Version Info:
- SonarQube Developer Edition v9.7.1
- Microsoft JDK 11.0.16.101
What am I trying to do?
- Setup of Azure SQL database authentication for virtual machine admin account running SonarQube, using Active Directory Integrated security
What have I tried so far to achieve this?
- I have setup a dedicated ‘sonar’ database in Azure SQL, with a ‘sonarqube’ user with
create
,update
, anddelete
permissions. This user has an Azure user-assigned managed identity that has also been granted the relevant role and permissions in Azure SQL. - I have attempted to setup the
db_owner
login and user for the Windows admin account that is running the instance of SonarQube on the virtual machine. I have given this a user-assigned managed identity in Azure, with the same name as the account on the virtual machine, and as thedb_owner
user/login name on SQL. This managed ID has been granted the necessary role and permissions on Azure SQL. All of these steps have been done based on the installation guide, where it mentions that the Windows Account running SonarQube needs to havedb_owner
permissions. - Following the installation guide, I have downloaded and added the
mssql-jdbc_auth-11.2.0.x64.dll
file to the Java path on the virtual machine. - I have looked into the SonarQube AAD plugin, but as far as I’m aware, this is for logging into SonarQube accounts, not for SQL integrated authentication
What is going wrong?
- After installing and starting the server, and running the
StartSonar.bat
script (after waiting sufficient time for the installation and startup to complete), the server encounters an error and stops. - The error from the logs is:
com.microsoft.sqlserver.jdbc.SQLServerException: Failed to authenticate the user in Active Directory (Authentication=ActiveDirectoryIntegrated).
I think I understand that the issue is related to linking the Windows account with Azure Active Directory, but I just don’t really know what I’m missing to enable this. Due to security policies in place, SQL authentication and Windows authentication on SQL Server are disabled, so Active Directory authentication is the only option I can pursue.
Any ideas of where to go next?
Thanks in advance!