Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-6304: Direct Audit Manager Cannot See Collector or Audit Store Databases

Authentication Service ,  

13 July,17 at 09:51 PM


Direct Audit Manager Cannot See Collector or Audit Store Databases


If a newly installed Direct Audit Manager is unable to see a configured collector, or if the Audit Store is seen as offline even though it's running in the SQL Server Manager, a possible explanation is that the SQL Server is running with a virtual account.  To verify this, open the machine Services console, find the SQL Server and look in the column labeled Log On As.  The virtual account will appear as something like:

NT Service\MSSQLSERVER or NT Service\MSSQL$<Instance Name> 

Direct Audit is unable to authenticate a virtual account so the Audit Manager is unable to connect to the management database to see the collectors and the Audit Stores.  In order to correct this, the account that runs SQL Server must be modified to be either an actual Local Account, Network Account, or a Domain Account.  


These are the steps to modify the SQL Server service account in support of Direct Audit.

1) Open SQL Server Configuration Manager

User-added image

2) Open the SQL Server Services and double click on SQL Server

3) In the SQL Server Properties, select
Log on as:
Then select Local System, or Network Service or select an AD account

User-added image

4) Apply and OK

5) Open SQL Server Management Studio

User-added image

6)  Browse to Security -> Logins and find the account

If you used a Local System or Network account, find the account that matches the pattern
In this example the account is

If you are using an Active Directory Account to run you service, just find the account on the list.  An example on this would be
If the [DOMAIN\MACHINE$] account does not already exist in the Logins list, you can create it in SQL Server Managment Studio with this SQL 
User-added image

7) Double click on the account to bring up the properties

8) Open the User Mapping and pick on the Audit Store

9) Check that the user has the managementdb role for the Audit Store
User-added image
10) Close out of SQL Server Management Studio

11) Restart or Refresh the Direct Audit Manager

12) Ensure you can see your collector and that the Audit Store Database is on-line.

User-added image