Troubleshooting
Problem
OS User field is blank in Reports for remote MSSQL connections, but contains data for local connections
Cause
Local Database Connections
For local connections (i.e. connections made to the database from the server where the database is running and the S-TAP is installed) the OS User field can be populated as the OS User of the client process. This is because the S-TAP is installed on the server and can send this data to Guardium.
Expected OS User values
Windows Authentication: OS User of Client session
SQL Server Authentication: OS User of Client session
Remote Database Connections
Windows Authentication: OS User of Client session
SQL Server Authentication: OS User of Client session
Remote Database Connections
For remote connections (i.e. connections made to the database from an external client not through the server) the OS User is not sent by the Windows S-TAP. This is because S-TAP is not installed on the remote client and OS User is not part of the database traffic packets.
Based on the type of authentication used, the sniffer copies the Database User into the OS User field. For certain types of authentication, the two fields are effectively the same.
Expected OS User values
Windows NTLM Authentication: DB User of remote session
Windows Kerberos Authentication: Blank
SQL Server Authentication: Blank
Windows Kerberos Authentication: Blank
SQL Server Authentication: Blank
To check the authentication scheme for MSSQL Server sessions run:
1> select auth_scheme from sys.dm_exec_connections where session_id=@@spid;
2> go
auth_scheme
----------------------------------------
NTLM
2> go
auth_scheme
----------------------------------------
NTLM
Related Information
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Component":"Guardium Database Activity Monitor","Platform":[{"code":"PF033","label":"Windows"}],"Version":"9,10,11","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
04 June 2020
UID
swg21986236