Appendix - Verify the AnyCAGateway DCOM Database

The create command issued from the Database Management Console tool creates the Keyfactor AnyCA Gateway DCOM database in SQL with appropriate permissions. If you would like to validate in SQL that the database was correctly created and populated appropriately with tables and that the correct permissions have been assigned, on the SQL server open the SQL Server Management Studio and follow the steps below.

This is also a helpful step to check the permissions for the account used to login if you receive a login error message like:

Login failed for user 'domain\machine$'. Could not find a login matching the name provided.

To verify the database:

  1. In the SQL Server Management Studio, drill down under Databases and confirm that the database name you referenced when you executed the database creation command (see Create the Database) has been created.
  2. Drill down under the database to locate Tables. Under Tables you should find four gateway tables have been created: dbo.CertificateAuthorities, dbo.Certificates, dbo.ConfigurationSettings, and dbo.RequestAttributes.

  3. The computer machine account on which the AnyCAGateway DCOM is installed will be created, if it doesn't exist, in SQL. Since it must have permission to access the database, the create or populate command grants db_owner permissions automatically. You can confirm this as follows:

    1. In the SQL Server Management Studio navigate to the login for the machine account of the AnyCAGateway DCOM machine.

    2. Open the properties for the AnyCAGateway DCOM machine account login.

      Note:  If you have opted to create the database using the optional parameters to specify a SQL user or Active Directory service account when creating the database, you will need to check the properties of that SQL user or Active Directory service account instead. The SQL user or Active Directory service account must be manually created in SQL before the database creation step is run in order for permissions to be granted correctly.

    3. In the login properties, go to User Mapping.

    4. Select the database you created for the AnyCAGateway DCOM.

    5. In the top section, check that the Map box for the database is checked and that the correct computer account for the gateway server (or user account if you've opted to run the gateway service as an Active Directory service account) is mapped.

    6. In the bottom section, check that the db_owner box is checked.

      Figure 595: SQL Permissions for the Gateway Database Running the Gateway Service as NETWORK SERVICE