There was an important change in Audit Collection Services that seems to have gone largely unnoticed in the SP1 release. More details as they come available. As a temporary aid, included are the details of the change and basic configuration details we received.

In SP1, Microsoft will now allow 2 ACS collectors to point to the same ACS database, but with only one active at a time. One acts as the primary collector, the other one acts as the failover/secondary collector, which can only be enabled when the primary one failed or is disabled.

Setup Instructions:

The following are the general steps to configure this setup. These steps assume the Primary Collector, Secondary Collector and the database, resides on 3 separate physical machines.

On the designated SQL server which will host the Audit database, create a SQL Login that will be used be the ACS Collectors to authenticate and access the Audit database.

1. Open SQL Server Management Studio

a. Expand Security and right click on Logins

b. Click on New Login (the Login-New dialog will be displayed)

c. Specify Login name

d. Select the SQL Authentication option and specify password

e. Select the default database to be OperationsManagerAC

f. (no additional permission/security setting is needed, because they will be automatically applied when this login is specified when running AdtSetup)

Note: Don’t use a login with SA privilege

2. Setup the first collector (i.e. the Primary Collector)

a. Under the screen: Database Authentication, choose the “SQL Authentication” option

b. Under the screen: Database Credential, specify the SQL login created in step 1

3. Once setup is completed successfully, shut down AdtServer (i.e. Operations Manager Audit Collection Service) on the Primary Collector

4. Setup the Secondary Collector

a. Under the screen: Database Installation Option, choose the “use an existing DB” option

b. Under the screen: Database, specify the DB created in step one.

c. Under the screen: Database Authentication, choose the “SQL Authentication” option

d. Under the screen: Database Credential, specify the SQL login created in step 1

5. Shut down the AdtServer service (Operations Manager Audit Collection Service) on the Secondary Collector and restart AdtServer on the Primary Collector

6. When enabling the Audit Forwarding on the agent, Override the Collector Server parameter and specify the Primary Collector FQDN, followed by the Secondary Collector FQDN, separating the 2 with a comma

To redirect audit traffic to the Secondary Collector (in the event that the Primary Collector is having problem), one must first ensure AdtServer is NOT running on the Primary Collector, then turn on AdtServer on the Secondary Collector. The Secondary Collector will go under heavy load initially, as it determines the state of the incoming forwarders and builds up its cache. It will eventually stabilize.

Once the problem on the Primary Collector is fixed, shut down AdtServer on the Secondary Collector and turn on AdtServer on the Primary Collector. The forwarders will automatically redirect themselves back to the Primary Collector.

The reason behind the use of SQL Authentication is that, when Windows Authentication option is used in ACS, the Collector machine account is assigned as the login and given privileges to the ACS DB. This would not work with 2 Collectors, since there are 2 machine accounts and currently ACS setup only knows how to deal with one.