IBM Support

Why are Guardium reports displaying SQLServer DB Usernames in hexadecimal ?

Troubleshooting


Problem

Why are Guardium reports displaying SQLServer DB Usernames in hexadecimal format instead of plain text ?

Cause


Microsoft SQL Server DB Usernames will be displayed in hexadecimal format in Guardium reports when Kerberos authentication is being used.

Resolving The Problem

To decrypt the Kerberos authenticated DB Usernames for Microsoft SQLServer you will need to configure the S-TAP to automatically replace Kerberos names with real database usernames before forwarding the name to the Guardium Appliance.

This can be done by following the steps documented in the S-TAP Help Book under the section entitled MS SQL Server Encryption and Kerberos and sub-section Map Kerberos Names at the S-TAP.

If you do not have the S-TAP Help Book you can access the same information via the Guardium Appliance Help System. To do this select the question mark icon (?) ( as per image below ) in the top right hand corner of the Appliance GUI.




and search for MS SQL Server Encryption and Kerberos in the resulting screen.

If after configuring the S-TAP as per the instructions in the S-TAP Help Book the database usernames are still being displayed in hexadecimal format follow these steps:

1. Amend the guard_tap.ini configuration file manually to include the following two parameters and values.

KRB_MSSQL_DRIVER_INSTALLED=2
KRB_MSSQL_DRIVER_NONBLOCKING=0


2. Re-start the Windows GUARDIUM_STAP service.

[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Not Applicable","Platform":[{"code":"PF033","label":"Windows"}],"Version":"7.0;8.0;8.2","Edition":"All Editions","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
16 June 2018

UID

swg21569711

Page Feedback