Blocked by Management Reporter Security

(0) Share

Report

Posted on by Richard Wheeler

75,730

After a total server crash I was given a backup copy of client's Management Reporter database. I need to get this online to extract the building blocks. If I attempt to restore the database and then install MR server I am greeted with the message "You must be a Management Reporter administrator to use the Configuration Console". How do I get beyond this? Are there either security tables I can update or which tables contain the report definitions so I can import this information so I can export the building blocks.

*This post is locked for comments

All responses (13)

Answers (1)

Richard Wheeler 75,730 on at

Like (0)

Report

RE: Blocked by Management Reporter Security

Thank you everyone for your help on this. My client can sleep at night now. The KB article did the trick.
Verified answer

JoshP on at

Like (2)

Report

RE: Blocked by Management Reporter Security

Hello Richard,

To recover the data from environment, you will need to complete the steps in the following KB article:

3163587 After you make changes to your domain, you no longer have permission to access Management Reporter

support.microsoft.com/.../3163587

Thanks!
Mariano Gomez 26,225 on at

Like (0)

Report

RE: Blocked by Management Reporter Security

Ok,

I was thinking about a different option.

What if you create the MR database from scratch, then all you do is transfer (as in SSIS) out the reports from the backed up version of the database to the new MR database? I don't know how else to get around the security issue you are experiencing.
Richard Wheeler 75,730 on at

Like (0)

Report

RE: Blocked by Management Reporter Security

I now have this back to the point that when I launch MR Configure I get the message you must be a Management Reporter administrator to use the Configuration Console. I am logged in as a user in the SecurityUser table whose role type is 5. This domain user runs the MR services and is an admin on this server. How else do I tell MR that this user is an MR admin?
Richard Wheeler 75,730 on at

Like (0)

Report

RE: Blocked by Management Reporter Security

Yes, I agree "mirror" is misnomer here but it is late and I am getting no where. What happened here after the crash was that someone changed the account running the MR services from NT Authority to a domain user account. Ever since that time MR has been non-functional. Even if I change it back MR still does not function due to all the permission denied messages. So I wanted to try to bring the MR database to another server to see if I could bring it online so I could extract the building blocks. All my attempts have failed. Is there any way to get to those building blocks? Can I do a fresh install of MR and then import the tables with the report layouts? I can see all the data it is simply I cannot access them through MR.
Mariano Gomez 26,225 on at

Like (1)

Report

RE: Blocked by Management Reporter Security

"Mirrored" is a misnomer here, you can have the same domain name, machine name, and domain accounts "mirrored" elsewhere, but the security principal IDs are different. That's what MR is looking for: the same matching SID. IF you can match the SIDs then you are good. Users are stored in [SecurityUser] and [SecurityPrincipal] tables.
Richard Wheeler 75,730 on at

Like (0)

Report

RE: Blocked by Management Reporter Security

What I have is a mirror copy of the client's server. There are only two accounts. One being the domain admin and the other an account I use to run all services. When I installed MR I used the domain admin account. I named my domain the same as theirs so I do not know why I am being denied access. Is there a way to find out what users are in MR? I could match whatever users I find in there?
Mariano Gomez 26,225 on at

Like (0)

Report

RE: Blocked by Management Reporter Security

This means that you are currently logged in with an account that is not an MR admin on the server where the console is running -- stating the obvious. What happens if you reset the password for the MR admin account in Active Directory Users and Computers then try to log on as that account instead? You can also try right-click on Configuration Console and do a Run As and select the account you installed Configuration Console with.
Richard Wheeler 75,730 on at

Like (0)

Report

RE: Blocked by Management Reporter Security

No worries here. All this fun is happening in our data center miles away from production. I get a little closer each time. Now when I launch MR Configuration Console I get the message telling me I must be an MR admin to run the Configuration Console. When I installed MR I used the domain admin account and 'sa' . The services are running but the service logs are full of access denied messages.
Mariano Gomez 26,225 on at

Like (0)

Report

RE: Blocked by Management Reporter Security

Thought of something else...

Can you make sure that your server is allowing remote connections? You can do this by going to SQL Server Configuration Manager and make sure TCP/IP is enabled.

Blocked by Management Reporter Security

Helpful resources

Quick Links

December Spotlight Star - Muhammad Affan

Top 10 leaders for November!

Tips for Writing Effective Suggested Answers

Leaderboard

Featured topics

Product updates

Blocked by Management Reporter Security

Helpful resources

Quick Links

December Spotlight Star - Muhammad Affan

Top 10 leaders for November!

Tips for Writing Effective Suggested Answers

Subscribe to

Leaderboard

Featured topics

Product updates