Can't connect to authentication service Can't connect to authentication service

Can't connect to authentication service

This error "Can't connect to the authentication service" is displayed when you've configured Redgate Monitor to authenticate with Active Directory, but Redgate Monitor can't connect to Active Directory.

Is the Active Directory domain controller turned on?

Make sure the Active Directory domain controller is turned on.

Has the domain name changed?

Manually update the domain entry in the Redgate Monitor database.

1. In Management Studio, connect to the SQL Server instance that hosts the Redgate Monitor database.

2. Open a new query window and past in the following SQL script: 

INSERT INTO settings.ActiveDirectoryDomains
--Domain, BaseDN, UseBaseMonitorServiceAccount
VALUES('domain.com', 'OU=dba,DC=domain,DC=com',1)

3. Replace domain.com with the domain name you want to use.

4. If you want to use a base DN, replace OU=dba,DC=domain,DC=com with the base DN you want Redgate Monitor to use.
If you don't want to use a base DN, remove the OU=dba,DC=domain,DC=com  string.
The base DN is the root note in LDAP from which Redgate Monitor will search for users and groups.  

5. The 1 indicates to use the account running the Base Monitor service.  You will need to use this since setting it to 0 will look for a user for the new domain that doesn't exist (see step 4 below looking at the AD Service Account).  If you need to specify a user you will need to follow the steps farther below to revert to Basic Authentication and re-enable AD auth for the new domain.

6. Run the script on the Redgate Monitor database.

The domain entry is updated with the new domain name.

Has the Redgate Monitor service account changed?

Redgate Monitor uses the service account details to query Active Directory. The details are stored in the Windows credentials store on the machine where the monitoring service is installed. Redgate Monitor might not be able to use the service account if, for example:

  • the credentials for the service account have changed
  • you've moved the monitoring service to a different machine, and the new machine doesn’t have the service account credentials

To fix this in the first case, you can edit the entry in the credentials manager by following these steps:

  1. Open Control Panel to show All Control Panel Items
  2. Click on Credentials Manager
  3. Click on Windows Credentials
  4. Find the entry for your service account under the Generic Credentials section.
    It will be in the form SQL_Monitor_AD_ServiceAccount_<Domain> like this:

    (Note: there may be a legacy entry SQL_Monitor_AD_ServiceAccount from versions before multiple AD domains were added that will be fallen back to for the first domain)
  5. Expand the entry and click Edit to update the password.

In the second case, or if the entries are not shown in the Credentials Manager, you will need to change the SQL Monitor authentication method to the default, remove the domain entries from the database, then reconfigure your Active Directory settings. To do this:

1. In Management Studio, connect to the SQL Server instance that hosts the Redgate Monitor database.

2. In the following SQL script, replace RedGateMonitor with the name of your Redgate Monitor database and run it on the server: 

USE [RedGateMonitor]
GO
DELETE FROM [settings].[KeyValuePairs]
WHERE [KeyName] = 'ActiveDirectory-Enabled'
OR [KeyName] = 'ActiveDirectory-ConnectionString';
GO
DELETE FROM [settings].[ActiveDirectoryDomains];
GO

3. Restart the monitoring service.

  • In the Start menu, type services.msc and press Enter. 
  • In the Services dialog, right-click SQL Monitor Base Monitor and select Restart:

 

4. Restart the Redgate Monitor web application.  If using IIS, stop the site, in IIS Manager, then stop the Application pool, then start the application pool then the site.
After you restart, Redgate Monitor reverts to authenticating users with their Redgate Monitor username and password.

5. Log into Redgate Monitor using your Redgate Monitor username and password.
If you've forgotten your Redgate Monitor administrator username and password, see Resetting your Redgate Monitor password.

6. Switch Redgate Monitor back to using Active Directory. For instructions, see Authenticating with Active Directory.