Using Windows Authentication for remote database access

Prerequisites

Before you begin, you must have access to the following:

• Remote Microsoft SQL Server server
• Computer on which to install WhatsUp Gold

  Note: The computer on which you are going to install WhatsUp Gold must be on the same domain as the Microsoft SQL Server server.

• Domain user account (called user1 in this example)

For details regarding minimum hardware and software requirements, see System Requirements.

Overview

To configure a WhatsUp Gold installation to use Windows Authentication for remote Microsoft SQL Server database access:

1. Add the domain user to the Local Administrator group on the machine that will host WhatsUp Gold.
2. Add the domain user to the Local Administrator group on the machine that is hosting Microsoft SQL Server.
3. Add the domain user (e.g. user1) to the Microsoft SQL Server database using the Login dialog.
4. Assign the same permissions that are assigned to the Microsoft SQL Server 'sa' user to the Domain User (user1) in the Microsoft SQL Server database.
5. Install WhatsUp Gold with a local Microsoft SQL Server 2005 Express Edition database.
6. Run the Database Configuration utility and configure the WhatsUp Gold database connection to connect to the remote database using WIndows Authentication.
7. Configure the ODBC driver to connect to the remote database using Windows Authentication.
8. Configure IIS to use the Domain User for the NMConsole application pool and change the anonymous access user account to the Domain User for the WhatsUp Gold web site.
9. Configure the Ipswitch Services Control Manager to use the Domain User to run the WhatsUp Gold processes.

Creating and adding the domain user to the WhatsUp Gold and Microsoft SQL Server host machines

To add the domain user to the Local Administrators group on the machine that will host WhatsUp Gold:

1. Log in to Windows as a local administrator on the machine that will host WhatsUp Gold.
2. Create the domain user, or otherwise determine which domain user (e.g. user1) you want WhatsUp Gold to connect to the remote Microsoft SQL Server database.

   Use the following steps to create a domain user:

   1. Open Microsoft Management Console by clicking the Start button , typing mmc into the Search box, and then pressing ENTER.‌ If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
   2. In the left pane of Microsoft Management Console, click Local Users and Groups.
   3. Click the Users folder.
   4. Click Action, and then click New User.
   5. Type the appropriate information in the dialog box, and then click Create.
   6. When you are finished creating user accounts, click Close.
3. Add the selected domain user (e.g. user1) to the Local Administrator group.
   1. In the left pane of Microsoft Management Console, click Local Users and Groups.
   2. Double-click the Groups folder.
   3. Right-click the Local Administrator group, and then click Add to Group.
   4. Click Add, and then type the name of the user account.
   5. Click Check Names, and then click OK.
4. Restart the computer (optional, but recommended).

To add the domain user to the Local Administrators group on the machine that is hosting the Microsoft SQL Server database:

1. Log in to Windows as a local administrator on the machine that is hosting the Microsoft SQL Server database.

   Note: The MSSQL server must be on the same domain as the WhatsUp Gold server.

2. Add the selected domain user (e.g. user1) to the Local Administrator group.
   1. In the left pane of Microsoft Management Console, click Local Users and Groups.
   2. Double-click the Groups folder.
   3. Right-click the Local Administrator group, and then click Add to Group.
   4. Click Add, and then type the name of the user account.
   5. Click Check Names, and then click OK.
3. Restart the computer (optional, but recommended).

Adding the domain user as a Microsoft SQL Server database user

To create a SQL Server login that uses Windows Authentication (SQL Server Management Studio)

1. Launch the SQL Server Management Studio.
2. Add the domain user:
   1. In SQL Server Management Studio, open Object Explorer and expand the folder of the server instance in which to create the new login.
   2. Right-click the Security folder, select New, and then click Login.
   3. On the General page, enter the domain user name (e.g. user1) in Login name.
   4. Select Windows Authentication.
   5. Click OK.
3. Provide the domain user (e.g. user1) with the same permissions as the Microsoft SQL Server system administrator (sa) user. The following is a guideline that provides the most common settings for the 'sa' user.
   • On the Server Roles page, select the sysadmin role.
   • On the User Mapping page - Select the db_owner role membership for each database. If you do not wish the domain user to have access to a specific database, do not provide db_owner (dbo) role membership for that database.
   • On the Status page in the Settings menu:
     • Select Grant for Permission to connect to database engine.
     • Select Enabled for Login.
4. Save your changes and exit SQL Server Management Studio.

Installing WhatsUp Gold and configuring the connection to the remote database

To configure WhatsUp Gold and connect to the remote database:

1. Log in to the machine that you using the domain user (e.g. user1) on the WhatsUp Gold server.
2. Install WhatsUp Gold. Use all of the default settings, allowing the Microsoft SQL Server 2005 Express Edition database to install locally.

   Note: Because of service dependencies, you must allow the local database to install and run. It is possible remove this dependency later.

3. After the WhatsUp Gold installation completes, run RemoteDBConfig.exe, using Windows authentication, and point it at the remote database server. (Start > Programs > Ipswitch WhatsUp Gold v15 > Utilities > Database Configuration Utility)
   1. Locate the RemoteDBConfig.exe file in the default location: C:\Program Files (x86)\Ipswitch\WhatsUp, or in the custom location where you installed WhatsUp Gold.
   2. Double-click the RemoteDBConfig.exe file. The Database Connection dialog appears.
   3. Check to make sure the Server Name is correct for the location of your local SQL server for WhatsUp Gold.
   4. Browse for the remote SQL server you want to use.
   5. In the Authentication section, select Windows Authentication.

   Note: You must be logged in as the domain user (e.g. user1).

   1. Click Connect.
   2. Click Continue to update the databases.
   3. Click Finish to exit.

   Note: If you see BCP errors, delete the WhatsUp and NetFlow databases on the remote SQL server and try running RemoteDBConfig.exe again.

Set up the ODBC connection on the machine hosting WhatsUp Gold

1. Set up the ODBC connection to use Windows Authentication and the remote SQL database server.
   1. On 32-bit systems, click Start > Settings > Control Panel, then double-click the 32bit ODBC icon.
      - or -
      On 64-bit systems, locate the C:\Windows\SysWOW64 folder, and double-click the ODBCAD32.exe icon.
   2. Select the System DSN tab.
   3. Select NetFlow.
   4. Click Configure.
   5. Select the remote SQL server from the Server list.
   6. Click Next.
   7. Select With Windows NT authentication using the network login ID.
   8. Continue clicking Next, accepting the current settings. Save the changes and exit.
   9. Repeat steps b through g for all other sources.

Configure WhatsUp Gold to use Windows Authentication

1. Run NmConfig.exe to configure WhatsUp Gold to use Windows authentication:
   1. Click Start > Programs > Ipswitch WhatsUp Gold v15.0 > Utilities > Database Configuration Utility.
   2. Select Use Windows Authentication.
   3. Click Connect.
   4. Ensure Restart the WhatsUp services after the update is selected.
   5. Click Save.

Configure IIS on the machine hosting WhatsUp Gold

For operating systems that use IIS6, you must add the domain user account to the IIS_WPG group and change the identity for the NmConsole application pool to the domain user, and configure the account used for anonymous authentication to the domain user (e.g. user1). For operating systems using IIS7, you only need to change the identity for the NmConsole application pool, and configure the account used for anonymous authentication. The following procedures provide information on performing these tasks.

To add the domain user account (e.g. user1) to the IIS_WPG group on IIS6

1. On the desktop, right-click My Computer, and then click Manage.
2. In the Computer Management screen, under System Tools, expand Local Users and Groups, and then click Groups.
3. Right-click the IIS_WPG group, and then click Add to Group.
4. In the IIS_WPG Properties dialog box, click Add.
5. In the Select User, Computers, or Groups dialog box, in the Enter the object names to select box, type the account name on which you want your worker process to run (e.g. <Web domain>\user1), and then click OK.
6. In the IIS_WPG Properties dialog box, click OK.
7. Close the Computer Management screen.

To change the identity for the NmConsole application pool on IIS6

1. To change the account under which an application pool runs using IIS Manager
2. In IIS Manager, expand the local computer, expand Application Pools, right-click the NmConsole application pool, and then click Properties.
3. Click the Identity tab, and click Configurable. Configurable refers to registered user names.
4. In the User name and Password boxes, type the user name and password of the domain account (e.g. user1).
5. Click OK.

To change the identity for the NmConsole application pool on IIS7

1. Open IIS Manager. (Control Panel > System and Security > Administrative Tools > Internet Information Services (IIS) Manager)
2. In the Connections pane, expand the server node and click Application Pools. The Application Pools list populates.
3. On the Application Pools page, select the NmConsole application pool, and then click Advanced Settings in the Actions pane. The Advanced Settings dialog appears.
4. Select the Identity property under the Process Model heading, and then click the ... browse button. The Application Pool Identity dialog appears.
5. Select Custom account and click Set. The Set Credentials dialog appears.
6. Type the domain account name in the User name box (e.g. user1)
7. Type and confirm the password for the domain account (e.g. user1) in the Password text box
8. Click OK. The Set Credentials dialog closes.
9. Click OK. The Application Pool Identity dialog closes.
10. Click OK. The Advanced Settings dialog closes.
11. Exit the IIS Manager application.

To configure the account used for Anonymous authentication on IIS 6.0:

1. In IIS Manager, expand the local computer, right-click the WhatsUpGold website, and then click Properties. THe WhatsUpGold Properties dialog appears.
2. Click the Directory Security tab.
3. In the Authentication and access control section, click Edit. The Authentication Methods dialog appears.
4. Select the Enable anonymous access check box.
5. Type the valid Windows user account you want to use for Anonymous access, or click Browse to locate it.
6. Click OK. The Authentication Methods dialog closes.
7. Click OK. THe WhatsUpGold Properties dialog closes.
8. Exit the IIS Manager application.

To configure the account used for Anonymous authentication on IIS 7.0:

1. Open IIS Manager (Control Panel > System and Security > Administrative Tools > Internet Information Services (IIS) Manager).
2. Click the Features View tab, double-click Authentication. The Authentication page appears.
3. On the Authentication page, select Anonymous Authentication.
4. In the Actions pane, click Edit. The Edit Anonymous Authentication Credentials dialog appears.
5. Select Specific user, then click Set. The Set Credentials dialog appears.
6. Type a user name and password for the identity.
7. Click OK. The Set Credentials dialog closes.

   Important: If you use the Network Service account, you grant anonymous users all the internal network access associated with that account.

8. Click OK to close the Edit Anonymous Authentication Credentials dialog box.
9. Exit the IIS Manager application.

Configure the Ipswitch Service Control Manager service to run under the domain user

To configure services on the WhatsUp Gold server:

1. Log in to the WhatsUp Gold server as user1.
2. Click Start and type services.msc. Press Enter. The Services dialog appears.
3. Locate Ipswitch Service Control Manager in the Name column and right-click it.
4. Select Properties from the list. The Properties dialog for the service appears.
5. Click the Log On tab.
6. Select This account.
7. Type or browse for user1. Enter and confirm the password for the user1 account.
8. Click OK.

See Also Installing and Configuring Ipswitch WhatsUp Gold v15 using WhatsUp Setup System Requirements Installing WhatsUp Gold using WhatsUp Setup Activating WhatsUp Gold for new or upgraded licenses Upgrading WhatsUp Gold Repairing WhatsUp Gold Uninstalling WhatsUp Gold About device count limits About the Task Tray and Desktop Actions applications Installing IIS on Windows Server 2003 Finding more information Copyright notice