[KBA-00993] How to Troubleshoot Database Connection Issues when Using Directory and Database Failover - Security Center 5.1

series
Security Center 5.1
revised_modified
2012-07-03

[KBA-00993] How to Troubleshoot Database Connection Issues when Using Directory and Database Failover

After setting up Directory and database failover in the Security Center 5.1 Directory Manager, the roles may not be able to connect to the databases on other servers.

Summary

The concept of Directory and database failover was added to Security Center as of version 5.1. Directory failover is sometimes referred to as "load balancing", since all Directory servers are in use by the system.

The databases used by the Directory servers need to be configured to allow connections from multiple servers. If the Directory roles are not able to connect to the databases, the database sharing settings within Security Center, SQL, and Windows need to be verified.

More Information

All of the steps below must be verified in order for the Directory servers to connect to the databases on other machines (primary and failover databases). Please verify all of the steps on any server that will be used in the failover configuration.

1. From the Windows services, check if the account used by the Genetec Server service is a domain user account that is part of the local Administrators group.

To open the Windows services, run the command services.msc from your Windows Start menu.

To change the account used by the Genetec Server service:

a) Right-click on the service and click on Properties

b) Click on the Log On tab

c) Make sure This account is selected, and enter the domain username and password

Note: If the system is not on a domain, make sure the username and password of the local user account being used by the service is the same on all servers.

2. Make sure the TCP port 1433 is open on any firewalls running.

3. Verify that remote connections are enabled for the SQL server using the SQL Management Studio:

a) Start the SQL Management Studio (full or express) on the server and log in to the database server using Windows authentication

b) Right-click on the database server in the tree on the left, and click on Properties

c) Click on the Connections page, and verify that the Allow remote connections to this server option is checked

4. Check that the Named Pipes and TCP/IP protocols are enabled with the SQL Configuration Manager:

a) On the server, run the SQL Server Configuration Manager, which should have been installed with the SQL Server software

b) Expand the SQL Server Network Configuration section, and click on the Protocols sub-section for your database server name

c) If either the Named Pipes or TCP/IP protocols are disabled, double-click on the protocol and change the status to Enabled

5. In the Windows Services, verify that the SQL Browser service is running and configured to start automatically when Windows starts:

a) Right-click on the SQL Browser service and click on Properties

b) Under the General section, change the Startup type to Automatic

c) Start the service from here by clicking on the Start button

6. If there have been any changes, you may need to restart the SQL Server service and the SQL Server Browser service. This will cause all roles to disconnect from their databases and stay offline until the database connection is re-established.

To restart a service, right-click on the service and select Restart.

7. Make sure the account used by the Genetec Server service has been added to the SQL Logins section and has access to the database:

a) Start the SQL Management Studio (full or express) and log in to the database server using Windows authentication

b) Expand the database server, then the Security section, and then the Logins section

c) If the account being used by the Genetec Server service is not in there, right-click on the Logins section and choose New Login...

d) For a new login, type in the name of the account, including the domain in the General page (for example: SUPPORT\GenetecService)

e) Go to the Server Roles page (for an existing account, right-click on the login account and go to the Properties first), and make sure the sysadmin role is checked

8. Run the Server Admin for the primary server and make sure the database server has the name of the server instead of the IP address, and is not using the (local) machine name in the path.

If the above steps do not resolve the issue, please contact the Genetec Technical Assistance Center (GTAC).