IDERA strives to ensure our products provide quality solutions for your SQL Server needs. The following known IDERA SQL Compliance Manager issues are described in this section. If you need further assistance with any issue, please contact
| Newtablink |
|---|
| alias | Support |
|---|
| url | https://www.idera.com/support/supportplans |
|---|
|
.
Known issues in version 6.2
- "Agent Trace" files are not being compressed when selected in Agent properties.
- Audit reports page is not displaying the UI options on the SQL CM web console when using Safari browser.
- Before After Data (BAD) with a server-level privileged user with enabled capture SQL statements are not capturing SQL statements.
- DB-level privileged users do not capture DML events for sensitive columns when the same column is added under BAD.
Known issues in version 6.1
- When using "Extended Events" for collecting Audit data, a specific condition on database ID in certain event types causes queries executed under the context of different databases to not be collected, leading to missed audit data.
- All Application Filter names are listed on the Audit Events view in spite of the timeframe selected.
Known issues in version 6.0
- Switching from Extended Events or SQL Server Traces to SQL Server Audit Specification does not stop the pre-running audit sessions and audit files. After changing the selection to SQL Server Audit Specification, fresh audit data is collected through the Audit log files.
- SQL Compliance Manager sometimes displays an error message when the Agent service hits the trace start timeout while trying to cycle one of the audit traces it's running. As soon as the audit trace has been successfully restarted, auditing continues as expected, and the audit events captured in the trace will be processed into the audit trail in Compliance Manager without issues.
| Note |
|---|
|
This error does not affect auditing and can be safely ignored. |
For a particular Database configured to audit DML and SELECT activities via SQL Server Tracing, DML events when executed under a different Database context, produce T-SQL statements for the audited DML events showing variables over the actual values used in the transactions. DML events are captured as expected with actual parameters via SQL Server Tracing while using the same audited Database context.
- Entering passwords with special characters such as " / \ [ ] : ; | = , + * ? < > generates a failure with the installation, canceling and not completing the product installation.
Known issues in version 5.9
- During the registration of an AG Listener in the Cluster Configuration Console, when naming the SQL Server instance, the underscore "_" character is not supported. Because "_" isn't a supported character in FQDN names, the current behavior cannot be changed because it is an MS-documented limitation.
Known issues in version 5.8.1
General issues
- (Fixed in version 5.9) For registered SQL Server 2019 instances, the General tab of the SQL Server Properties window displays the version as Unknown. This is only a visual issue and does not affect auditing or any other functionality.
| Anchor |
|---|
SQLCM-6283 | SQLCM-6283 | During the registration of an AG Listener in the Cluster Configuration Console, when naming the SQL Server instance, the underscore "_" character is not supported. does not affect auditing or any other functionality. - (Fixed in version 5.9) The Audit settings Export Export feature does not export previously configured Server level Trusted Users. To complete the migration, add the Trusted Users manually at the Server Levelthe Trusted Users manually at the Server Level.
- (Fixed in version 5.9) When you configure Sensitive Column auditing without first selecting the DML or SELECT option on the Audited Activities tab, then the SQLcompliance Agent has problems creating the sp_SQLcompliance_AuditXE stored procedure, and auditing stops working.
Sensitive Column issues
- |(Fixed in version 5.9)Events for Sensitive Column audit data are not captured when auditing via Extended Events. When When the option to capture SELECT and DML activities is configured at the server-level to capture events via the Extended Events auditing method, and the capture SELECT and DML option is not configured at the database - level , but is configured to track SELECT and DML for Sensitive Column auditing. In order to capture and process Sensitive Column events correctly, change the collection method from Extended Events auditing to SQL Server Trace Files auditing.
| Anchor |
|---|
SQLCM-6407 | SQLCM-6407 | When you configure Sensitive Column auditing without first selecting the DML or SELECT option on the Audited Activities tab, then the SQLcompliance Agent has problems creating the sp_SQLcompliance_AuditXE stored procedure, and auditing stops working. process Sensitive Column events correctly, change the collection method from Extended Events auditing to SQL Server Trace Files auditing.
Known issues in version 5.8
...
- The installation wizard of the Agent service fails when running the audited SQL Server under the Local System account. In order to grant all required permissions successfully, run the SQLcompliance-x64.exe installer to perform a manual agent-only installation.
- (Fixed in version 5.8.1) When performing a migration of the Collection Server , while installing the new Collection Server components, the installer raises an error message that prompts for the removal of the newly restored SQLcompliance and SQLcomplianceProcessing databases. The installer locates these databases, which have been restored for the purpose of the migration, on the server instance, which has been designated as the new repository database server during the installation process. Do not proceed with the removal of these databases. Instead, instead, contact
| Newtablink |
|---|
| alias | Support |
|---|
| url | https://www.idera.com/support/supportplans |
|---|
|
for for further assistance with installation or look up the KB Article #00012649 for further instructions , in in the Solutions section for the SQL Compliance Manager product in the | Newtablink |
|---|
| alias | IDERA Customer Portal |
|---|
| url | https://idera.secure.force.com/ |
|---|
|
.
...
- (Fixed in version 5.8.1) SQL Compliance Manager presents a security concern due to unnecessary permissions such as ALTER, EXECUTE, CONTROL, TAKE OWNERSHIP, and VIEW DEFINITION, which are granted to Public roles on the audit stored procedures sp_SQLcompliance_Audit and sp_SQLCompliance_StartUp.
- When adding or editing users from the console, SQL Compliance Manager does not grant access to the Web Console Users and displays the error message "Failed to update Web Application access permission for user".
- (Fixed in version 5.8.1) SQL Compliance Manager encounters an issue when adding new users to a Windows Domain group that were previously configured as Trusted Users on a particular database. As a result, these changes are not reflected in the audit configuration stored in the .bin audit file nor on the sp_SQLcompliance_Audit stored procedure. Users have to manually update the audit settings in the console for the new users to display in the audit configuration.
- (Fixed in version 6.0)An Event Filter configured to exclude all activities recorded on the tables of a database , will not exclude DML and SELECT activities happening on columns that are not configured for Sensitive Column auditing , but which are part of a table with columns configured for Sensitive Column auditing. Event Filters are expected to exclude all activities these are configured to exclude, except DML and SELECT activities happening on columns configured for Sensitive Column auditing. This is by design.
Known issues in version 5.7
General Issues
- for Sensitive Column auditing. This is by design.
Known issues in version 5.7
General Issues
| Anchor |
|---|
SQLCM-6247/6223 | SQLCM-6247/6223 | (Fixed in version 5.8.1) When running the console reports and/or the newly SSRS deployed reports, the execution fails with the following syntax error: "Query execution failed for dataset 'ReportOutput'. (rsErrorExecutingCommand) Incorrect syntax near')'. (Fixed in version 5.7.1) When users add a GMSA account as part of a group, SQL CM does not recognize it as a Trusted User. As a workaround, users need to specify the account and the group when configuring Trusted Users and update the audit settings each time a new GMSA account is added to the group.- (Fixed in version 5.7.1) When users run the SQLcomplianceClusterSetup.exe to upgrade agent service deployment to 5.6.1, the cluster setup installation does not prompt users the user to agree to upgrade and instead, it performs a fresh installation.
- (Fixed in version 5.7.1) When registering databases to the Primary node of an audited Availability Group, SQL Compliance Manager is not able to establish a connection with the AG databases on the Secondary nodes. Therefore, these databases do not get automatically register registered on the Secondary nodes.
In order to register the databases on the Secondary nodes, users have to:
- Fail over the Availability Group onto the Secondary node , in order to get access to the list of databases.
- Register the databases on the Secondary node
- Fail over the AG back to the Primary node.
...
To download the Report Viewer 2010 controls program, follow the link below:
| Newtab2 |
|---|
| alias | Report Viewer 2010 Controls |
|---|
| url | https://www.microsoft.com/en-us/download/details.aspx?id=644227231 |
|---|
|
- In SQL Compliance Manager version 5.6.1, the Row count functionality may show as “Not Applicable”. The issue occurs when you execute a large query, and during execution, the start and the end of the SQL Statement get captured in different trace files. Since both events are located in different trace files, SQL CM is not able to map these events and therefore displays that the Row count is “Not Applicable”. Users can increase the time of collection (the default is set to 60 seconds) to capture the Row count correctly.
- (Fixed in version 6.0)SQL Compliance Manager is currently allowing users to select the Upgrade Agent option, even if the Agent is already in the latest version. Upon selection, SQL CM prompts you to upgrade the agent using the full setup program.
- (Fixed in version 5.7.1) When you configure Sensitive Column auditing without first selecting the DML or SELECT option on the Audited Activities tab, then the SQLcompliance Agent has problems creating the sp_SQLcompliance_Audit stored procedure, and auditing stops working.
...
- (Fixed in version 5.6.1) Import Database settings with DML/SELECT filters, flip flips import settings. When users import database audit settings and apply those settings to multiple databases, the imported settings apply settings apply only to some databases. If the user imports and applies the audit settings to the same databases again, the configuration settings get flipped, applying the import settings to the databases it did not apply to before while deleting the settings from the ones it previously applied them to.
- (Fixed in version 5.6.1) Invalid stored procedures call to sp_SQLcompliance_AuditXE. A message about an invalid stored procedure appears in the SQL Server Logs; "Could not find stored procedure master.dbo.sp_SQLcompliance_AuditXE". The error message appears because no stored procedure with the name "master.dob.sp_SQLcompliance_AuditXE" exists.
- (Fixed in version 5.7) SQL Compliance Manager Object Activity Report renders all data on a single page. When the Object Activity Report is run, the report displays all the collected data on a single page.
- (Fixed in version 5.6.1) SQL Compliance Manager traces are getting collected on the Passive nodes of an Availability Group. When a primary node becomes a secondary node, the Stored Procedure does not get disabled for the secondary node and the trace files keep gathering. This causes an accumulation of trace files on the secondary node.
...
- (Fixed in version 5.6) Installation or upgrade of SQL Server 2012 native client may cause the system to reboot. When installing or upgrading the version of the native client, once the process is complete, a system reboot occurs without a previous warning.
- IDERA Dashboard 3.0.3 and later does not support SQL Server 2005 SP1. Users should not attempt to install SQL Compliance Manager with IDERA Dashboard 3.0.3 and later on a SQL Server 2005 SP1 as that version of SQL Server is not supported by IDERA Dashboard.
...
- (Fixed in version 5.6) Issues loading BAD auditing information. IDERA SQL Compliance Manager is not able to capture BAD auditing information when two objects with the same name exist in the same schema.
- (Fixed in version 5.6) SQL Text is not captured for DDL Statements. When monitoring an instance for DDL event, SQL Compliance Manager is not able to capture SQL Statements for DDL activities unless a user is added to the Privileged User Group. Users can also capture SQL Text by selecting Capture SQL statements for DDL and Security changes at Database Level.
Known issues in version 5.5
...