Can not change authentication to sa

Hi all

When Server build I use Windows authentication , but cause some policy , we need change to use sa,

I try to set odbc source but relay log show error message. what should I do?

My BigFix version is 10.0.4.32

relay log:

Thu, 14 Oct 2021 17:08:03 +0800 - DatabasePropagator (4700) - Database Error: [Microsoft][SQL Server Native Client 11.0][SQL Server]user ‘’ login failed。 (28000: 18,456)
Thu, 14 Oct 2021 17:08:03 +0800 - DatabasePropagator (4700) - Disconnecting from database; will reconnect in 10 seconds.

It look like BES not use sa account .

The ODBC wizard doesn’t save any credentials - the username/password you enter there for “SQL Authentication” are only used to test the ODBC connection and then are discarded.
There are registry values that BigFix uses to store the database username and password, usually configured during setup…BESAdmin Tool can set the password, but you may need to update the registry to include a SQL username manually.

I should be able to post a bit more detail shortly.

Configure the username as ‘sa’ by creating a REG_SZ value…

Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\BigFix\Enterprise Server\Database
Value Name: User
Type: REG_SZ
value: sa

If you’re also running Web Reports on the machine, there’s a second place to set the database username:

Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\BigFix\Enterprise Server\FillAggregateDB
Value Name: username
Type: REG_SZ
value: sa
Value Name: password
Type: REG_SZ
value: clear-text password for ‘sa’ account - will be encrypted when Web Reports starts up

Then, update the encrypted password using the BESAdmin.exe utility from the BES Server directory as described at https://help.hcltechsw.com/bigfix/9.5/platform/Platform/Installation/c_defining_db_password.html1

.\BESAdmin.exe /updatepassword /type=<server_db|dsa_db>
[/password=] /sitePvkLocation=<path+license.pvk>
[/sitePvkPassword=<pvk_password>]

All the parameters are optional except /updatepassword /type=server_db, you’ll be prompted for the PVK path, PVK password, and new Database password.

When done, run BESAdmin without any options to verify it connects to the database, and then restart the BigFix Server services (BESRootServer, FillDB, and GatherDB)

Restart the Web Reports service and verify the ‘password’ value under FillAggregateDB gets encrypted.
Hope this helps, let us know if you have any trouble with it.

2 Likes

Thank for your reply , I will test it.

I think will feed back good news soon.

1 Like

Thank you for the solution, it is feasible after testing, it also made me more aware of this product, thank you

1 Like