How do you use cloud databases? Take the survey.
Options

Monitor Service Account issue when group added to local admin.

ReggieReggie Posts: 6 New member
in Redgate Monitor
I'm not sure if anyone else has come across this issue but when my service account was added to the monitored server's local admin account it was fine.  However, if the AD group with the service account as a member (only one) was added to the local admin account it could not connect to WMI.  The network team here just did that as a way to easily push it out to new servers via group policy.  Is this a bug or intentional?
Tagged:
· Share on Twitter

Answers

  • Options
    jrguayjrguay Posts: 11 Bronze 2
    I'm not sure as I have not seen this particular scenario personally, but have dealt with some WMI issues before. My guess is that the DC's are trying to connect to the monitored server with WMI and they can't. Maybe you can check whether the WMI ports are open and accepting traffic. You can find more information about that here: https://documentation.red-gate.com/sm9/configuring-sql-monitor/adding-servers-to-monitor/adding-servers-on-a-different-network-from-your-base-monitor

    · Share on Twitter
  • Options
    ReggieReggie Posts: 6 New member
    edited May 23, 2019 7:50PM
    There can't be an issue with WMI as it worked just fine when the account was added directly to the admin group.  It's only now that the account was added to a group and then in turn added to the admin group that things stopped working.

    EDIT: Also the monitor and monitored servers are all on the same network.
    · Share on Twitter
  • Options
    jrguayjrguay Posts: 11 Bronze 2
    Ok. I misunderstood then. So, if I remember correctly, Windows permissions are restrictive, meaning, if you have a group that has permissions, then add the account, the account will have the permissions. If the account is added to a group, and this group does not have permissions, even if the group is added to a group that does, the account will not have permissions, because the account belongs to a group that doesn't have them.
    I think you need to check permissions on both groups, and make sure both groups do have the permissions to access the server.
    · Share on Twitter
Sign In or Register to comment.