( In reply to: DSA with SQL Authentication )
Hi Ravi,
Can you please post the configuration so that it will be helpfull for every one, i got stuck in that and i cant figure out the problem.
IBM BigFix with DSA architecture
The documentation on the subject IBM BigFix is at the moment a little bit confusing because you need to collect different documentation from diffferent articles and a great protion of patience before you get it up and running.The main reason why you should spend time on this subject is as described in the title: In case of a disaster where you really need a second IBM BigFix server up and running very quick…
In the IBM Knowledgecenter you will find information about DSA as follow:
IBM BigFix Platform>Configuration Guide>Additional configuration steps>Using multiple servers (DSA)
To get more excact information about DSA, I will recommend in addition the followin links:
On the background of these articles, I will recommend this MDAC-configuration for for a SQL-authentification:
DSN Sources with Windows authentication, (32/64-bit):
bes_bfenterprise
enterprise_setup
DSN-Sources with SQL-authentification, (32/64-bit)
bes_EnterpriseServer_tem_master
bes_EnterpriseServer_tem_dsa
LocalBESReportingServer
In accordance with the DSA requirements it tells that “You must choose an authentication mechanism (either NT Authenticated Domain Users/Groups or SQL Authentication). All servers need to use the same authentication mechanism.” But in my experience, you never know when the IBM BigFix-server needs a Windows authentication to get things done. For example does the BESAuditCleaner excpect to find a DSN with Windows authentification.
In addition to the MDC confgiuration, you will also need to do som registry changes. In addition to the recommended DSA changes, you must also do the following changes as recommended for the “Remote servers”, for SQL Authentication
FillDB Service
[HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\Enterprise Server\Database]
String Value: “DSN” = “bes_EnterpriseServer”
[HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\Enterprise Server\Database]
String Value: “User” = “”
[HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\Enterprise Server\Database]
String Value: “Password” = “”
FillDB Service.
HKLM\Software\Wow6432Node\BigFix\EnterpriseServer\FillDB:
ReplicationUser =
ReplicationPassword =
TEM GatherDB Service
[HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\Enterprise Server\Database]
String Value: “DSN” = “bes_EnterpriseServer”
[HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\Enterprise Server\Database]
String Value: “User” = “”
[HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\Enterprise Server\Database]
String Value: “Password” = “”
TEM Web Reports Server Service
[HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\Enterprise Server\FillAggregateDB]
String Value: “Username” = “”
[HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\Enterprise Server\FillAggregateDB]
String Value: “Password” = “”
May I ask others to confirm these experiences?
NB! When I use mixed authentication, Windows and SQL, I do that on Windows 2012 R2 servers. These servers must be trusted to each other before you can do anything… Check this Microsoft article about the subject: