This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 75%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPS%3C/text%3E%3C/svg%3E)
I'm currently monitoring several SQL server with SCOM 2019 and using Service SID low privileges. I now need to add SQL Replication monitoring on those SQL Servers that has replication on them. However the documentation says that it can't use Service SID for monitoring but it doesn't say how to combine monitoring with Service SID for SQL Server and then use Run As account for SQL Replication monitoring.
The credential that is used for the run as account is distributed securely so we choose what servers should get it.
If I use service SID for monitoring SQL Servers what impact does it have if I add a Run As Account in the default discovery/monitoring profile as described in the docs for SQL Replication low privileges monitoring? Will Service SID still monitor the SQL Server and the added runas Account will just be used when its needed?
Do I need to change the monitoring from Service SID to a domain account and Run As account for all the monitoring on the SQL Server where I use Replication?
Can I create a Run as profile that will just find the bits for Replication? The docs have this for ex SSAS but I haven't been able to find it for Replication.
Hi @Peter Samuelsson ,
this is a very interesting challenge, one I don't see often. Since the SQL Replication MP uses the same Run As profiles as the standard SQL MP, using those might not be a good idea.
And yes, you are right, the use of Service Security Identifier (SID) or Local System account as the Run As account is not supported in the management pack.
Now, because this is a grey teritory I would recommend seeking help from Kevin Holman by postging the question under his blog:
SQL MP Run As Accounts – NO LONGER REQUIRED
https://kevinholman.com/2016/08/25/sql-mp-run-as-accounts-no-longer-required/
I see that he generally replies, so you might just get an answer from him.
If I had the same challenge, I think I would configure a domain account, add it to the profiles and distribute it to all SQL Servers, which are participating in the replication. Also, add the required permissions on all monitred SQL Instances, so that the standard SQL monitoring can also succeed.
So on all SQL servers, which are doing replication, instead of the HS SID I would use a domain accont, thus being able to monitor both SQL and SQL replication.
I hope this helps you out.
----------
If my reply was helpful please don't forget to upvote and/or accept as answer, thank you!
Regards,
Stoyan
Thanks for the feedback!
I have posted the same question to Kevin Holman and I hope he will respond to my question.
I was hoping that I wouldn't have to go your suggested way, but I think that it might be the only solution. Though I hope Microsoft would have some solution to create a run as profile for replication that they have for SSAS and SSRS.