Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

IDERA strives to ensure our products provide quality solutions for your SQL Server needs. The following known IDERA SQL Compliance Manager issues are described in this section. If you need further assistance with any issue, please contact 

Newtablink
aliasSupport
urlhttps://www.idera.com/support/supportplans
.

Known issues in version 5.

...

8

General issues

  • Anchor
    SQLCM-61186259
    SQLCM-6118
    While limiting user access to specific databases or reports, selecting or deselecting checkboxes do not happen in a single click. Users must first select the database or report, and once highlighted click again to select or deselect the respective checkbox.
    6259
    For registered SQL Server 2019 instances, the General tab of the SQL Server Properties window displays the version as Unknown. This is a visual issue only and does not affect auditing or any other functionality.
  • Anchor
    SQLCM-6273
    SQLCM-6273
    The Installation wizard of the Agent service fails when running the audited SQL Server under Local System account. In order to grant all required permissions successfully, run the SQLcompliance-x64.exe  installer to perform a manual agent-only installation.
  • Anchor
    SQLCM-6230
    SQLCM-6230
    When performing a migration of the Collection Server, while installing the new Collection Server components, the installer raises an error message that prompts for the removal of the newly restored SQLcompliance and SQLcomplianceProcessing databases. The installer locates these databases which have been restored for the purpose of the migration, on the server instance which has been designated as the new repository database server during the installation process. Do not proceed with the removal of these databases, instead contact
    Newtablink
    aliasSupport
    urlhttps://www.idera.com/support/supportplans
     for further assistance with installation or look up the KB Article #00012649 for further instructions, in the Solutions section for the SQL Compliance Manager product in the 
    Newtablink
    aliasIDERA Customer Portal
    urlhttps://idera.secure.force.com/
    .

Sensitive Column issues

  • Anchor
    SQLCM-6277
    SQLCM-6277
    Events for Sensitive Column audit data are not captured when auditing via Extended Events. When the option to capture SELECT and DML activities is configured at the server-level to capture events via Extended Events auditing method, and the capture SELECT and DML option is not configured at database-level, but is configured to track SELECT and DML for Sensitive Column auditing. In order to capture and process Sensitive Column events correctly, change the collection method from Extended Events auditing to SQL Server Trace Files auditing.

Known issues in version 5.7.1

General issues

  • Anchor
    SQLCM-6219
    SQLCM-6219
    SQL Compliance Manager has presents a security issue where concern due to unnecessary permissions such as ALTER, EXECUTE, CONTROL, TAKE OWNERSHIP and VIEW DEFINITION, are granted to Public roles on the audit stored procedures sp_SQLcompliance_Audit and sp_SQLCompliance_StartUp .
  • Anchor
    SQLCM-6073
    SQLCM-6073
    When adding or editing users from the console, SQL Compliance Manager does not grant access to the Web Console Users and displays the error message "Failed to update Web Application access permission for user".
  • Anchor
    SQLCM-6134
    SQLCM-6134
    SQL Compliance Manager encounters an issue when adding new users to a Windows Domain group which were previously configured as Trusted Users on a particular database. As a result these changes are not reflected in the audit configuration stored in the .bin audit file nor on the sp_SQLcompliance_Audit stored procedure. Users have to manually update the audit settings in the console for the new users to display in the audit configuration.
  • Anchor
    SQLCM-6132
    SQLCM-6132
    An Event Filter configured to exclude all activities recorded on the tables of a database, will not exclude DML and SELECT activities happening on columns which are not configured for Sensitive Column auditing, but which are part of a table with columns configured for Sensitive Column auditing. Event Filters are expected to exclude all activities these are configured to exclude, except DML and SELECT activities happening on columns configured for Sensitive Column auditing. This is by design.

Known issues in version 5.7

...

  • Anchor
    SQLCM-5989
    SQLCM-5989
    (Fixed in version 5.7.1)  When users add a GMSA account as part of a group, SQL CM does not recognize it as a Trusted User. As a workaround, users need to specify the account and the group when configuring Trusted Users and update the audit settings each time a new GMSA account is added to the group.
  • Anchor
    Anchor
    SQLCM-6230SQLCM-6230
    When performing a migration of the Collection Server, while installing the new Collection Server components, the installer raises an error message that prompts for the removal of the newly restored SQLcompliance and SQLcomplianceProcessing databases. The installer locates these databases which have been restored for the purpose of the migration, on the server instance which has been designated as the new repository database server during the installation process. Do not proceed with the removal of these databases, instead contact
    Newtablink
    aliasSupport
    urlhttps://www.idera.com/support/supportplans
     for further assistance with installation or look up the KB Article #00012649 for further instructions, in the Solutions section for the SQL Compliance Manager product in the 
    Newtablink
    aliasIDERA Customer Portal
    urlhttps://idera.secure.force.com/
    .
    SQLCM-6058
    SQLCM-6058
    (Fixed in version 5.7.1)  When users run the SQLcomplianceClusterSetup.exe to upgrade agent service deployment to 5.6.1, the cluster setup installation does not prompt user to agree to upgrade and instead it performs a fresh installation.
  • Anchor
    SQLCM-6128
    SQLCM-6128
    (Fixed in version 5.7.1)  When registering databases to the Primary node of an audited Availability Group, SQL Compliance Manager is not able to establish a connection with the AG databases on the Secondary nodes. Therefore, these databases do not get automatically register on the Secondary nodes.

...

Known issues in version 5.6

General issues

  • Anchor
    SQLCM-5539
    SQLCM-5539
    (Fixed in version 5.6.1)  Import Database settings with DML/SELECT filters, flips import settings. When users import database audit settings and apply those settings to multiple databases, the imported settings apply only to some databases. If user imports and applies the audit settings to the same databases again, the configuration settings get flipped, applying the import settings to the databases it did not apply to before while deleting the settings from the ones it previously applied them to.
  • Anchor
    SQLCM-5514
    SQLCM-5514
    (Fixed in version 5.6.1)  Invalid stored procedures call to sp_SQLcompliance_AuditXE. A message about an invalid stored procedure appears in the SQL Server Logs; "Could not find stored procedure master.dbo.sp_SQLcompliance_AuditXE". The error message appears because no stored procedure with the name "master.dob.sp_SQLcompliance_AuditXE" exists. 
  • Anchor
    SQLCM-5505
    SQLCM-5505
    (Fixed in version 5.7) SQL Compliance Manager Object Activity Report renders all data on a single page. When the Object Activity Report is run, the report displays all the collected data in a single page. 
  • Anchor
    SQLCM-5846
    SQLCM-5846
    (Fixed in version 5.6.1) SQL Compliance Manager traces are getting collected on the Passive nodes of an Availability Group. When a primary node becomes a secondary node, the Stored Procedure does not get disabled for the secondary node and the trace files keep gathering. This causes an accumulation of trace files on the secondary node. 

...

  • Anchor
    SQLCM-5526
    SQLCM-5526
    (Fixed in version 5.6)  Installation or upgrade of SQL Server 2012 native client may cause the system to reboot. When installing or upgrading the version of the native client, once the process is complete, a system reboot occurs without previous warning. 
  • Anchor
    SQLCM-4831
    SQLCM-4831
    IDERA Dashboard 3.0.3 and later does not support SQL Server 2005 SP1. Users should not attempt to install SQL Compliance Manager with IDERA Dashboard 3.0.3 and later on a SQL Server 2005 SP1 as that version of SQL Server is not supported by IDERA  Dashboard.

General issues

  • Anchor
    SQLCM-2592
    SQLCM-2592
    Case-sensitivity required when specifying the Repository database name. When specifying the location and name of your Repository database, SQL Compliance Manager requires that you use proper capitalization.
  • Anchor
    SQLCM-5089
    SQLCM-5089
    IDERA SQL Compliance Manager does not capture Linked Server Trace Events for SQL Server 2005. Linked server events are not present in the trace files for SQL Server 2005, therefore linked server events are not captured in IDERA SQL Compliance Manager and no alerts will trigger. Microsoft has ended extended support for this version. 
  • Anchor
    SQLCM-3040
    SQLCM-3040
    (Fixed in version 5.6) Create/Drop index events recorded as “Alter User Table” event. SQL Compliance Manager records Create/Drop index events as “Alter User Table” events.
  • Anchor
    SQLCM-5421
    SQLCM-5421
    (Fixed in version 5.6) IDERA SQL Compliance Manager is not loading events accessed through a View. SQL Compliance Manager does not display Sensitive Column events when accessed from a view. To access the information using views gather and filter out all SELECT statements. Note that this action will cause extra collection.

...

Known issues in version 5.5

General issues

  • Anchor
    SQLCM-5334
    SQLCM-5334
    ( Fixed in version 5.5.1 ) When users try to upgrade from SQL Compliance Manager 4.5 to 5.5, trace files are not processed. If you currently work with SQL Compliance Manager 4.5, before upgrading stop the Collection Service, Agent Service, and disable auditing to stop trace file processing, then proceed to upgrade to SQL Compliance Manager 5.5, and configure and enable auditing. Upon upgrading to SQL Compliance 5.5, users must upgrade all agents to a 5.x version first. For more information, see Upgrade to this build

  • Anchor
    SQLCM-5339/5021/5243/5013/5340/5343
    SQLCM-5339/5021/5243/5013/5340/5343
    ( Fixed in version 5.5.1 ) The SQL Compliance Manager Collection Server is not processing trace files, or processing them slowly, causing backlog files to get accumulated in the Collection Trace Directory in large transactional databases.

    The workaround for this issue is to increase the tamper detection interval and the Collection interval.

  • Anchor
    SQLCM-5306
    SQLCM-5306
    ( Fixed in version 5.5.1 ) IDERA SQL Compliance Manager installation fails if TLS 1.0 is disabled and if SQL Server 2012 Native Client is not available. IDERA SQL Compliance Manager 5.5 installs SQL Server 2012 native client (version 11.0.2100.60) which does not support TLS 1.2 enabled as per Microsoft.

    https://support.microsoft.com/en-us/help/3135244/tls-1-2-support-for-microsoft-sql-server

    Users with SQL Server versions prior to SQL Server 2012 R2 SP3 need to enable TLS 1.0 or update the native client to the supported version (11.4.7001.0) following the link below:

    https://www.microsoft.com/en-us/download/details.aspx?id=50402

  • Anchor
    SQLCM-5218/5222/5328
    SQLCM-5218/5222/5328
    ( Fixed in version 5.5.1 ) SQL Compliance Manager does not process trace files generated by an older Agent after upgrading versions of the Collection Server and the Agent.

...

Known issues in version 5.4.x

General issues

  • Anchor
    SQLCM-4633
    SQLCM-4633
    ( Fixed in version 5.5.1 ) SQL Compliance Manager does not accept user names longer than 20 characters and does not support some special characters for the user password, such as £.
  • Anchor
    SQLCM-3773
    SQLCM-3773
    Removing databases using the Administration pane in the Management Console does not work. You can remove databases using the Explorer Activity panel.
  • Anchor
    SQLCM-4672
    SQLCM-4672
    ( Fixed in version 5.5 ) During an Agent-only installation, if you accept the default destination path for SQL Compliance Manager, and then select a different destination drive and use a sub-folder in the Agent Trace Directory dialog box, the installer does not create the Agent Trace Directory during installation. If this issue occurs, reinstall the Agent specifying a folder instead of a sub-folder as the destination path or use the default path specified in the installer.

...