Versions Compared

Old Version 21

changes.mady.by.user Nicolas Rios

Saved on

compared with

New Version 22

changes.mady.by.user Unknown User (6092af18a56f2f006f392eb0)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Installation and configuration issues

Anchor
SQLCM-

...

When users try to upgrade from SQL Compliance Manager 4.5 to 5.5, trace files are not processed. If you currently work with SQL Compliance Manager 4.5, before upgrading stop the Collection Service, Agent Service, and disable auditing to stop trace file processing, then proceed to upgrade to SQL Compliance Manager 5.5, and configure and enable auditing. 

Upon upgrading to SQL Compliance 5.5, users must upgrade all agents to a 5.x version first. For more information, see Upgrade to this build

Anchor
SQLCM-4831
SQLCM-4831
IDERA Dashboard 3.0.3 and later does not support SQL Server 2005 SP1

...

Linked server events are not present in the trace files for SQL Server 2005, therefore linked server events are not captured in IDERA SQL Compliance Manager and no alerts will trigger. Microsoft has ended extended support for this version

...

IDERA SQL Compliance Manager 5.5 installs SQL Server 2012 native client (version 11.0.2100.60) which does not support TLS 1.2 enabled as per Microsoft.

https://support.microsoft.com/en-us/help/3135244/tls-1-2-support-for-microsoft-sql-server

Users with SQL Server versions prior to SQL Server 2012 R2 SP3 need to enable TLS 1.0 or update the native client to the supported version (11.4.7001.0) following the link below:

https://www.microsoft.com/en-us/download/details.aspx?id=50402

...

When performing an archive of a highly transactional database with SQL Compliance Manager, the application shows a “violation of PRIMARY KEY constraint” error and terminates the statement.  

The workaround for this issue is to:

...

 

Anchor
SQLCM-3040
SQLCM-3040
Create/Drop index events recorded as “Alter User Table” event

SQL Compliance Manager records Create/Drop index events as “Alter User Table” events.

Anchor
SQLCM-

...

The SQL Compliance Manager Collection Server is not processing trace files, or processing them slowly, causing backlog files to get accumulated in the Collection Trace Directory in large transactional databases.

The workaround for this issue is to increase the tamper detection interval and the Collection interval.

...

When a user saves a Custom Regulatory Guideline, in order to retain the selected checkboxes for Privileged Users, BAD and Sensitive Column, user must set at least one value for each setting.

The value will only be set for the referenced database. 

Anchor
SQLCM-5421
SQLCM-5421
IDERA SQL Compliance Manager is not loading events accessed through a View

...

When users capture a "Create Database" event, SQL Compliance Manager changes the Database name to "Dynamic SQL". 

Anchor
SQLCM-5100
SQLCM-5100

...

Issues loading BAD auditing information

IDERA SQL Compliance Manager is not able to capture BAD auditing information when two objects with the same name exist in the same schema.

...

When monitoring an instance for DDL event, SQL Compliance Manager is not able to capture SQL Statements for DDL activities unless a user is added to the Privileged User Group. Users can also capture SQL Text by selecting selecting Capture SQL statements for DDL and Security changes at  at Database Level.

Known issues in version 5.5

General issues

  • Anchor
    SQLCM-

...

  • 5334
    SQLCM-

...

  • 5334
    (Fixed in version 5.5.1) When users try to upgrade from SQL Compliance Manager 4.5 to 5.5, trace files are not processed. If you currently work with SQL Compliance Manager 4.5, before upgrading stop the Collection Service, Agent Service, and disable auditing to stop trace file processing, then proceed to upgrade to SQL Compliance Manager 5.5, and configure and enable auditing. Upon upgrading to SQL Compliance 5.5, users must upgrade all agents to a 5.x version first. For more information, see Upgrade to this build

  • Anchor
    SQLCM-5339/5021/5243/5013/5340/5343
    SQLCM-5339/5021/5243/5013/5340/5343
    (Fixed in version 5.5.1) The SQL Compliance Manager Collection Server is not processing trace files, or processing them slowly, causing backlog files to get accumulated in the Collection Trace Directory in large transactional databases.

SQL Compliance Manager does not process trace files generated by an older Agent after upgrading versions of the Collection Server and the Agent.

...

  • The workaround for this issue is

...

Run SQLCMInstall-64bit-v5.5.0.EXE. SQL Compliance Manager displays the main installation window

...

  • to increase the tamper detection interval and the Collection interval.

  • Anchor
    SQLCM-5306
    SQLCM-5306
    (Fixed in version 5.5.1) IDERA SQL Compliance Manager installation fails if TLS 1.0 is disabled and if SQL Server 2012 Native Client is not available. IDERA SQL Compliance Manager 5.5 installs SQL Server 2012 native client (version 11.0.2100.60) which does not support TLS 1.2 enabled as per Microsoft.

    https://support.microsoft.com/en-us/help/3135244/tls-1-2-support-for-microsoft-sql-server

    Users with SQL Server versions prior to SQL Server 2012 R2 SP3 need to enable TLS 1.0 or update the native client to the supported version (11.4.7001.0) following the link below:

    https://www.microsoft.com/en-us/download/details.aspx?id=50402

  • Anchor
    SQLCM-5218/5222/5328
    SQLCM-5218/5222/5328
    (Fixed in version 5.5.1) SQL Compliance Manager does not process trace files generated by an older Agent after upgrading versions of the Collection Server and the Agent.

Auditing issues

  • Anchor
    SQLCM-5275/2408/2512/4919
    SQLCM-5275/2408/2512/4919
    (Fixed in version 5.5.1) When performing an archive of a highly transactional database with SQL Compliance Manager, the application shows a “violation of PRIMARY KEY constraint” error and terminates the statement. The workaround for this issue is to rename the current archive database, along with the database files associated to it and perform a new archive operation. The operation should create a new archive database and database files. 

...

Known issues in version 5.4.x

General issues

  • Anchor
    SQLCM-4633
    SQLCM-4633
    SQL (Fixed in version 5.5.1) SQL Compliance Manager does not accept user names longer than 20 characters and does not support some special characters for the user password, such as £.
  • Anchor
    SQLCM-3773
    SQLCM-3773
    Removing databases using the Administration pane in the Management Console does not work. You can remove databases using the Explorer Activity panel.

  • Anchor
    SQLCM-4672
    SQLCM-4672
    (Fixed in version 5.5)   During an Agent-only installation, if you accept the default destination path for SQL Compliance Manager, and then select a different destination drive and use a sub-folder in the Agent Trace Directory dialog box, the installer does not create the Agent Trace Directory during installation. If this issue occurs, reinstall the Agent specifying a folder instead of a sub-folder as the destination path or use the default path specified in the installer.

Auditing issues

  • Anchor
    SQLCM-4942
    SQLCM-4942
    If the audit settings are configured to audit DML events for a selected table, and extended events is enabled for DML and Select on the Instance, SQL Compliance Manager collects audit data for all tables and not only the selected table. If you turn off extended events, auditing correctly collects data for the selected table only.
  • Anchor
    SQLCM-4941
    SQLCM-4941
    (Fixed in version 5.5) Execute events are captured when extended events is enabled. There may be some extra events captured and shown through the Extended Events auditing than the events shown through the Trace method.
  • Anchor
    SQLCM-3642
    SQLCM-3642
    (Fixed in version 5.4.2) Cannot  Cannot insert duplicate key row in object 'dbo.Events' with unique index 'IX_Events_eventId'.
  • Anchor
    SQLCM-3789
    SQLCM-3789
    (Fixed in version 5.4.2) DatabaseName appears as empty for Login Events. SQL Compliance Manager 5.4 traces do capture the DatabaseID, but do not include the database name.
  • Anchor
    SQLCM-4211
    SQLCM-4211
    (Fixed in version 5.5) Applying a regulation guideline does not work when there is a Privileged User defined.
  • Anchor
    SQLCM-3647
    SQLCM-3647
    (Fixed in version 5.4.2) Case-sensitive collation may prevent some trusted and privileged users from being captured.
  • Anchor
    SQLCM-4195
    SQLCM-4195
    (Fixed in version 5.4.2) Auditing an AlwaysOn database using the Node method causes the Registered SQL Servers list to display both nodes as Secondary.
  • Anchor
    SQLCM-4205/4718
    SQLCM-4205/4718
    Audit Snapshot does not include setting to capture DDL SQL statements.
  • Anchor
    SQLCM-4896
    SQLCM-4896
    Before-After data does not appear for Binary Collation SQL Server instances when extended events is enabled.
  • Anchor
    SQLCM-4297
    SQLCM-4297
    (Fixed in version 5.4.2) Audit settings at an instance level take precedence over database-level settings for a Privileged User.
  • Anchor
    SQLCM-4674
    SQLCM-4674
    (Fixed in version 5.5) Agent trace folder permissions are overwritten when the Agent is deployed.
  • Anchor
    SQLCM-2544
    SQLCM-2544
    (Fixed in version 5.4) SQL Compliance Manager attempts to contact the Agent (heartbeat check) on attached archive databases.
  • Anchor
    SQLCM-4645
    SQLCM-4645
    (Fixed in version 5.5) Users who export reports to Microsoft Excel fail when the SQL text contains more than 32,767 characters.
  • Anchor
    SQLCM-3648
    SQLCM-3648
    (Fixed in version 5.4.2) Some SQL Server startup/stop events may cause the integrity check to fail.

  • Anchor
    SQLCM-2239
    SQLCM-2239
    The Audit Events tab may display an incorrect user name in the Login column when auditing start and stop server events.

  • Anchor
    SQLCM-2529
    SQLCM-2529
    (Fixed in version 5.4.2) A known SQL Server issue causes some SQL Compliance Manager SELECT statements to appear as DML events. This issue occurs when a user audits both SELECT and DML. SQL Compliance Manager captures many events when certain columns are selected from certain system tables from a single SELECT statement query and shows them as individual DML events.
    Specifically, the SELECT statement which uses the permissions() function generates only DML event traces and not a SELECT event trace. This step results in SQL Compliance Manager reporting the SELECT statement as a DML event. In addition, the permissions() function is deprecated. Microsoft recommends in MSDN documentation that users implement the Has_Perms_By_Name() function instead of the permissions() function. The difference between these two functions is that the permissions() function always generates the DML event traces while the Has_Perms_By_Name() function generates event traces according to permission type used. For example, SELECT event traces for SELECT permission types, and DML event traces for EXECUTE or DELETE permission types.

  • Anchor
    SQLCM-2136
    SQLCM-2136
    (Fixed in version 5.4.2) Users who change the default port for the AlwaysOn Availability Group from the default may experience the following issues. to avoid these issues, change the listener to the default port.

    • SQL Compliance Manager does not accept the name format when attempting to add the listener name using the Cluster Configuration Console.
    • If the port is not added, the agent cannot connect to the SQL Server instance. You can manually add the port to the registry setting later and it will then connect to the instance after restarting the SQLcomplianceAgent.
    • Users cannot connect to the SQL Server instance even when adding the listener with the port in the SQL CM console.
    • The Permissions Check also fails.

  • When you change the definition of a table you are auditing to include BLOB data types, the Before-After data trigger prevents UPDATE, DELETE, and INSERT operations from modifying the table, such as through stored procedures or third-party applications. This issue is most likely to occur when you are auditing all columns in the target table. This issue occurs because Before-After auditing does not support BLOB data types (such as text, image data, or XML code). To correct this issue, change the data definition of the table.

  • SQL Compliance Manager does not support collecting and processing events from encrypted SQL Server trace files. This issue is most likely to occur in environments that use third-party encryption software. For example, some applications can be configured to automatically encrypt all new files created on a specific computer. If you are running encryption software in your SQL Server environment, verify the encryption settings to ensure the application does not encrypt trace files on the audited SQL Server instances.

  • Anchor
    SQLCM-4963/4974
    SQLCM-4963/4974
    After removing a server from auditing and leave registered databases archived, the user is able to right-click the archived database ‘server’ and register databases to audit.  
  • Anchor
    SQLCM-5239
    SQLCM-5239
    Users can select “Capture SQL statements for DDL activities” only if the “Database Definition DDL” option is saved first.

...

Scroll pdf ignore

SQL Compliance Manager audits all activity on your server. Learn more> > >>

IDERA Website | Products Buy Support Community About Us | Resources Legal

...