Introduction
Data Governance Edition overview
Architecture
Data Governance Edition Services
Deployment overview
Available documentation
Data Governance Edition system requirements
Data Governance server
Database server
Data Governance agent
Resource Activity database server
Supported target systems
Data Governance Edition minimum permissions
Data Governance Edition required ports
Install One Identity Manager Data Governance Edition
Deploy Data Governance Edition components
Deployment pre-flight check
Data Governance service deployment methods
Deploying Data Governance service and creating Resource Activity database
Deploying multiple Data Governance services
Updating One Identity Manager to a Data Governance Edition deployment
Post installation configuration
Move Service Principal Name in Active Directory
Data Governance Edition components
One Identity Manager service (job server) - Data Governance connector flag
One Identity Manager - Synchronization projects
Assign employee to UNIX account
Assign employee to cloud account
One Identity Manager - Database configuration
Configuring Change Auditor to collect resource activity
One Identity Manager Application Server
One Identity Manager database encryption
Authentication using service accounts and managed domains
Working with managed hosts and agents
Deployment best practices
Agent leases
Agent deployment pre-flight check
Agent deployment methods
Adding and configuring managed hosts
Upgrade Data Governance Edition
Adding a local managed host (Windows computer)
Adding a Windows cluster / Windows computer as a remote managed host
Adding a generic managed host
Adding a Distributed File System (DFS) root managed host
Adding a SharePoint managed host
Adding NetApp CIFS device as a managed host
Adding EMC CIFS device as a managed host
Adding an NFS managed host
Adding a Cloud managed host
Managed host configuration options
Managed host settings dialog
Deployment management
NIS Host page
Credentials page
Cloud Provider page
Agents page
Managed paths page
Security Scanning page
Resource activity page
Editing managed host properties
Customizing default host settings
Before you upgrade
Upgrading One Identity Manager Data Governance Edition to version 8.0
Applying a hotfix to Data Governance Edition 8.0
Remove Data Governance Edition
Remove managed hosts (and associated agents)
Remove service account assignments
Delete service accounts
Uninstall Data Governance service
Uninstall Resource Activity database
Troubleshooting
Data Governance Edition logs
Job queue shows that database needs to be compiled
Receiving unauthorized access violations
Cannot save the service account
Cannot connect to a managed host
Agent not connecting to the Data Governance server
Data Governance agents cannot access NAS devices via SMB
Agent leases expiring
Cannot add security index roots to my EMC server
No activity data
No activity data available for SharePoint 2010 managed host
Resource activity is not displaying in the web portal for a business owner
Not receiving scheduled reports
Groups missing from the Group Memberships tree view
Appendix: NetApp managed host deployment
Permissions required to access NetApp filer
Data Governance agent deployment
FPolicy deployment
Managed host configuration options
Performance considerations
Compatibility with Change Auditor for NetApp
Appendix: EMC managed host deployment
Configuring CEE framework
Creating the cepp.conf file (Celerra or VNX devices)
Enabling system configuration auditing (Isilon devices)
Appendix: SharePoint managed host deployment
About us
Cannot add security index roots to my EMC server
Cannot add managed paths to my EMC server
Probable cause
When adding managed paths for an EMC server, you may receive the following error:
Resource: \\Server_Name\, Error Message: The network path was not found. NetAPI32 Error: 53.
This error means that Data Governance Edition could not resolve the EMC server or any of the shares of the server.
Resolution
Review and verify that the DNS settings are up-to-date, ensure you can ping the EMC server, ensure that the proper ports are open, etc.
Reboot the server having the problem and try again.
No activity data
When you run a Resource Activity, Account Activity, or Perceived Owner report, you may not immediately see an action in the report that you know you have performed.
Probable cause
- There is lag time between when an action occurs, such as a file read or write, and when the data is sent from the agent to the server. This delay is dependent upon the following:
- The aggregation setting on the Resource Activity page of the Managed Host Settings dialog
- The update schedule. By default, resource activity is synchronized into the One Identity Manager database, once a day, after the first initial synchronization. The initial synchronization happens a few minutes after resource activity collection is enabled. This update schedule is controlled by a Data Governance server configuration setting (PerceivedOwnershipCalcUpdateRefreshIntervalMinutes). See the One Identity Manager Data Governance Edition Technical Insight Guide for more information on this configuration file setting.
- Various internal processes.
- It is possible that you did not have resource activity collection enabled for that managed path during the time span covered in the report.
- If you have enabled resource activity collection, it is possible you have excluded some accounts, files or folders where the activity occurred.
- If Quest Change Auditor is installed and you are collecting resource activity directly from Change Auditor, Change Auditor may not be capturing the events you are expecting.
Resolution
- Verify the managed host type. Resource activity collection is only available for local managed Windows servers, SharePoint farms, and supported NetApp and EMC managed hosts.
- Use the Edit Host Settings task from the Managed hosts view to verify that the required paths are being managed:
- Open the Managed Paths page of the Managed Host Settings dialog. Are the required managed paths listed?
- Use the Edit Host Settings task from the Managed hosts view to verify that resource activity collection is enabled:
- Open the Resource Activity page of the Managed Host Settings dialog.
-
Is the Collect and aggregate events option selected?
- Are the required events selected?
-
- Open the Resource Activity page of the Managed Host Settings dialog.
-
Verify the accounts, files or folders that are being tracked
- Click the Resource Activity Exclusions button on the Resource Activity page of the Managed Host Settings dialog.
- Check each tab to see what objects are being excluded.
- Collaborate with the Change Auditor administrator to determine what data Change Auditor is collecting.
No activity data available for SharePoint 2010 managed host
Probable Cause
For SharePoint 2010 managed hosts, the DataGovernance.SPShim.exe process is required and may not be running on the SharePoint server.
Resolution
Check to ensure that the DataGovernance.SPShim.exe process is running on the SharePoint 2010 farm server. If it is not running, start the process or re-deploy the agent.
|
|
NOTE: This only applies to SharePoint 2010 because in SharePoint 2013, this is not a separate process. |
Resource activity is not displaying in the web portal for a business owner
Probable cause
Activity for owned data may not display in the web portal if:
- Resource activity collection has not been enabled on the selected managed host.
- Resource activity collection is not supported on the selected managed host (such as, remote managed Windows computers, Windows clusters, Generic or Cloud managed hosts).
- Resource activity collection is enabled, but the data is not included within a specified managed paths.
Resolution
To ensure resource activity is being collected:
- From the Managed hosts view, select the required managed host.
- Select Edit host settings from the Tasks view or right-click menu.
- On the Managed Host Settings dialog, open the Resource Activity page.
- Ensure Collect and aggregate events is selected.
- Also, ensure the appropriate events are selected.
- Click the Resource Activity Exclusion button and review each tab to see what objects are being excluded.
To check what managed paths are selected for activity collection:
- From the Managed hosts view, select the required managed host.
- Select Edit host settings from the Tasks view or right-click menu.
- On the Managed Host Settings dialog, open the Managed Paths page.
- Activity is only being collected for the paths listed on this page.
|
|
NOTE: For all managed host types, when placing a resource under governance, the resource must be a managed path or a folder or share under a managed path.
|
For more information about these pages on the Managed Host Settings dialog, see Managed paths page and Resource activity page.