Environment

AppMon: 7.0 and lower.

For higher versions, see the Performance Warehouse configuration dialog.

Solution

Ways to set the authentication credentials

There are two ways:
  • Provide the Windows user credentials in the AppMon settings
  • Via single sign on (SSO) automatically with the credentials of the user account under that the AppMon server services run.

Enable Windows Authentication for SQL Server

The following debug flags need to be added to the AppMon server:

com.dynatrace.diagnostics.SQLSERVERUSENTLMV2 = true
com.dynatrace.diagnostics.SQLSERVERDOMAIN = <domain>

as described in this KB article: Setting AppMon Server Debug Flags

Replace <domain> with your Windows domain name, eg. yourdomain.local or the shorter NETBIOS representation.

 

Notes

Icon

The user credentials for accessing the SQL Server can be different from the ones the AppMon server service is running.
Please be aware that a change of the credentials (password) for accessing the SQL Server would need an update of the credential setting in the AppMon server.

According to the JDBC driver documentation, this should also work with a AppMon server running in a non-Windows environment.

As of AppMon 6.2 also the Frontend Server process establishes a connection to the performance warehouse, so for both mentioned variants the options need to be added to dtserver.ini and dtfrontendserver.ini, which is automatically done if the properties are added as described in the above linked KB article.

Credentials in Dynatrace

After a restart of the dynaTrace Server service it should be possible to set the Windows Authentication credentials in the Performance Warehouse dialog and successfully connect.

Credentials via Single Sign On (SSO)

Notes

Icon

This is only possible if the AppMon server is running on Windows and at least on 6.5.20, 7.0.2 or newer.

The user SID of the AppMon server service and the one that has access to the SQL Server database needs to be exactly the same. If the database and the AppMon server service are running on different machines, this can only be accomplished by using an Active Directory.

Beside the two above mentioned debug flags/properties, additionally the following one needs to be added to allow empty credentials in the Performance Warehouse settings dialog:

com.dynatrace.diagnostics.repository.skipEmptyPWHPasswordCheck = true

To enable SSO, the by the AppMon server used JDBC driver needs an additional binary, which is available for free as a separate download from the project page of jTDS. Therefore download the latest distribution package and extract the native Windows binary called ntlmauth.dll, which is located in the platform directory which matches your configuration (likely \x64\SSO, since AppMon is only supported on x64 Windows). According to the jTDS single sign on documentation (README.SSO), the library needs to placed in a location that is set in the PATH environment setting. Successful testing was performed with using %WINDIR% (normally C:\Windows).

After a restart of the AppMon server service, the Performance Warehouse connection can also be established with empty credentials, if the setup is correct (AppMon server services are running with the user that is configured as DBO on the SQL server instance running the Performance Warehouse database).

 

 

  1. Anonymous (login to see details)

    Really helpful How to, such issue (NTLM and forcing the domain) is not properly documented anywhere, besides this article!

  2. Anonymous (login to see details)

    Hey Carlos,
    a doc search for "sql server windows authentication" reveals two essential pages:

    Upgrade Server, Collectors, and Clients and

    Performance Warehouse Administration

    SSO is only described here though.

    Cheers
    G.

  3. Anonymous (login to see details)

    Hi Guenter, 

    Thanks so much for taking the time to review this one, my comment was aiming to this doc which was extremely useful yesterday on an auth issue we were having, by not properly documented I meant "hard to find over Internet/Google", found it right here....worked in 2 minutes =)

     

  4. Anonymous (login to see details)

    Hey Carlos,
    glad you found sth, no matter where, it worked and it was quick and painless. All very important! (wink)

    Cheers
    G.