지금 지원 담당자와 채팅
지원 담당자와 채팅

Identity Manager Data Governance Edition 8.1.1 - Deployment Guide

Introduction Data Governance Edition system requirements Install One Identity Manager Data Governance Edition Deploy Data Governance Edition components Post installation configuration Authentication using service accounts and managed domains Working with managed hosts and agents Upgrade Data Governance Edition Remove Data Governance Edition Troubleshooting Appendix: NetApp managed host deployment Appendix: EMC managed host deployment Appendix: SharePoint managed host deployment

Agent leases expiring

Probable cause
  • The computer on which the agent is running has rebooted.
  • The agent service on the hosting computer has been stopped or disabled.
  • The Data Governance service has been restarted.
Resolution
  • Ensure the One Identity Manager Data Governance Edition Agent service is running on the hosting computer.
  • Under normal conditions, agent lease expired messages should resolve themselves; however, it may take the duration of the lease renewal to renew. By default, the lease renewal interval is set to five minutes.

Cannot add security index roots to my EMC server

Probable cause

When adding managed paths for an EMC server, you may receive the following error:
Resource: \\Server_Name\, Error Message: The network path was not found. NetAPI32 Error: 53.

This error means that Data Governance Edition could not resolve the EMC server or any of the shares of the server.

Resolution

Review and verify that the DNS settings are up-to-date, ensure you can ping the EMC server, ensure that the proper ports are open, etc.

Reboot the server having the problem and try again.

No activity data

When you run a Resource Activity, Account Activity, or Perceived Owner report, you may not immediately see an action in the report that you know you have performed.

Probable cause
  • There is lag time between when an action occurs, such as a file read or write, and when the data is sent from the agent to the server. This delay is dependent upon the following:
    • The aggregation setting on the Resource Activity page of the Managed Host Settings dialog
    • The update schedule. By default, resource activity is synchronized into the One Identity Manager database, once a day, after the first initial synchronization. The initial synchronization happens a few minutes after resource activity collection is enabled. This update schedule is controlled by a Data Governance server configuration setting (PerceivedOwnershipCalcUpdateRefreshIntervalMinutes). See the One Identity Manager Data Governance Edition Technical Insight Guide for more information on this configuration file setting.
    • Various internal processes.
  • It is possible that you did not have resource activity collection enabled for that managed path during the time span covered in the report.
  • If you have enabled resource activity collection, it is possible you have excluded some accounts, files or folders where the activity occurred.
  • If Quest Change Auditor is installed and you are collecting resource activity directly from Change Auditor, Change Auditor may not be capturing the events you are expecting.
Resolution
  • Verify the managed host type. Resource activity collection is only available for local managed Windows servers, SharePoint farms, and supported NetApp and EMC managed hosts.
  • Use the Edit Host Settings task from the Managed hosts view to verify that the required paths are being managed:
    • Open the Managed Paths page of the Managed Host Settings dialog. Are the required managed paths listed?
  • Use the Edit Host Settings task from the Managed hosts view to verify that resource activity collection is enabled:
    • Open the Resource Activity page of the Managed Host Settings dialog.
      • Is the Collect and aggregate events option selected?

      • Are the required events selected?
  • Verify the accounts, files or folders that are being tracked

    • Click the Resource Activity Exclusions button on the Resource Activity page of the Managed Host Settings dialog.
    • Check each tab to see what objects are being excluded.
  • Collaborate with the Change Auditor administrator to determine what data Change Auditor is collecting.

No activity data available for SharePoint 2010 managed host

Probable Cause

For SharePoint 2010 managed hosts, the DataGovernance.SharePointShim.exe process is required and may not be running on the SharePoint server.

NOTE: For multi-agent SharePoint 2010 managed hosts, you will see multiple Shim instances; one for each agent service.
Resolution

Check to ensure that the DataGovernance.SharePointShim.exe process is running on the SharePoint 2010 farm server. If it is not running, start the process or restart the agent.

To start the Shim process

NOTE: Since multiple Shim instances are displayed for multi-agent SharePoint managed hosts, you must provide the PID of the corresponding Data Governance SharePoint agent as an argument when starting up the Shim process for an agent service.
  1. In Task Manager | Services tab, locate the PID assigned to the agent service that does not have activity available.
  2. At the command prompt, enter the following PowerShell command to start the Shim instance:

    C:\Program Files\One Identity\One Identity Manager Data Governance Edition\Agent Services\DataGovernance.SharePointShim.exe <PID>

NOTE: This only applies to SharePoint 2010 because in SharePoint 2013, this is not a separate process.
관련 문서