a video guide would be excellent :)
I've managed to get the whole thing set up including report server but my policies are failing with the following message - any ideas?
My environment:
1 windows 7 64bit machine hosting 2 VMs (windows server 2008 r2 enterprise with sql 2008 r2 enterprise). This is a play machine.
|
| ||||||||
| |||||||||
Chris,
Your error appears to be related to the PowerShell codes inability to connect to one of the servers registered in the CMS folder you are evaluating. From the error message it appears you are trying to connect with NT AUTHORITY\ANONYMOUS LOGON. This could be a result of the service account running the SQL Server Agent running under this account or you might be using a Proxy with this account. It is important to remember that the PowerShell evaluation will run under the context of the SQL Server Agent even if you are manually running the job in Management Studio. You can either change the SQL Agent Service account or assign a Proxy for PowerShell.
The best method to troubleshoot the login failed issue is to ensure the SQL Server Agent service account has rights to all the servers in the folder you are evaluating. To verify all permissions are granted you can run the Management Studio under the context of the service account by holding Shift+Right click on SQL Server Management Studio and select "Run as different user". Provide the credentials for the SQL Agent service account and verify connection by navigating to your Registered Servers -> Central Management Servers and attempting a multi-server query connecting to all the servers. If you are able to connect to all servers in the list then the PowerShell code should not run into any further errors connecting. If the multi-server query is still showing errors then run a simple query and the Messages tab will tell you which server connections are failing.
Hello,
I'm trying to connect to the SQL Server which is in a different domain. The only way I can connect is to use SQL Authentication. How do I force Invoke-PolicyEvaluation to use SQL Authentication please? It seems that -TargetServerName can only work using Windows Authentication. I tried to pass connection string like "Server="+ $ServerName + ";UserID=user;Password=pwd", but got error:
<DMF:Exception type="string">Microsoft.SqlServer.Management.Dmf.PolicyEvaluationException: Exception encountered while executing policy 'Guest Permissions'. ---> Microsoft.SqlServer.Management.Common.ConnectionFailureException: Failed to connect to server . ---> System.Data.SqlClient.SqlException: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: SQL Network Interfaces, error: 26 - Error Locating Server/Instance Specified)
This info http://msdn.microsoft.com/en-us/library/cc645987.aspx doesn't help much :(
Any ideas?
Thanks
Hello,
The limitation on your issue is not in the EPM framework but with the SQL Central Management Server (CMS). It is documented that the CMS only supports Windows authentication: (http://msdn.microsoft.com/en-us/library/bb964743.aspx)
Central Management Servers and subordinate servers can be registered by using only Windows Authentication. Servers in local server groups can be registered by using Windows Authentication or SQL Server Authentication.
You could try setting up domain trusts to permit cross domain Windows authentication or possibly configure a VLAN to allow for the authentication to the DMZ. (http://technet.microsoft.com/en-us/library/cc773178(v=WS.10).aspx)
Hope this helps and good luck
Wanted to check to see if anyone was using EPM on DB servers that are in different time Zones. The issue that i am running into is with @lastlogBackupdate and @lastbackupdate.
My EPM server is in EST but i have several servers in CST ,MST and GMT. It appears that is using the current datetime in the EPM and compares that to the values returnend from the policy results. i was going to convert everything to UTC however it look like datediff is not included in the policy expressions. So before i reinvent the wheel wanted to check to see if anyone has run into this
Thanks
Good Afternoon Everyone!
Has anyone come across executing the PS script and when viewing results from the SQL Server table, there are results from a server that's not in the Central Management Group you've specified?
Well I'm having that problem. I registered a Group named 'DEVELOPMENT' on my CMS. This group only has one of my development instances in it- lets call the instance Test2008R2. *HOWEVER* I have another CMS group called 'DEVELOPMENT-2008' which contains another instance called Dev2008R2' (just keep that in mind for now). Well, I am running the PS script against the 'DEVELOPMENT' CMS group. I am querying results from thepolicy.v_PolicyHistory table and I'm returning results from my Test2008R2 instance AS WELL AS Dev2008R2. This shouldn't be happening. I should only see results from my Test2008R2 since thats the only instance in the 'DEVELOPMENT' CMS group.
Anyone else having this same issue? Or does anyone know a work-around?
Good Afternoon Everyone.
I evaluted the 'Check for Simple Recovery' policy using the PS script. This policy checks if my database's recovery model != SIMPLE. Well the results return 'FAIL' when it should return 'PASS'. I checked my database's properties again and again, and my databases are in Simple recovery.
Anyone else having this issue?
removed
I ran into the same problem. I need to get the servername and you can't use @@servername so I'm trying it with sysservers but I can't because of the NVARCHAR(MAX) SQL 2000 limitation. Is anyone aware of a way to get the servername without using the ExecuteSQL() function?
Trace below...
DECLARE @@UserScript nvarchar(max); SET @@UserScript = N'IF (CONVERT(INT,''8'') > CONVERT(INT,''8''))
BEGIN
IF EXISTS (SELECT name FROM sys.servers WHERE name in (''ServerNameHere''))
BEGIN
SELECT 0
END
ELSE
BEGIN
SELECT 1
END
END
ELSE
BEGIN
IF EXISTS (SELECT srvname FROM sysservers WHERE srvname in (''ServerNameHere''))
BEGIN
SELECT 0
END
ELSE
BEGIN
SELECT 1
END
END'; EXEC sp_executesql @@UserScript; Whereas I can't speak to the executesql issue there is a way to get server name through either the Server facet or the Server Information facet. I would recommend using the Server Information facet -> NetName or the Server -> ComputerNamePhysicalNetBIOS or Server -> NetName. One or both of these facets should be able to evaluate against a SQL 2000 instance.
In response,
It sounds as if you want to verify that your databases are set to 'Simple' mode and to do this you would need to set your condition to:
@RecoveryModel = Simple
by setting your Condition to how you are describing you will pass only when the database is set to 'Full' or 'BulkLogged'
@RecoveryModel != Simple
Hope this clarifies your question,
Cory
I'm getting a failure coming through when the date is actually correct. This is due to the dmy being wrong I assume. Is there a way to toggle this in the Framework?
All help appreciated.
All apologies this looks to be a scheduling issue.
I just added a new server to my existing EPM system. EPM is reporting that it found several problems in the Windows log. For example:
> Category - MS BP: Win Log
> Policy Name - Windows Event Log System Failure Error
> Policy Status - ERROR
> Policy Target - DEFAULT
> Date Created Created By Date Modified Modified By
> 12/8/2011 2:27:33 PM khemmerling 12/22/2011 10:21:26 AM svcsql_2008EPM
>
> Detects Error Event ID 6008 in the System Log.
This error goes back over a year (12/8/2011) as today is 1/3/2013. When I check the System Log on the server, I don't see any entries going back that far. How do I clean this up to stop what appears to be a meaningless error?
Any help would be greatly appreciated.
Ken
The error was misleading. When I checked the powershell results directory ("D:\MSSQL10.CMS\EPM\Results" on my installation), I found the XML files for each of the policies and buried within those I found the following:
<DMF:Exception type="string"> Microsoft.SqlServer.Management.Dmf.PolicyEvaluationException: Exception encountered while executing policy 'Windows Event Log System Failure Error'. ... ---> System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
So my problem is with security permissions. Here's what I did to fix it:
In order to monitor Windows log files on remote server we need to make the following security changes. Connect to the remote server, and perform the following steps to grant access to the WMI:
Start > Run > wmimgmt.msc
In the tree view on the left, right-click on WMI Control (Local) and select Properties.
Click on the Security tab, expand the tree and click on CIMV2 to highlight it.
Click on the Security button.
Click Add, type in <monitoring_account> and click on Check.Names.
Click OK. Now grant <monitoring_account> additional access by putting a checkmark in “Execute Methods”, “Full Write”, “Partial Write”, “Provider Write”, “Remote Enable” and “Read Security”. Make sure that “Edit Security” remains unchecked. Click Apply and OK.
Repeat the same steps for the “ms_409” branch directly under CIMV2.
Click on ms_409 > Security > Add > <monitoring_account> > Check Names > OK > Checkmarks on Execute Methods, Full Write, Partial Write, Provider Write, Enable Account (checked by default), Remote Enable and Read Security. Make sure Edit Security is not checked. Click Apply > OK > OK.
The grants to the WMI is now complete, close the WMI management console.
The next step is to grant access to DCOM.
1.Click Start > Run > DCOMCNFG > OK.
2.In the treeview on the left, expand Component Services, expand Computers, and then right-click My Computer and click Properties.
3.In the My Computer Properties dialog box, click the COM Security tab.
4.Under Launch and Activation Permissions, click Edit Limits to open the “Launch and Activation Permissions” dialog box.
Click Add and enter <monitoring_account> and click Check Names then click OK
Leave the Allow check on “Local Launch” and place checks on “Remote Launch” and “Remote Activation” as well. Click OK when done.
Click Apply and OK. Close the component service application as DCOM security changes are now complete.
hi,
Does EPM works on SQL 2012 and for SQL 2012 Servers?
Does someone have experience with that kind of configuration?
Thanks,
Regards,
Y
Awesome! Thanks Jorge!
From: sqlchicken [email removed]
Sent: Wednesday, February 13, 2013 7:47 AM
To: Lara Rubbelke
Subject: Re: EPM Framework and SQL 2012 [EPMFramework:429875]
From: sqlchicken
I'll test locally and get back to you.
