *******.blob.core.windows.net (X0.X50.X6.X) port 443 (#0). Info successfully set certificate verify locations:. Info CAfile: C:\Program Files\Snowflake ODBC Driver\etc\cacert.pem. CApath: none. Info TLSv1.3 (OUT), TLS handshake, Client hello (1):. Info TLSv1.3 (IN), TLS handshake, Server hello (2):. Info TLSv1.2 (IN), TLS handshake, Certificate (11):. ***Info TLSv1.2 (IN), TLS handshake, Server key exchange (12):. Info TLSv1.2 (IN), TLS handshake, Server finished (14):. Info TLSv1.2 (OUT), TLS handshake, Client key exchange (16):. Info TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):. Info TLSv1.2 (OUT), TLS handshake, Finished (20):. Info TLSv1.2 (IN), TLS handshake, Finished (20):.*** Info SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
Snowflake version:
- Snowflake is a cloud service, so we are always on the currently released version for that cloud provider and region.
- We use Azure – West Europe region as underlying cloud provider, so we are currently on version 7.8.1 as can be found here: Release History - Azure - West Europe (Netherlands) (snowflake.com)
- But we get monthly updates so this changes quickly.
JDBC connector is more important.
- For the driver version, Cognos uses a JDBC connector,
- More information on general requirements: Downloading / Integrating the JDBC Driver | Snowflake Documentation
- Download the driver's latest version (currently 3.13.29): Central Repository: net/snowflake/snowflake-jdbc/3.13.29 (maven.org)
