Page History
IDERA strives to ensure our products provide quality solutions for your SQL Server needs. If you need further assistance with any issue, please contact Support (www.idera.com/support).
Known issues
General
SQL Secure only recognizes the first license key added. If the first license key gets expired the product will ask for a new valid license key, even if the product has another valid license keys registered. You can remove the old license key by deleting it and this way it will recognize the valid license key. You can contact your IDERA Account Team for an updated license.Anchor SQLSECU-2309 SQLSECU-2309
The uninstall process may not completely remove the SQL Secure folder in the Program files but user can manually remove it after uninstall process completes.Anchor SQLSECU-2151 SQLSECU-2151
The Snapshot Data Collection process for Windows Server 2016 is showing some incorrect warnings.Anchor SQLSECU-2083 SQLSECU-2083
SQl Secure is not able to add new servers to Server Group Tags.Anchor SQLSECU-2064 SQLSECU-2064
The Show Risk Only option in the Risk Assessment Report does not make any difference in the report list.Anchor SQLSECU-2037 SQLSECU-2037
The Register SQL Server error message regarding supported versions needs updating to include SQL Server 2017.Anchor SQLSECU-2065 SQLSECU-2065
Security Checks
The Unauthorized Account Check security check is not listing the proper permissions for SQL Server 2008 and reports this message "Unauthorized member found: 'public' (VIEW ANY COLUMN ENCRYPTION KEY DEFINITION, VIEW ANY COLUMN MASTER KEY DEFINITION)"Anchor SQLSECU-2244 SQLSECU-2244
SQL Server Installation Directories on system Drive Security check is failing in Azure Virtual Machines.Anchor SQLSECU-2259 SQLSECU-2259
Some older security template requires a user input for the security checks but SQL Secure is allowing user to save these polices without inputting criteria. It can result in a risk finding in the report. When this happens the user can always go back in and edit the policy to update the criteria.Anchor SQLSECU-2338 SQLSECU-2338
Not all SSRS reports are able to export to CSV format. The workaround is to export to Excel and open the report in Excel and re-save as csv format.Anchor SQLSECU-2058 SQLSECU-2058
Previous known issues
General
Database roles and members are not included in the Report Card Details list on registered SQL Server 2000 instances.Anchor SQLSECU-2053 SQLSECU-2053
The repository grooming job does not delete snapshots which are in an Error state. Snapshots in an OK or Warning state are appropriately deleted.Anchor SQLSECU-2000 SQLSECU-2000
Clicking Technical Support Site on the IDERA SQL Secure Quick Start window redirects to an error page.Anchor SQLSECU-1331 SQLSECU-1331
SMTP email configuration may not work for a secure mail server.Anchor SQLSECU-1329 SQLSECU-1329
The Register SQL Server error message regarding supported versions needs updating to include SQL Server 2016.Anchor SQLSECU-2065 SQLSECU-2065
SSRS reports do not extract to a .csv file.Anchor SQLSECU-2058 SQLSECU-2058
The file type of an exported policy is not selected as .xml by default. In addition, when importing a policy, the file must be manually selected by selecting All Files.Anchor SQLSECU-2049 SQLSECU-2049
IDERA SQL Secure displays an incomplete error message if a specific user/role is given GRANT and/or WITHGRANT permissions by one grantor, and DENY permission by another grantor. The error message does not include identifying detail about the conflicting user or role.Anchor SQLSECU-2047 SQLSECU-2047
...
Console only installations may display an incorrect message stating that the repository specified is not compatible with this version of the Console. Click OK to continue installation.Anchor SQLSECU-1333 SQLSECU-1333
During a new installation, the Ready to Install the Program window refers to an upgrade instead of an installation.Anchor SQLSECU-1334 SQLSECU-1334
Uninstalling IDERA SQL Secure does not remove the Secure folder from the registry.Anchor SQLSECU-1332 SQLSECU-1332
The License Agreement does not display the correct year.Anchor SQLSECU-1330 SQLSECU-1330
Security Checks
General Domain Accounts security check does not display results.Anchor SQLSECU-2052 SQLSECU-2052
The Integration Services Running security check displays as green even when the service is not running.Anchor SQLSECU-2055 SQLSECU-2055
The Integration Services Login Account Not Acceptable security check displays incorrect data.Anchor SQLSECU-2056 SQLSECU-2056
The Row-Level Security security check causes the Risk Assessment Report to display, "The following tables do not have row-level security configured: '[R7].[DB1].[Table_1]' " for registered SQL Server 2016 instances.Anchor SQLSECU-2059 SQLSECU-2059
The Transparent Data Encryption security check causes the Risk Assessment Report to display, "The following databases do not have transparent data encryption configured: '[R7].[ReportServer]', '[R7.[ReportServerTempDB]' " for registered SQL Server 2016 instances.Anchor SQLSECU-2060 SQLSECU-2060
The following security checks for Integration Services are not returning accurate information: Integration Services Login Account Not Acceptable and Integration Services Running. It is recommended that users seeking to harden Integration Services review the login account and service run status of Integration Services using the server's SQL Server Configuration Manager.Anchor SQLSECU-1767 SQLSECU-1767
If the Weak Password Detection security check is disabled, the Description displays a list of all the usernames that have a blank password associated with the account.Anchor SQLSECU-2054 SQLSECU-2054
...
If a user deletes a snapshot while it is running, and then tries to take another snapshot soon after, SQL Secure may show an error message.Anchor SQLSECU-1989 SQLSECU-1989
Previous known issues
...
The repository grooming job does not delete snapshots which are in an Error state. Snapshots in an OK or Warning state are appropriately deleted.
...
Clicking the "Hide and Notify when Complete" button while a snapshot is in progress will hide the snapshot progress screen, but no notification is sent when the snapshot does complete.
...
Taking a snapshot of an Azure SQL Database from an on-premises installation of SQL Secure may take an extended length of time. This time is decreased when the snapshot is taken from an Azure VM installation of SQL Secure.
...
The following security checks for Integration Services are not returning accurate information: Integration Services Login Account Not Acceptable and Integration Services Running. It is recommended that users seeking to harden Integration Services review the login account and service run status of Integration Services using the server's SQL Server Configuration Manager.
...
SQL Secure does not support SMTP servers which require SSL connections.
...
SQL Secure Repository requires SQL Server 2005 or later
When upgrading, migrating, or deploying the SQL Secure Repository for the first time, ensure you select an instance running SQL Server 2005 or later for your target location. SQL Secure no longer supports SQL Server 2000 platform for the SQL Secure Repository.
If you are upgrading from SQL Secure version 2.0 or earlier, you will need to migrate the Repository to a SQL Server 2005 or later instance. For more information, see IDERA Solution 00002617 ("How do I migrate SQL Secure from one server to another?").
Microsoft Reporting Services 2000 is no longer supported
If you are upgrading reports from Microsoft Reporting Services 2000, then upgrade to Microsoft Reporting Services 2005 before installing the new reports in SQL Secure 2.6 to ensure the upgrade is successful.
New credentials may be necessary when upgrading
SQL Secure no longer uses the default credentials of your SQL Server Agent to collect Operating System and SQL Server security information. If, in a previously installed version, SQL Secure was configured to use the default SQL Agent credentials to collect security information, a window will open when you first open SQL Secure 2.6, prompting you for new credentials.
Blank password not accepted when registering a SQL Server instance
When registering a new SQL Server instance, blank passwords are not accepted for SQL logins due to the extreme security risk this poses.
SQL Secure cannot audit the same cluster node on which it is installed
The SQL Secure cannot audit security data from SQL Server instances hosted on the same cluster node that hosts the SQL Secure Collector. To successfully audit your virtual instances, deploy the SQL Secure Collector on an instance that does not belong to the clusters you want to audit.
Incomplete support for contained database authentication security
SQL Secure does not fully display information about nor report on the security settings of database principals used for contained database authentication and connections. To see how many database principals have been created on the audited instance, as well as which permissions have been assigned to these users, navigate to the Object Permissions Explorer and then view the user properties.
Contained databases are a new security feature available in SQL Server 2012.
SQL Secure does not collect security data for AlwaysOn Availability Groups
When you take snapshots of the SQL Server 2012 instances you audit, SQL Secure does not collect properties or security data for the AlwaysOn Availability Groups feature. AlwaysOn can be enabled only on instances running SQL Server 2012 Enterprise Edition.
With Grant and Grant permissions
When SQL Secure displays the With Grant permission as checked, it does not also check the Grant permission as is the case in SQL Server Enterprise Manager or SQL Server Management Studio.
Incorrect timeout error message
SQL Secure may display an incorrect timeout error message when processing policy information.
Incorrect security check message
SQL Secure displays an incorrect message that some servers are failing the Login Audit Level security check even with proper settings.
Possible freeze when creating reports
SQL Secure may freeze when creating User Permissions reports for over 80 databases.
Policy findings for snapshots taken in previous versions do not contain all necessary data
When you create a policy in SQL Secure 2.5 or later and view a snapshot taken in a previous version, the snapshot may not contain required data. If this issue occurs, the security check “Snapshot May Be Missing Data” will return a finding.
Assessment Comparison window may not refresh display
When comparing assessments using the SQL Secure Console, the Assessment Comparison window may not refresh its display when you choose a different set of assessments to compare. To avoid this issue, close the window, and then click Compare Assessments on the actions ribbon to perform the next comparison.
Collector job fails when the port used to access the Repository changes
The port number is included in the Collector Job when it is first configured. If the port number changes, the Collector Jobs will fail. To fix this issue, delete the Collector Jobs that are failing and recreate them.
Collector job fails to get registry information from 64-bit Server
The Collector Job will fail to retrieve registry settings from an audited server running a 64-bit version of the Windows operating system, such as Itanium or x64, when the SQL Secure Repository is located on a server running a 32-bit version of the Windows operating system. To collect registry settings from the target server, install the Repository on a server running Itanium or x64.
SQL Agent job issue
The SQL Agent jobs used by SQL Secure can fail when the owner is from a one-way trusted domain. SQL Secure requires that the sysadmin account used in SQL Secure must be the owner of all SQL Agent jobs created. This setting has no effect on what the job does beyond execution of the job. This setting is required to ensure that only system administrators can run SQL Secure jobs, and prevents any problems with the snapshot collection process.
SQL Secure Collector logging issue
If a SQL Secure job has an error and the Collector is not started, a SQL Secure log entry is not created. Although a SQL Secure log entry is not created, you can see the error in the Windows Application log.
Snapshot Comparison may not report correct permissions status
When you generate a Snapshot Comparison, the report may indicate that differences exist in the file, folder, or registry key permissions when, in fact, there are no differences. This issue is most likely to occur when Windows user accounts have been granted multiple permissions on those files, folders, or registry keys.
...
IDERA Website | Products | Buy | Support | Community | About Us | Resources | Legal