Versions Compared

Old Version 9

changes.mady.by.user Nadja Pollard

Saved on

compared with

New Version 10

changes.mady.by.user Nadja Pollard

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Warning

The SQL Compliance Manager 5.0 installation kit default extraction path is the same as previous versions and may cause issues if the previous files still reside at that location. Before launching the SQL Compliance Manager 5.0 upgrade, either select a different installation location or delete the files from the following location:

c:\Program Files\Idera\SQLcompliance x64 Installation Kit or c:\Program Files (x86)\Idera\SQLcompliance x86 Installation Kit

IDERA Dashboard 3.0.3 does not support SQL Server 2005 SP1

Users should not attempt to install SQL Compliance Manager with IDERA Dashboard 3.0.3 on a SQL Server 2005 SP1 as that version of SQL Server is not supported by IDERA  Dashboard.

SQL Compliance Manager 5.3 remote Agent cannot be upgraded using the Management Console or Web Console

An issue in SQL Compliance Manager 5.3 prevents users from upgrading a remote Agent using the SQL Compliance Manager Management Console or the Web Console. For more information about upgrading to this release, see Upgrade from SQL Compliance Manager 4.5 to version 5.3.x.

SQL Compliance Manager 5.0 and later do not support Microsoft Windows Server 2000 or the .NET 2.0 framework

Beginning with version 5.0, SQL Compliance Manager does not support Windows Server 2000 or the .NET 2.0 framework. While SQL Compliance Manager 4.5 and prior versions continue to operate with Windows Server 2000, SQL Compliance Manager 5.0 and later require the .NET 4.0 Full framework to take advantage of the additional features. For additional information about supported versions, see the SQL Compliance Manager Software requirements.

Verify SQL Compliance Manager repository database size before upgrading

...

When specifying the location and name of your Repository database, SQL Compliance Manager requires that you use proper capitalization.

Upgrading from 2.1 to 3.3 or later results in SQL Server trace error

When you upgrade from SQL Compliance Manager version 2.1 to version 3.3 or later, you may receive warnings indicating that the trace is altered unexpectedly. This issue is most likely to happen when:

  • Collection Server resides on a SQL Server 2005 instance
  • SQL Compliance Manager is configured for self-monitoring

These warnings are incorrect and do not indicate a problem with your upgrade.

Agent-Only installation does not create a trace directory when you use a different destination folder

During an Agent-only installation, if you accept the default destination path for SQL Compliance Manager, and then select a different destination drive and use a sub-folder in the Agent Trace Directory dialog box, the installer does not create the Agent Trace Directory during installation. If this issue occurs, reinstall the Agent specifying a folder instead of a sub-folder as the destination path or use the default path specified in the installer.

Known issues in version 5.

...

4

...

General issues

  • Anchor
    SQLCM-22264633
    SQLCM-2226
    If you change the Display Name of IDERA SQL Compliance Manager during an upgrade, the installer perceives that you want an ADDITIONAL installation of SQL Compliance Manager rather than an upgrade of the previous version. This action results in TWO SQL CM TABS and does not upgrade the product in your environment. To upgrade SQL Compliance Manager, type the name displayed on the Web Console tab for your current installation. AnchorSQLCM-3211SQLCM-3211IDERA SQL Compliance Manager 5.3 does not support SQLcomplianceAgent silent installation. AnchorSQLCM-2351SQLCM-2351The Collection Trace directory is not created when choosing a non-default path during installation. Use the default installation path to avoid this issue.

...

  • 4633
    SQL Compliance Manager does not accept user names longer than 20 characters and does not support some special characters for the user password, such as £.

Auditing issues

  • Anchor
    SQLCM-36763642
    SQLCM-3676
    Users who upgrade from a previous version of IDERA SQL Compliance Manager that supports the IDERA Dashboard may notice two issues with the widgets on the Dashboard Overview. First, duplicate SQLCM Environment Alerts widgets appear. Second, the Audited Instances widget may not display any data.

Enterprise Activity Report Card issues

...

  • 3642
    Cannot insert duplicate key row in object 'dbo.Events' with unique index 'IX_Events_eventId'.
  • Anchor
    SQLCM-3789
    SQLCM-3789
    DatabaseName appears as empty for Login Events. SQL Compliance Manager 5.4 traces do capture the DatabaseID, but do not include the database name

Instance issues

  • AnchorSQLCM-3617SQLCM-3617 If you use the IDERA SQL Compliance Manager Web Console to edit existing Threshold Notifications , you may notice that the current settings are not properly displayed. They are correctly saved in the database and are simply not properly displayed in the Web Console.
  • Anchor
    SQLCM-36914211
    SQLCM-36914211
    Users cannot register a new instance using the IDERA SQL Compliance Manager Web Console. This feature does work properly in the IDERA SQL Compliance Manager Windows ConsoleApplying a regulation guideline does not work when there is a Privileged User defined.
  • Anchor
    SQLCM-3647
    3798, SQLCM-33323647SQLCM-3798, SQLCM-3332
    After you use the IDERA SQL Compliance Manager Windows Console to delete a SQL Server instance that includes Archived events:
    • an error occurs when you attempt to view your registered instances in the Web Console.
    • an "Agent heartbeat was not received" event occurs on every heartbeat check.

...

  • Case-sensitive collation may prevent some trusted and privileged users from being captured.
  • Anchor
    SQLCM-4896
    3827, SQLCM-38284896SQLCM-3827, SQLCM-3828
    Security changes and DDL events are not captured when Capture SQL Statements for DDL is Before-After data does not appear for Binary Collation SQL Server instances when extended events are enabled.
  • Anchor
    SQLCM-37394195
    SQLCM-3739
    While the IDERA SQL Compliance Manager Web Console Audit Event Filters view displays Enable or Disable in the Status column, the exported file displays only a 1 in that same column and for both statuses
    4195
    Auditing an AlwaysOn database using the Node method causes the Registered SQL Servers list to display both nodes as Secondary.
  • Anchor
    SQLCM-3640, SQLCM-36394205
    SQLCM-3640, SQLCM-3639
    After registering an AlwaysOn Availability Group server for auditing using the Listener method, IDERA Compliance Manager:
  • allows auditing of all databases for the Primary node, including those that are not part of the AG. Note that if the primary node changes, the non-AG databases will not be available.
    • (Cluster Agent configured on nodes) returns an error after running the update query with one column of a table selected for Before and After auditing OR when you select Audit Selected Columns with all columns selected instead of checking Audit All Columns. While the data is updated in the table, no Before and After data is collected.
    4205
    Audit Snapshot does not include setting to capture DDL SQL statements.
  • Anchor
    SQLCM-36374297
    SQLCM-3637
    If you select Custom for the Audit Collection Level and attempt to add privileged users when adding a new database for auditing, an error occurs when you click Add. To avoid this issue, add the new database without selecting any privileged users, and then go back and edit the properties for the audited database and add a privileged user
    4297
    Audit settings at an instance level take precedence over database-level settings for a Privileged User.
  • Anchor
    SQLCM-22294674
    SQLCM-2229
    When adding or removing a database role for a user on SQL Server 2008 R2, the audited event does not capture the SQL statement
    4674
    Agent trace folder permissions are overwritten when the Agent is deployed.
  • Anchor
    SQLCM-21712544
    SQLCM-2171
    If you have two tables in the same database that have the same name but different schemas, auditing fails on those two tables
    2544
    SQL Compliance Manager attempts to contact the Agent (heartbeat check) on attached archive databases.
  • Anchor
    SQLCM-21634645
    SQLCM-2163
    When Capture Transaction Status for DML Activity is enabled for auditing on the database, capturing SQL Statements will have variables instead of values
    4645
    Users who export reports to Microsoft Excel fail when the SQL text contains more than 32,767 characters.
  • Anchor
    SQLCM-3648
    SQLCM-3648
    Some SQL Server startup/stop events may cause the integrity check to fail.

  • Anchor
    SQLCM-

    3647SQLCM-3647Case-sensitive collation may prevent some trusted and privileged users from being captured.

Alerting issues

...

  • 2239
    SQLCM-2239

...

Previous known issues

...

Users who change the default port for the AlwaysOn Availability Group from the default may experience the following issues. to avoid these issues, change the listener to the default port.

  • SQL Compliance Manager does not accept the name format when attempting to add the listener name using the Cluster Configuration Console.
  • If the port is not added, the agent cannot connect to the SQL Server instance. You can manually add the port to the registry setting later and it will then connect to the instance after restarting the SQLcomplianceAgent.
  • Users cannot connect to the SQL Server instance even when adding the listener with the port in the SQL CM console.
  • The Permissions Check also fails.

...

Users who install SQL BI Manager product before installing the SQL Compliance Manager product, both registering with the same IDERA Dashboard, may receive an error message.

...

  • The Audit Events tab may display an incorrect user name in the Login column when auditing start and stop server events.

  • Anchor

...

  • SQLCM-2529
    SQLCM-2529

Case-sensitive SQL Server instances do not trigger a Column Value Changed alert when a column that is set up for Before-After Data auditing is changed.

Net Time value not updated in recurring schedules

Users who have recurring archive schedules may notice an issue that prevents the archive process from executing. While the first scheduled archive does occur, the second scheduled archive does not. The workaround in this situation is to restart the Collection Service, and then wait until the next time the archive scheduler runs.

SELECT statements appear as DML events

  • A known SQL Server issue causes some SQL Compliance Manager SELECT statements to appear as DML events. This issue occurs when a user audits both SELECT and DML. SQL Compliance Manager captures many events when certain columns are selected from certain system tables from a single SELECT statement query and shows them as individual DML events.

  • Specifically, the SELECT statement which uses the permissions() function generates only DML event traces and not a SELECT event trace. This step results in SQL Compliance Manager reporting the SELECT statement as a DML event. In addition, the permissions() function is deprecated. Microsoft recommends in MSDN documentation that users implement the Has_Perms_By_Name() function instead of the permissions() function. The difference between these two functions is that the permissions() function always generates the DML event traces while the Has_Perms_By_Name() function generates event traces according to permission type used. For example, SELECT event traces for SELECT permission types, and DML event traces for EXECUTE or DELETE permission types.

...

  • Anchor
    SQLCM-2136
    SQLCM-2136
    Users who change the default port for the AlwaysOn Availability Group from the default may experience the following issues. to avoid these issues, change the listener to the default port.

    • SQL Compliance Manager does not accept the name format when attempting to add the listener name using the Cluster Configuration Console.
    • If the port is not added, the agent cannot connect to the SQL Server instance. You can manually add the port to the registry setting later and it will then connect to the instance after restarting the SQLcomplianceAgent.
    • Users cannot connect to the SQL Server instance even when adding the listener with the port in the SQL CM console.
    • The Permissions Check also fails.

  • When you change the definition of a table you are auditing to include BLOB data types, the Before-After data trigger prevents UPDATE, DELETE, and INSERT operations from modifying the table, such as through stored procedures or third-party applications. This issue is most likely to occur when you are auditing all columns in the target table. This issue occurs because Before-After auditing does not support BLOB data types (such as text, image data, or XML code). To correct this issue, change the data definition of the table.

  • SQL Compliance Manager does not support collecting and processing events from encrypted SQL Server trace files. This issue is most likely to occur in environments that use third-party encryption software. For example, some applications can be configured to automatically encrypt all new files created on a specific computer. If you are running encryption software in your SQL Server environment, verify the encryption settings to ensure the application does not encrypt trace files on the audited SQL Server instances.

  • Anchor
    SQLCM-2433
    SQLCM-2433

Already Deployed option is unavailable

When you attempt to add a new SQL Server instance to SQL Compliance Manager, the Deployment dialog box does not default to Already Deployed on instances where the Agent was manually installed on the machine where the SQL Server instance specified is located.

Guest user is enabled after installation

After installing SQL Compliance Manager 4.5, the Guest user is enabled in the SQLcompliance repository while it is disabled in the SQLcompliance event databases. You can disable this account in the repository using Microsoft SQL Server Management Studio.

Filtering Before-After data can cause event duplication

SQL Compliance Manager may duplicate some Before-After data events on the Audit Events tab of a database if you use the Filter by Table option to view your results. This issue does not occur with other filtering options.

Login Activity event alerts display as Security Changes in the Edit Event Alert Rule window

When you access the Edit Event Alert Rule window for a Login Activity event alert, SQL Compliance Manager defaults to the Security Changes option instead of the Login Activity option.

Changing archive preferences to Daily after upgrading to SQL Compliance Manager 4.5 causes an issue

Users who upgrade to SQL Compliance Manager 4.5, and then modify the archive preferences to Daily may experience that the subsequent archives fail and display a primary key constraint violation error message. In addition, SQL Compliance Manager does not store the events in the Events table of the Archive database.

Re-adding a virtual (clustered) instance previously deleted does not re-add a sub-key to the registry

When you install the SQLcompliance Agent on an audited instance, a Windows Registry sub-key called "Instances" is created in HKEY_LOCAL_MACHINE\SOFTWARE\Idera\SQLcompliance\SQLcomplianceAgent. This sub-key specifies the name of the SQL Server instance that you want to audit. In a clustered environment, the sub-key is created for each node. This issue occurs when you remove a virtual instance from the SQL Compliance Manager console, thereby deleting the sub-key from the active node registry, and then you re-add the virtual instance to the console. The sub-key "Instances" is not re-added to the registry and SQL Compliance Manager stops auditing data.

Archiving may fail on remote agents

Some users may experience an issue that causes archiving on a remote agent to fail. Associated error messages include:

  • Exception: Invalid attempt to call Read when reader is closed.
  • Exception: Unable to cast object of type 'System.Int32' to type 'System.String'.

Grooming alerts may result in an error when running the SQL Compliance Manager Console on Windows 2012 and Windows 8

Users running the SQL Compliance Manager Console on Windows 2012 and Windows 8 may receive an exception error when attempting to groom alerts. As a workaround, you can create a SQL script that deletes alerts directly from the repository.

Invalid events may appear for the custom Server role on a SQL Server 2012 instance

Users who create a custom Server role and give it permissions on a SQL Server 2012 instance may see events appearing as Invalid.

Issues can occur when a table name contains a period (.)

The following issues can occur if you have tables containing a period (.) in the name:

  • Columns may not appear in the Before-After Data selection.
  • Importing audit configuration containing Before-After Data settings may fail.
  • Users cannot select Before-After Data and Sensitive Columns for audit.

Auditing sensitive columns does not capture events executed by encrypted stored procedures or linked servers

The Collection Server is unable to process SELECT events that were executed by encrypted stored procedures or queries from linked servers. This issue is most likely to affect the audit data trail for specific, sensitive columns.

Column-level auditing is limited to tables

Auditing of SELECT events at the column level is limited to columns located in tables. For example, you cannot audit specific columns located in views. However, to audit SELECT commands performed on views, you can enable SELECT auditing at the database level and choose to capture the corresponding T-SQL statements.

...

  • IDERA provides limited support for before-after data auditing of the publisher database in SQL Servers with replication. However, this scenario is supported only when the publisher database with transaction replication is set to replicate data tables ONLY and no other objects. If the target database uses SQL Server replication set to replicate more than data tables , do not enable before-after auditing. Before and after data collection does not support SQL Server replication in that situation. For more information, see Microsoft Books Online for the version of SQL Server you are using.

...

Alerting issues

  • Anchor
    SQLCM-4503
    SQLCM-4503
    Status alerts are not generated for alert rules of the Agent cannot connect to audited instance Rule Type.
  • Anchor
    SQLCM-4680
    SQLCM-4680
    SQL Statement is not captured or displayed when viewing Event Properties for Create SQL Login and Create Windows Login events.
  • Anchor
    SQLCM-4346
    SQLCM-4346
    A Column Value Changed data alert is generated twice for each Before-After audit event.

Reporting issues

  • Anchor
    SQLCM-3788
    SQLCM-3788
    The DML Activity (Before-After) report does not run properly.


IDERA Website | Products | Buy | Support | Community | About Us | Resources | Legal

Events statistics may not display in charts

SQL Compliance Manager now displays event statistics on the new Enterprise, SQL Server Instance, and Database Summary tabs. Because this information was not collected in previous versions, the new graphs does not display event statistics for audit data collected by SQL Compliance Manager 2.1 or earlier.

Filters do not support audit data collected by version 2.1 or earlier

SQL Compliance Manager includes many new filters in the enhanced Management Console views. These filters will not sort or filter events collected with SQL Compliance Manager version 2.1 or earlier.

Encrypted trace files not supported

SQL Compliance Manager does not support collecting and processing events from encrypted SQL Server trace files. This issue is most likely to occur in environments that use third-party encryption software. For example, some applications can be configured to automatically encrypt all new files created on a specific computer. If you are running encryption software in your SQL Server environment, verify the encryption settings to ensure the application does not encrypt trace files on the audited SQL Server instances.

Alerts include raw variable data if undefined

SQL Compliance Manager now includes alert messages for all alerts. If you have not defined an alert message and an alert is generated , the alert message will display raw variable information without any corresponding values. Configuring your alert messages and defining the variables to include will allow you to customize what you see in alert messages.

Adding BLOB data type to table definition prevents updates

When you change the definition of a table you are auditing to include BLOB data types, the Before-After data trigger prevents UPDATE, DELETE, and INSERT operations from modifying the table, such as through stored procedures or third-party applications. This issue is most likely to occur when you are auditing all columns in the target table.

This issue occurs because Before-After auditing does not support BLOB data types (such as text, image data, or XML code). To correct this issue, change the data definition of the table.

 

Excerpt
SQL Compliance Manager audits all activity on your server. Learn more > >
IDERA WebsiteProductsPurchaseSupportCommunityAbout UsResources Legal

 

Save

Save

Save