Remedy - Server - Configuring AR System to run without the "Db-user" and "Db-password" parameters in the ar.cfg file

Version 3
    Share:|

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    PRODUCT:

    Remedy AR System Server


    COMPONENT:

    AR System


    APPLIES TO:

    Remedy AR System Server installation using the Windows Authentication mode.



    QUESTION:

    Due to security policies the Database User and Password used in the AR System installation cannot be present in the ar.cfg file.
    Can AR System run/work without having the Database User and Database Password parameters present in the ar.cfg file?
    Is there a way to use an alternative Database connection in order for this information not to be present in the configuration file?


    ANSWER:

    Please check the following procedure.
    Note, this procedure applies to Windows OS and MSSQL databases only.
    ARS can be installed using the Windows Authentication mode instead the SQL Authentication mode.

    The existing documentation provides the following information:

    .......................
    Windows Authentication mode and the Microsoft SQL Server
    Choose one of the following authentication modes when you install the BMC Remedy AR System server:

       
    • Windows authentication — For SQL Server environments that support only Windows authentication mode.

      When you use the Windows authentication mode with SQL Server note the following:

           
           
      • To install or upgrade the BMC Remedy AR System Server on the Windows Server, you should log on the Windows Server with the domain account used for Windows authentication mode.
      •    
      • The domain account used with Windows authentication mode should be a full administrator on the Windows Server and should have db_securityadmin and setupadmin roles in SQL Server. The domain account should be Database Owner (dbo) of the BMC Remedy AR System database.
      •    
      • When the install or upgrade completes, it is possible to deny certain policies to the domain account used with Windows authentication mode for security reasons. The DBA should ensure that denying policies should not result in the loss of functionality. For any upgrades later, all the policy restrictions should be removed and the domain account should be returned to full administrator until the upgrade completes. 
      •   
    •  
    • Windows authentication or SQL Server authentication — For SQL Server environments that support mixed authentication mode.
      

    To find the supported authentication mode for your SQL Server environment, connect to the SQL Server instance from Management Studio > Server Properties > Security.
    .......................

    Link: https://docs.bmc.com/docs/brid91/en/configuring-the-microsoft-sql-server-825210460.html

    Once ARS has completed the installation in the ar.cfg the parameters will be displayed, example:
    .......
    Db-user: {Domain_Name}\Administrator
    Db-Server-Port: 1433
    Db-Type: sqlserver
    Db-Host-Name: {DB_Hostname}
    SQL-Secure-Connection: T
    Db-password: I01lL3lRbza4eh1237OM3iVubVp+Zhu05XLuFsHwW8WQCtIUxTR1NFO5hhGitrKgdTA/0tVHr4uAbMrpkoZ9DTU070Up57UT5F8iuydzpSiK9H1Pq3JK2g==
    .......


    - We can remove the parameters Db-user and Db-password from the ar.cfg and save the file.
    - Also check in the Centralized Configuration form and remove them form the component com.bmc.arsys.server
    - Restart the AR System service.
    - The application will start and work as expected.

    Be aware that the permissions are taken at Service level, example:

              User-added image


    Note: If the OS user's password changes it will need to be update in the Service as well.





     

      
      

     


    Article Number:

    000169821


    Article Type:

    FAQ/Procedural



      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles