Cant get the Database Watcher to start collecting data from the Azure SQL DB

Question

Cant get the Database Watcher to start collecting data from the Azure SQL DB

Jurica Smirčić 0

We carefully configured a database watcher as per documentation. everything is setup (Key Vault with proper permissions, executed script to create login and grant permissions (script copy-pasted), created secrets in the vault).

But we don't get any data collection and portal dashboard shows 0 Databases.. Cant find any information about what is wrong (no logs, no diagnostics). Not sure how can we investigate the problem?

User's image

Sai Raghunadh M 4,300 Reputation points Microsoft External Staff Moderator

2025-06-04T00:25:21.0533333+00:00

Hi @ Jurica Smirčić

Unlike some services, the Database Watcher doesn’t start automatically. You’ll need to manually start it from the Overview page in the Azure portal.

If you're using SQL authentication, double-check that the watcher has access to the Key Vault and that your connectivity settings (private/public) are properly configured.

Make sure there aren’t any firewall rules blocking connections. If your database is in a private network, ensure that private endpoints are correctly set up.

While logs may not be immediately available, checking the status field in the watcher settings might provide some clues about what’s going on.

If the watcher is running but not showing any databases, verify that your datastore and targets are properly configured.

Sometimes, a simple restart can help refresh the connection and get data collection going.

Please go through this below thread that might help you:

https://learn.microsoft.com/en-us/answers/questions/2236930/database-watcher-not-able-to-connect-and-collect-d

Hope this helps. Do let us know if you any further queries.
Jurica Smirčić 0 Reputation points

2025-06-04T06:05:34.6166667+00:00
Hi Sai, thank you for your answer
I’ve gone through all the documentation and made sure that:

The Key Vault and secrets are set up correctly, with appropriate access policies.

SQL authentication is used and the login/roles have been created as per the docs.

The login exists on the master DB.

The database firewall and network access are configured as required.

However:

The watcher never discovers any databases.

I am now unable to stop, delete, or modify the watcher resource, nor can I delete the SQL target.

All delete or stop actions fail with a timeout after about 30 seconds.

There are no logs or error messages to help diagnose the problem.

It looks like the watcher resource is completely stuck and cannot be managed through the portal or CLI.

Thanks,
Jurica
Sai Raghunadh M 4,300 Reputation points Microsoft External Staff Moderator

2025-06-09T05:05:59.7333333+00:00

Hi @ Jurica Smirčić

Sorry to hear you're still having trouble with the Database Watcher. That sounds really frustrating! Since you can’t stop, delete, or modify the watcher or SQL target, here are a few simple things to try:

Check for Locks: Go to the Azure portal, find your watcher resource, and check the "Locks" section. If there’s a lock, remove it to allow changes.

Restart Watcher: Try stopping and restarting the watcher from the Overview page in the Azure portal (click Stop, then Start).

Recheck Permissions: Ensure the watcher’s managed identity has access to the Key Vault and SQL server. You might need to re-add it in the watcher settings.

Look at Logs: Check the watcher’s logs in the Azure portal for any error messages that might explain what’s going wrong.

1 answer

Your answer

Sai Raghunadh M 4,300 Reputation points Microsoft External Staff Moderator

2025-06-04T00:25:21.0533333+00:00

Hi @ Jurica Smirčić

Unlike some services, the Database Watcher doesn’t start automatically. You’ll need to manually start it from the Overview page in the Azure portal.

If you're using SQL authentication, double-check that the watcher has access to the Key Vault and that your connectivity settings (private/public) are properly configured.

Make sure there aren’t any firewall rules blocking connections. If your database is in a private network, ensure that private endpoints are correctly set up.

While logs may not be immediately available, checking the status field in the watcher settings might provide some clues about what’s going on.

If the watcher is running but not showing any databases, verify that your datastore and targets are properly configured.

Sometimes, a simple restart can help refresh the connection and get data collection going.

Please go through this below thread that might help you:

https://learn.microsoft.com/en-us/answers/questions/2236930/database-watcher-not-able-to-connect-and-collect-d

Hope this helps. Do let us know if you any further queries.
Jurica Smirčić 0 Reputation points

2025-06-04T06:05:34.6166667+00:00

Hi Sai, thank you for your answer
I’ve gone through all the documentation and made sure that:

The Key Vault and secrets are set up correctly, with appropriate access policies.

SQL authentication is used and the login/roles have been created as per the docs.

The login exists on the master DB.

The database firewall and network access are configured as required.

However:

The watcher never discovers any databases.

I am now unable to stop, delete, or modify the watcher resource, nor can I delete the SQL target.

All delete or stop actions fail with a timeout after about 30 seconds.

There are no logs or error messages to help diagnose the problem.

It looks like the watcher resource is completely stuck and cannot be managed through the portal or CLI.

Thanks,
Jurica
Sai Raghunadh M 4,300 Reputation points Microsoft External Staff Moderator

2025-06-09T05:05:59.7333333+00:00

Hi @ Jurica Smirčić

Sorry to hear you're still having trouble with the Database Watcher. That sounds really frustrating! Since you can’t stop, delete, or modify the watcher or SQL target, here are a few simple things to try:

Check for Locks: Go to the Azure portal, find your watcher resource, and check the "Locks" section. If there’s a lock, remove it to allow changes.

Restart Watcher: Try stopping and restarting the watcher from the Overview page in the Azure portal (click Stop, then Start).

Recheck Permissions: Ensure the watcher’s managed identity has access to the Key Vault and SQL server. You might need to re-add it in the watcher settings.

Look at Logs: Check the watcher’s logs in the Azure portal for any error messages that might explain what’s going wrong.

Answer 1

Hi @ Jurica Smirčić

The document link shows the exact permission required by Watcher. You have to ensure that the user (because it is SQL Auth here) has exactly those permissions. Not less not more. You can do this via SMSS or the script (can be downloaded through the add target blade).

To allow a watcher to collect SQL monitoring data, you must execute a T-SQL script that grants the watcher specific, limited SQL permissions. The user should not be assigned any additional permissions.


CREATE LOGIN [login-name-placeholder] WITH PASSWORD = 'password-placeholder';

ALTER SERVER ROLE ##MS_ServerPerformanceStateReader## ADD MEMBER [login-name-placeholder];

ALTER SERVER ROLE ##MS_DefinitionReader## ADD MEMBER [login-name-placeholder];

ALTER SERVER ROLE ##MS_DatabaseConnector## ADD MEMBER [login-name-placeholder];

Check for Resource Locks

Go to the Azure Portal >> Watcher Resource >> Locks tab.
Remove any ReadOnly or Delete locks if present.

Use Activity Logs and Support Diagnostics

Go to Azure Monitor → Activity Logs

Filter by the time you attempted to start/stop/delete the Watcher
Look for errors such as Conflict, Timeout

Please review the scenarios mentioned above. If the issue still persists, feel free to reach out with the requested details so we can assist you further.

PratikLad 1,585 Reputation points Microsoft External Staff Moderator

2025-06-12T14:38:15.4166667+00:00

Hi @ Jurica Smirčić We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet.

In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
PratikLad 1,585 Reputation points Microsoft External Staff Moderator

2025-06-13T13:55:13.4133333+00:00

Hi @ Jurica Smirčić We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet.

In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.

Share via

Cant get the Database Watcher to start collecting data from the Azure SQL DB

1 answer

Your answer