This error "Can't connect to the authentication service" is displayed when you've configured SQL Monitor to authenticate with Active Directory, but SQL Monitor can't connect to Active Directory.
Is the Active Directory domain controller turned on?
Make sure the Active Directory domain controller is turned on.
Has the domain name changed?
Manually update the domain entry in the SQL Monitor database.
1. In Management Studio, connect to the SQL Server instance that hosts the SQL Monitor database.
2. Open a new query window and past in the following SQL script:
UPDATE settings.KeyValuePairs
SET KeyValue ='domain.com/OU=dba,DC=domain,DC=com'
WHERE KeyName='ActiveDirectory-ConnectionString';
3. Replace domain.com
with the domain name you want to use.
4. If you want to use a base DN, replace OU=dba,DC=domain,DC=com
with the base DN you want SQL Monitor to use.
If you don't want to use a base DN, remove the OU=dba,DC=domain,DC=com
string.
The base DN is the root note in LDAP from which SQL Monitor will search for users and groups.
5. Run the script on the SQL Monitor database.
The domain entry is updated with the new domain name.
Has the SQL Monitor service account changed?
SQL Monitor uses the service account details to query Active Directory. The details are stored in the Windows credentials store on the machine where the monitoring service is installed. SQL Monitor might not be able to use the service account if, for example:
- the credentials for the service account have changed
-
you've moved the monitoring service to a different machine, and the new machine doesn’t have the service account credentials
To fix this in the first case, you can edit the entry in the credentials manager by following these steps:
- Open Control Panel to show All Control Panel Items
- Click on Credentials Manager
- Click on Windows Credentials
- Find the entry for your service account under the Generic Credentials section.
It will be in the form SQL_Monitor_AD_ServiceAccount_<Domain> like this:
(Note: there may be a legacy entry SQL_Monitor_AD_ServiceAccount from versions before multiple AD domains were added that will be fallen back to for the first domain) - Expand the entry and click Edit to update the password.
In the second case, or if the entries are not shown in the Credentials Manager, you will need to change the SQL Monitor authentication method to the default, remove the domain entries from the database, then reconfigure your Active Directory settings. To do this:
1. In Management Studio, connect to the SQL Server instance that hosts the SQL Monitor database.
2. In the following SQL script, replace RedGateMonitor with the name of your SQL Monitor database and run it on the server:
USE [RedGateMonitor]
GO
DELETE FROM [settings].[KeyValuePairs]
WHERE [KeyName] = 'ActiveDirectory-Enabled'
OR [KeyName] = 'ActiveDirectory-ConnectionString';
GO
DELETE FROM [settings].[ActiveDirectoryDomains];
GO
3. Restart the monitoring service.
- In the Start menu, type services.msc and press Enter.
- In the Services dialog, right-click SQL Monitor Base Monitor and select Restart:
4. Restart the SQL Monitor web application.
After you restart, SQL Monitor reverts to authenticating users with their SQL Monitor username and password.
5. Log into SQL Monitor using your SQL Monitor username and password.
If you've forgotten your SQL Monitor administrator username and password, see Resetting your SQL Monitor password.
6. Switch SQL Monitor back to using Active Directory. For instructions, see Authenticating with Active Directory.