Submit a ticketCall us

whitepaperYour VM Perplexities Called, and They Need You to Read This.

Virtualization can give you enormous flexibility with future workloads and can be a key enabler for other areas, like cloud computing and disaster recovery. So, how can you get a handle on the performance challenges in your virtual environment and manage deployments without erasing the potential upside? Learn the four key areas you need to be focusing on to help deliver a healthy and well-performing data center.

Get your free white paper.

Home > Success Center > Database Performance Analyzer (DPA) > DPA - Knowledgebase Articles > DPA registration with Network Service Account

DPA registration with Network Service Account

Updated January 31, 2019

Overview

DPA 10.1 added the functionality to register SQL Server database instances with a Network Service Account (NSA).

 

Important Note: This feature only works for monitored instance connections, not for the connection to the DPA repository server. 

 

Users should be able to modify the connection information of such instances using the "Update DB Instance Connection" wizard (repoint) using a Network Service Account.

Environment

DPA 10.1 and later

Steps

Enabling the functionality

This functionality is disabled by default. To enable it:

  1. Choose Options > Administration > Advanced Options. 
  2. Select Support Options.
  3. Locate the SQL_SERVER_COMP_ACC_AUTH_ENABLED parameter and set it to TRUE.

 

Configuration needed

  1. Add the following user/login to the SQL server: DOMAIN\<DPA_MACHINE_NAME>$
  2. Set up the DPA service (Ignite PI Server) to run under the Network Service account.
  3. Make sure that the Network Service account has read/write rights for the DPA installation directory and sub-directories. 
  4. Make sure that ntlmauth.dll is available in the jre/bin directory. It is distributed as a part of the embedded Java but would need to be added manually for custom jre installations.
    This DLL library allows JTDS driver to impersonate the user that was previously defined to run the DPA service.

Mass Registration

When Network Service Account authentication is enabled in advanced options and the user selects SQL Server as the database type, the Choose Authentication Type drop-down menu is displayed on the Mass Registration page. This menu includes the authentication type Computer Account

 

ssoAuth_SQLServer_massReg.png

 

Mass registering SQL Server instances using the Network Service Account requires less information than standard password authentication. DPA does not require a username and password. The only identifier is the domain name.

 

The required values are below. The mass registration string should look like this. The user must provide blank fields for the rest of the (optional) fields:

  • IP(hostname),port,domain,,,, 

 

Connection Info Update (Repoint)

When NSA authorization is enabled, the Authentication type radio button is shown on the Options > Update Connection Info page. The user can select which authentication type to be used.

Diagnostics

  • Most of the potential problems will be connected to the setting in the configuration section of this article.

  • Double check if the service runs using NSA user. This would be in services menu in Windows on the monitored server. The SQL server service for registration should be running under the account in use in.

  • When DPA is not correctly displaying options for Network Account AUTH_SCHEMA in the COND table, there should be PASSWORD for standard authentication and SSO for Network Account authentication.

  • There is a SQL script to help users mass update already registered instances to use NSA authentication instead of the standard authentication. 

    •  Connect to the repository database with a SQL tool, and execute the following command:
      UPDATE COND SET AUTH_SCHEMA='SSO', PASSWORD=NULL,USERNAME='<USERNAME>'WHERE DB_TYPE='SQL Server' AND ID IN (...)
      <USERNAME> must be in the following format: DOMAIN/ 

      In the parenthesis (...), insert IDs from the COND table that belong to the database instances you are changing. 
      The following SQL statement can help you choose the correct ID: 
      SELECT ID, NAME, USERNAME, CONN_HOST FROM COND WHERE DB_TYPE='SQL Server'

 

Last modified

Tags

Classifications

Public