Credential Management Event alarms fire hourly from SQL Server database agents.
Service account locked out by Foglight even if password is updated
com.quest.glue.api.services.CredentialRejectedException: AccessIsDenied (0x5) while connecting as DOMAIN/USER to HOST.DOMAIN.COM. . Please ensure that the Remote Registry and Server services are running and the connecting user has permission to modify these registry keys: {72C24DD5-D70A-438B-8A42-98424B88AFB8}, {0D43FE01-F093-11CF-8940-00A0C9054228}. There may be multiple instances of each key, especially for 64-bit versions of Windows Server 2008 R2 and Windows 7. Each instance will need to be updated.
Service account locked out for Foglight very frequently. No credential has been found with an incorrect password.
SQL Server agents are configured to use Error list collection query method: FALLBACK.
The SQL Server agent, from version 5.7.5.1 onwards, is now using Windows Remote Shell command to get the DBSS_Error_Log_List, DBSS_SQL_Server_Error_Log, and DBSS_SQL_Agent_Error_Log collections. Windows Remote Shell Command DCOM connection is a different type of connection that also uses DCOM (WMI)/WinRM apart from the usual WindowsInfoConnection that a DBSS agent makes to get the OS Collections.
The failed Credential Alarms occur when the DBSS agent cannot make the Remote Shell command and this is a valid alarm (when the 4 WinRM + 1 DCOM(WMI) connection attempts fail). WindowsInfoConnection may very well work but the Remote Shell command may fail, triggering the failed credential alarms.
SQL Server agents may be configured to use FALLBACK Error list collection query method, this attempts to make an OS connection using DCOM (WMI) to collect Error Log data, and then follows with a JDBC connection.
When the sufficient permissions have not been applied, credential alarms from each SQL Server agents may fire hourly.
Run the following groovy script to change the Error Log collection for all SQL Server agents from FALLBACK to JDBC. Knowledgebase article 4309796 details how to run a groovy script in the Script Console.
srvConfig = server["ConfigService"];
srvAgent = server["AgentService"];
namespace = "DB_SQL_Server"
agentType = "DB_SQL_Server"
def updateASP(primaryASP) {
primaryASP.setValueByString("ErrorLogListQueryMode" , "JDBC");
srvConfig.saveConfig(primaryASP);
}
primaryASP = srvConfig.getAgentTypePrimaryAsp(namespace, agentType);
updateASP(primaryASP);
def allAgents = srvAgent.findByAdapterAndType("FglAM", "DB_SQL_Server");
allAgents.each {agent ->
primaryASP = srvConfig.getAgentInstancePrimaryAsp(namespace, agentType, agent.getId());
updateASP(primaryASP);
}
return true;
def out = new StringBuilder();
def agentService = server.get("AgentService"); def configService = server.get("ConfigService"); def agents = agentService.findByAdapterAndType("FglAM", "DB_SQL_Server"); for (agent in agents) {
def primaryASP = configService.getAgentInstancePrimaryAsp(agent.getAgentNamespace(), agent.getTypeId(), agent.getId());
if (primaryASP) {
out.append(String.format("%s, %s: ErrorLogListQueryMode=%s\n", agent.getRemoteClientId(), agent.getName(), primaryASP.getString("ErrorLogListQueryMode")));
}
}
return out.toString();
STATUS
This issue has been logged as FOG-5937 and will be reviewed by Product Management for an enhancement in a future release of the SQL Server cartridge.
Additional CRs: FGL-19666, SSDB-14323, SSDB-14324, SSDB-14325
Idea/Enhancement FGSS-I-32 was logged to ask that the "Error list collection Query Method" property value be set to JDBC by default.
© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center