Home

AIP UL Scanner database schema issue (DB pre-created)

%3CLINGO-SUB%20id%3D%22lingo-sub-1039023%22%20slang%3D%22en-US%22%3EAIP%20UL%20Scanner%20database%20schema%20issue%20(DB%20pre-created)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1039023%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20everyone%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETrying%20to%20install%20and%20configure%20the%20AIP%20UL%20Scanner%20in%20preview%20for%20a%20client.%20However%2C%20because%20of%20internal%20security%20policies%2C%20it%20was%20not%20possible%20to%20let%20the%20Install-AIPScanner%20cmdlet%20create%20the%20SQL%20database%20itself.%20We%20had%20to%20ask%20the%20DBA%20to%20create%20the%20AIP%20Scanner%20DB%20prior%20to%20the%20Scanner%20installation.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20followed%20the%20instructions%20found%20here%3A%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Finformation-protection%2Fdeploy-aip-scanner%23restriction-you-cannot-be-granted-sysadmin-or-databases-must-be-created-and-configured-manually%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Finformation-protection%2Fdeploy-aip-scanner%23restriction-you-cannot-be-granted-sysadmin-or-databases-must-be-created-and-configured-manually%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThen%20I%20followed%20the%20standard%20AIP%20Scanner%20installation%20and%20configurations%20steps.%20Service%20was%20installed%20(with%20a%20SQL%20error%20that%20was%20expected%20since%20it%20is%20documented)%2C%20we%20also%20completed%20the%20Azure%20App%20Registration%20configuration%20and%20ran%20the%20Set-AIPAuthentication%20cmdlet%20with%20success.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAfter%20starting%20the%20AIP%20scanner%20service%2C%20I%20was%20expecting%20the%20Scanner%20to%20show%20up%20in%20the%20Azure%20AIP%20Scanner%20Nodes%20list.%20It%20did%20not.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20then%20ran%26nbsp%3BStart-AIPScan%20locally%20hoping%20that%20the%20service%20would%20report%20itseft%20to%20Azure%20but%20received%20the%20following%20error%3A%3C%2FP%3E%3CP%3E%3CSTRONG%3E%26gt%3B%26gt%3B%20TerminatingError(Start-AIPScan)%3A%20%22Invalid%20database%20schema.%20Run%20the%20Update-AIPScanner%20cmdlet%20to%20upgrade%20your%20database.%22%3C%2FSTRONG%3E%3CBR%20%2F%3E%3CSTRONG%3EStart-AIPScan%20%3A%20Invalid%20database%20schema.%20Run%20the%20Update-AIPScanner%20cmdlet%20to%20upgrade%20your%20database.%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20was%20a%20surprise%20to%20me%20but%20since%20this%20approach%20(pre-creating%20the%20SQL%20DB)%20is%20not%20so%20well%20documented%20(especially%20for%20the%20UL%20client%20in%20preview)%2C%20I%20thought%20I%20should%20try%20to%20run%20the%20Update-AIPScanner%20cmdlet%20and%20see%20how%20it%20goes%20from%20there.%20The%20result%20was%20not%20better.%20Here's%20the%20error%20I%20got%3A%3C%2FP%3E%3CP%3E%3CSTRONG%3E%26gt%3B%26gt%3B%20TerminatingError(Update-AIPScanner)%3A%20%22An%20error%20occurred%20during%20deployment%20plan%20generation.%20Deployment%20cannot%20continue.%22%3C%2FSTRONG%3E%3CBR%20%2F%3E%3CSTRONG%3EUpdate-AIPScanner%20%3A%20An%20error%20occurred%20during%20deployment%20plan%20generation.%20Deployment%20cannot%20continue.%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20did%20search%20the%20web%20for%20these%20errors%20and%20cannot%20find%20anything%20at%20all.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWould%20anybody%20have%20an%20idea%20of%20what%20I'm%20doing%20wrong%3F%20Anybody%20that%20pre-created%20the%20SQL%20DB%20before%20running%20the%20AIPScanner%20UL%20client%20installation%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1039023%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAIPScanner%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EInformation%20Protection%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EUnified%20Labeling%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Chuck99
Occasional Contributor

Hello everyone,

 

Trying to install and configure the AIP UL Scanner in preview for a client. However, because of internal security policies, it was not possible to let the Install-AIPScanner cmdlet create the SQL database itself. We had to ask the DBA to create the AIP Scanner DB prior to the Scanner installation.

 

We followed the instructions found here:

https://docs.microsoft.com/en-us/azure/information-protection/deploy-aip-scanner#restriction-you-can...

 

Then I followed the standard AIP Scanner installation and configurations steps. Service was installed (with a SQL error that was expected since it is documented), we also completed the Azure App Registration configuration and ran the Set-AIPAuthentication cmdlet with success.

 

After starting the AIP scanner service, I was expecting the Scanner to show up in the Azure AIP Scanner Nodes list. It did not. 

 

I then ran Start-AIPScan locally hoping that the service would report itseft to Azure but received the following error:

>> TerminatingError(Start-AIPScan): "Invalid database schema. Run the Update-AIPScanner cmdlet to upgrade your database."
Start-AIPScan : Invalid database schema. Run the Update-AIPScanner cmdlet to upgrade your database.

 

This was a surprise to me but since this approach (pre-creating the SQL DB) is not so well documented (especially for the UL client in preview), I thought I should try to run the Update-AIPScanner cmdlet and see how it goes from there. The result was not better. Here's the error I got:

>> TerminatingError(Update-AIPScanner): "An error occurred during deployment plan generation. Deployment cannot continue."
Update-AIPScanner : An error occurred during deployment plan generation. Deployment cannot continue.

 

I did search the web for these errors and cannot find anything at all.

 

Would anybody have an idea of what I'm doing wrong? Anybody that pre-created the SQL DB before running the AIPScanner UL client installation?

 

Thanks.