MSSQL Health Checks Supported Authentication Models

Question

Hi All&nbsp;
&nbsp;My apologies if this not the correct forum to post this question. but since my question is releated to MS SQL i thought this might be a good spot. &nbsp;
&nbsp;I have been asked to load balance a pair of SQL servers behing an LTM  running 10.2.0 which is working quite well. Our DBA has provided me with a SQL query to use as the basis of a custom MSSQL health Monitor he would like me to apply to the Pool members to verify that database is available. we only use intergrated authentication for access to the sql database not native SQL auth. Can the health monitor be configured to use and AD credential and password when it queries the database? when i apply this health monitor it fails and we can see in the sql logs that the authentcation failed, with a AD domain account.&nbsp;
&nbsp;Regards
&nbsp;Andrew&nbsp;

hooleylist · Answer

Hi Andrew, 
&nbsp;  
&nbsp; I did some quick searching and can't find any reference to the authentication methods that the DB_monitor supports (which is what the mssql monitor is aliased to).  If you define a SQL server account (not Windows AD), does the monitor work?  If you enable debug when it fails, do you see anything interesting in /var/log/DBDaemon.log? 
&nbsp;  
&nbsp; Aaron

tobin_dax_93013 · Answer

Hi &nbsp;
&nbsp;sorry for the late reply, in order to test that we had to setup an instance which used sql authentication only  and that seemed to work quite well, I think the issue that either MSSQL health monitor can't provide an Active Directory Cred as a username or I have the syntax wrong. I don't know if this helps at all, i get the impression that load balancing MS SQL isn't very common.&nbsp;
&nbsp;thanks again.

hooleylist · Answer

Hi Andrew, 
&nbsp;  
&nbsp; Thanks for confirming.  I suggest opening a case with F5 Support to see if there is a method for doing AD auth.   
&nbsp;  
&nbsp; If there isn't support for AD auth with the MSSQL monitor, you could enable SQL auth on the servers (of course, this might not be an option for your environment).  Or you might be able to use an external monitor that calls a Linux utility that supports AD auth (not sure what this might be though).  Another option might be to check the MSSQL service(s) following Jason's recent article: 
&nbsp;  
&nbsp; Monitoring Windows Terminal Services from BIG-IP 
&nbsp; http://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/1086419/Monitoring-Windows-Terminal-Services-from-BIG-IP.aspx 
&nbsp;  
&nbsp; Aaron

Forum Discussion

MSSQL Health Checks Supported Authentication Models

3 Replies

Recent Discussions

google autenticator broken barcode

Error while running ansible

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Related Content

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

Native SNI support for Health Monitoring

Support and Help for DevCentral and Offline Contact

Securing Applications using mTLS Supported by F5 Distributed Cloud

Doing mTLS Authentication per URL