IBM Support

IV77704: INTERACTIVE LOGON PRIVILEGE REQUIRED WHEN DOMAIN ACCOUNT IS USED IN MSSQL DISCOVERY

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

Direct link to fix

7.2.2-TIV-ITADDM-FP0005

 

APAR status

  • Closed as program error.

Error description

  • The domain account used to discover MS SQL  Server
(in Windows Authentication mode) requires interactive logon
privilege.


In case of domain user to SQL server and gateway impersonation
is used and therefore interactive mode of login is used. As it
stated here:
https://msdn.microsoft.com/en-us/library/ff647404.aspx

Interactive logon. If you need to access remote resources,
request an interactive logon session. This results in a logon
session that has network credentials. The user account passed
to logon user must be granted the Log on locally user right.

TADDM needs to login to the target machine and then by
impersation access to Sql Server.
in log you could find this failure:
--------------------
com.ibm.cdb.discover.app.db.mssql.sensor.connection.SqlConnectio
nException:
Could not find working servicePoint/auth combination
after having.

Sqlserver authentication failed. Now trying Windows integrated
security mode.
!?! Currently logged in user information
!?! local account:MrTemp
!?! Trying login: DOMAIN\mssqlUser
!?! Got a domain user (pre-Windows 2000 format):
DOMAIN\mssqlUser
!?! Impersonating principal using domain: DOMAIN, user:
 mssqlUser
!?! LogonUser failed for user FM\svc-mssqltivmon with exception
1385
!!! TaddmTool Error: Login failed
--------------------------------------
where 1385 means  Logon failure: the user has not been granted
the requested logon type at this computer.

Local fix

  • Set interactive logon privilege

Problem summary

  • The domain account used to discover MS SQL  Server
(in Windows Authentication mode) requires interactive logon
privilege.


In case of domain user to SQL server and gateway impersonation
is used and therefore interactive mode of login is used. As it
stated here:
https://msdn.microsoft.com/en-us/library/ff647404.aspx

Interactive logon. If you need to access remote resources,
request an interactive logon session. This results in a logon
session that has network credentials. The user account passed
to logon user must be granted the Log on locally user right.

TADDM needs to login to the target machine and then by
impersation access to Sql Server.
in log you could find this failure:
--------------------
com.ibm.cdb.discover.app.db.mssql.sensor.connection.SqlConnectio
nException:
Could not find working servicePoint/auth combination
after having.

Sqlserver authentication failed. Now trying Windows integrated
security mode.
!?! Currently logged in user information
!?! local account:MrTemp
!?! Trying login: DOMAIN\mssqlUser
!?! Got a domain user (pre-Windows 2000 format):
DOMAIN\mssqlUser
!?! Impersonating principal using domain: DOMAIN, user:
mssqlUser
!?! LogonUser failed for user FM\svc-mssqltivmon with exception
1385
!!! TaddmTool Error: Login failed
--------------------------------------
where 1385 means  Logon failure: the user has not been granted
the requested logon type at this computer.

Problem conclusion

  • The fix for this APAR is contained in the following maintenance
packages:
| Fix Pack | 7.2.2-TIV-ITADDM-FP0005

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IV77704
    • 

  • Reported component name
    APP DEPENDENCY
    • 

  • Reported component ID
    5724N5500
    • 

  • Reported release
    722
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2015-10-06
    • 

  • Closed date
    2015-11-18
    • 

  • Last modified date
    2015-11-18
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    APP DEPENDENCY
    • 

  • Fixed component ID
    5724N5500
    • 



Applicable component levels


    

  • R722  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSPLFC","label":"Tivoli Application Dependency Discovery Manager"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"722","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
              

                                                                    

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            18 November 2015
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback