Movere only scans SQL Server if it has confirmed that a SQL engine is both present and running. This is determined by enumerating the services present on the targeted endpoint via the CIM. For example, if a SQL engine is present, but it is a passive instance, then Movere makes no attempt to connect. Movere also makes no attempt to connect to SQL Reporting, Analysis or Integration instances.
Once a running instance of a SQL engine has been confirmed, Movere will only connect via TCP. No attempt is made to bypass TCP (e.g. Movere does not use named pipes, which is one of the primary reasons why Movere does not usually connect to SQL Express instances as networking protocols, including TCP, are disabled by default in Express Edition). To connect to SQL Server, Movere will query the registry to identify the port number each running instance is listening on. Movere will only attempt to connect to SQL Server using the server’s name via the port number(s) identified (e.g. Movere will not attempt to connect using the devices IP address nor will it use random port numbers, nor will it assume every SQL instance is leveraging the default SQL port 1433). The only exception to this is a SQL Server cluster. If a SQL server cluster is identified from an active node, Movere will only attempt to connect to SQL Server using the cluster name, NOT the node name.
The connection to SQL Server is identical whether the device is scanned locally or remotely, and it is always done using the .NET native SQL client libraries.
The Movere Inventory and Actual Resource Consumption (ARC) bots require ‘db_datareader’ access to the SQL Servers ‘master’ database. The only exception to this is the SQL Servers ‘msdb’ database which stores Log Shipping configurations. If SQL log shipping is used and Movere cannot access the ‘msdb’ database, then these configurations will not be visible on the Movere website.
It is not uncommon for the user running Movere to have limited or no access to SQL Server. With local administrator rights, Movere can still access the Windows layer and will, at a minimum, retrieve the name and size of each database on the server in any state other than ‘OFFLINE’. If a database is not ‘OFFLINE’, then it can be in one of several states including online, restoring, recovering, suspect, or emergency. When Movere has no access to SQL Server and can only retrieve a list of databases from the Windows layer, instead of assuming each database is in an ‘ONLINE’ state, Movere reports the state as ‘UNCONFIRMED’.
How does Movere connect to Exchange and Skype?
Movere connects to on-prem Exchange and Skype via PowerShell embedded in .NET.
How does Movere cycle through Windows and SQL Server credentials?
Movere uses the credentials assigned to a domain in the order they are entered. Movere always starts with Windows credentials, and the Movere Console forces the user to enter at least one set of Windows credentials before any scanning can begin. If these credentials fail, Movere will attempt to connect using any other Windows credentials assigned to the targeted domain.
For SQL Server, Movere will cycle through all Windows credentials provided for the targeted domain first. If these fail, Movere will attempt all SQL Server credentials provided and, if these fail, Movere will make one last attempt to connect using the account that started the scan, which could be the credentials of the Movere user or the local system account.