Knowledge Article
Discovery: How to use Windows authentication for Microsoft SQL Server deep/extended discovery
The jtds driver has to be installed, and additional options must be added to the MS SQL Server credential used.
BMC Discovery
BMC Discovery
All versions of BMC Discovery, with different settings depending of the version.
How to use Windows authentication for Microsoft SQL Server deep/extended discovery? |
AFTER 12.0 INCLUDED: By default Discovery 12.0 and following comes with Microsoft SQL Server 8.2 JDBC jar files and doesn't include the required jtds driver for Windows Authentication to SQL Server anymore. Go to the bottom of this KA for the procedure for for version <= 11.3. To enable MS SQL Server database discovery through Windows authentication, please: 1- Remote in the outpost that is meant to discover these databases
2- Ensure that the 64-bits version of Oracle JDK/JRE or OpenJDK (version 8 or later) is installed on the Outpost server. This installation is required for JDBC discovery. To identify where and which version of java is available on the outpost, go to Control Panel > Java then click on the tab java then click on the button "View". e.g: C:\Program Files\Java\jre1.8.0_192\bin\javaw.exe It is also possible to run the following command line through the command prompt (cmd) on the outpost to confirm java is running the relevant 64-bit version: java -version
If java 64-bit is installed, the output should look like this:
Notes:
- This is the output if the official Oracle java 1.8+ is installed. Results may differ in case openjdk is installed instead. - OpenJDK 11.0.15 LTS can be downloaded from microsoft-jdk-11.0.15-windows-x64.zip or microsoft-jdk-11.0.15-windows-x64.msi 4- Make sure the user exists in Microsoft SQL Server, and that it has the proper permissions to read the databases, e.g (check with the DBA for more information): 5- Download the Microsoft SQL Server 8.2 driver from here - Select sqljdbc_8.2.2.0_enu.tar.gz, or click on this direct link. 6- In the downloaded zip archive, go to sqljdbc_8.2.2.0_enu.zip\sqljdbc_8.2\enu\auth\x64 and extract the file mssql-jdbc_auth-8.2.2.x64.dll file. Then copy the mssql-jdbc_auth-8.2.2.x64.dll to the java bin directory (refer to step 2) 7- Go to Manage > Credentials in the UI, then select the relevant Microsoft SQL Server database credential, then: - (1) set the user: do NOT add the domain there (nor the name of the device if a local account is set instead), only the username / and password
- (2) select the required Microsoft SQL Server driver (the default one should work, no need to create a custom MS SQL driver) - (3) add the following to the field "Additional Properties": domain=_DOMAIN_NAME_
useNTLMv2=true authenticationScheme=NTLM integratedSecurity=true Notes: - If no domain is used, do not add the line domain=_DOMAIN_NAME_ - If a domain has to be used, replace _DOMAIN_NAME_ first. 8- Test the credential again BEFORE 12.0 NOT INCLUDED: SCENARIO 1:
Discovery is on the same domain at the target server 1. Create a new MSSQL driver using the default mssql jar file. In the new driver, change the JDBC String Template to the following:
jdbc:sqlserver://;serverName={address};port={port};databaseName={name};authenticationScheme=NTLM;integratedSecurity=true
2. Create the MSSQL credential. The domain name will not be needed in the username. Be sure to select the new SQL driver that was created.
1 . In this case, use the following JDBC string template but set the <DOMAIN_NAME> value : jdbc:sqlserver://;serverName={address};port={port};databaseName={name};domain=<DOMAIN_NAME>;authenticationScheme=NTLM;integratedSecurity=true 2. Create the MSSQL credential. The domain name will not be needed in the username as it's set in the MSSQL driver . Be sure to select the new SQL driver that was created.
TROUBLESHOOTING: To resolve most frequent issues related to database discovery, refer to: Troubleshooting extended or database discovery failures |
Attachment(s):