Question on Monitoring Credentials

hbuckner

I am testing some Windows Server 2008 R2 boxes. I noticed that if I have the Monitoring Service Account in a AD group and then put that group in the local Administrators group the Monitoring fails to connect. If I place the Service Account straight in to the local Administrators group it works.

The service account is in the Root domin and my AD group is in the Child domain.

Any idea why this happens? I think it maybe related to Windows 2008 security model.

dlkj

Unfortunately we are at the mercy of Microsoft on this one. As we don't install a monitoring agent on the SQL Server we have to use the APIs that are available on Windows.

We've had quite a few reports that domain admins and groups don't seem to satisfy the access requirements for WMI and Remote Registry connections but we've not come up with a way of enabling this.

If anyone has any joy with this, please let us know.

hbuckner: what specific error were you seeing when using an AD Group?

--
Daniel

hbuckner

Hi Daniel

The server just showed the monitoring had stopped with Monitoring stopped (Incorrect credentials or insufficient permissions)

I viewed the log and it was showing the same information. I havd just removed the AD account from the local admin group because I know a AD group in the local administrators already had the account. But as soon as I removed it, the monotoring status stopped and I had to ad it back.

Thanks

dlkj wrote:

Unfortunately we are at the mercy of Microsoft on this one. As we don't install a monitoring agent on the SQL Server we have to use the APIs that are available on Windows.

We've had quite a few reports that domain admins and groups don't seem to satisfy the access requirements for WMI and Remote Registry connections but we've not come up with a way of enabling this.

If anyone has any joy with this, please let us know.

hbuckner: what specific error were you seeing when using an AD Group?

--
Daniel