Connecting ColdFusion 2021 to SQL Server using Windows AD account on CommandBox

I recently upgraded my local CommandBox development environment from ColdFusion 2018 to ColdFusion 2021. I have been using explicit SQL Server logins (username/password) for all of my data sources (I have about a dozen) in this environment. I wanted to be able to switch to having ColdFusion use the Windows AD account that CommandBox and my server are started in (my own account, in this case). So I removed the username and password from one of my data sources and saved it.

I then ran into two roadblocks. The first was a Kerberos-related error:

Connection verification failed for data source: [redacted]
java.sql.SQLException: [Macromedia][SQLServer JDBC Driver]Kerberos Authentication is not supported by this SQLServer. The driver attempted Kerberos authentication because the AuthenticationMethod connect option was "auto" and no username/password was specified.

I was able to fix this same error on my testing server (not a CommandBox based server, but a full ColdFusion installation on Windows) by setting the connection string of each data source to:

AuthenticationMethod=Type2

On my CommandBox server, setting this resulted in a new error:

Connection verification failed for data source: [redacted]
java.sql.SQLException: [Macromedia][SQLServer JDBC Driver]NTLM (type-2) Authentication was requested but the required DDJDBCx64Auth05.dll was not found on the path specified by the java.library.path system property.

With Brad’s help, I was able to determine that this DLL file did in fact exist and was in the absolute path that ColdFusion is using for java.library.path. He found this similar issue in Informatica, with a suggested solution to add the path to that DLL file into the connection string.

Since this is a CommandBox server, and my server.json is set so as to automatically upgrade to the latest update for ColdFusion 2021 when they become available, the path to the DLL is subject to change (each update is a complete, self-contained WAR installation with its own folder inside the CommandBox \CommandBox\server\servername\ folder). So I created a new permanent folder “\CommandBox\DataDirectDriver”, and copied the DDJDBCx64Auth05.dll file into it. Then I changed my connection string to:

AuthenticationMethod=Type2;LoadLibraryPath=C:\Apps\CommandBox\DataDirectDriver

Now my SQL Server data sources are working using my Windows AD account!

1 Like