18 February,20 at 07:12 PM
Applies to: Centrify DirectAudit version 2.x and above
Question:
When 'dainfo --diag' is executed as root, the following error is noticed:
Collectors servicing audit store '<AuditStore>':
<Host's FQDN>
Port: 5063
SPN: HOST/<Host's FQDN>@<Domain Name>
Attempting to connect to collectors:
Host: <Host's FQDN> - Error: Error while sending wrapped data: Connection refused
On the Windows machine running Collector, in the Centrify Collector ControlPanel, under 'Current Status', it shows:
"The Audit Store Database is not connected"
"The Collector is not able to use the database"
"You cannot connect to the SQL Server. Please make sure the SQL Server is running and allows remote connection"
Why do these messages show?
Answer:
Please check the following:
1. On the Windows machine where SQL server is setup, click:
Start > All Programs > Microsoft SQL Server 200x > Configuration Tools > SQL Server Configuration Manager.
Expand SQL Server 200x Network Configuration > double click Protocols for DIRECTAUDIT > Please make sure TCP/IP is Enabled
2. Click Start > Administrative Tools > Service, right-click on SQL Server (DIRECTAUDIT) to start/restart the server.
3. Check Trusted Collectors is correctly configured in Audit Store and any Allowed incoming Collectors in the database.
4. The collector server and the database server should be part of the same AD forest.
5. See if the AD domain name matches the issue described in:
KB-2516: Centrify DirectAudit fails to resolve the Fully Qualified Domain Name for the SQL server
===================================================
After verifying all there configurations the customer still gets the following error message "You cannot connect to the SQL Server. Please make sure the SQL server is running and allows remote connection"
Solution: Ensure "SQL Server Browser" is enabled otherwise you will not be able to complete the SQL Instance connection through the wizard. (FYI, The SQL instance in the wizard is selectable (viewable), but the wizard doesn't establish a connection to the SQL instance causing the wizard to fail with the following error "You cannot connect to the SQL Server. Please make sure the SQL server is running and allows remote connection".
NOTE: Enabling "SQL Server Browser" will usually cause a pop up "TCP Port 5063 is not yet open in Windows Firewall, Do you want to open it ?" this is because the the wizard was
to establish a connection to the SQL instance specified in the installation and has verified what ports are required to be open to function.