You try to create the Symantec Endpoint Protection Manager (SEPM) database on your SQL server or run Management Server Configuration Wizard to reconfigure the database. You see the message, "Error 11501: Unable to create the database for Symantec Endpoint Protection Manager" or "Unable to connect to the database."
Error 11501: Unable to connect to the database. Make sure that you have entered the correct database parameters, and that the firewall is not blocking the connection, then try again. Please click here for more information.
The following error is written to the Microsoft SQL ERRORLOG:
2017-05-01 19:13:50.88 Logon Error: 17835, Severity: 20, State: 1.
2017-05-01 19:13:50.88 Logon Encryption is required to connect to this server but the client library does not support encryption; the connection has been closed. Please upgrade your client library. [CLIENT: 10.122.30.4]
There are four problems that can cause this error message to appear.
In the Management Server Configuration Wizard, you need to choose SQL Authentication instead of Windows Authentication
The TCP/IP protocol is disabled in Microsoft SQL Server itself
In this case, enable the TCP/IP protocol in Microsoft SQL Server. To enable TCP/IP, follow the instructions for your version of Microsoft SQL Server:
Network connectivity between the Symantec Endpoint Protection Manager and the Microsoft SQL Server is unavailable
Force Encryption is enabled on SQL (for SEP 12 only)
Forced encryption is not supported on SEP 12. The traffic between the SEPM and the SQL server is, by default, not encrypted. For this reason, we recommend co-locating the SEPM and SQL server on their own secure subnet. (Page 85 of the Implementation Guide for SEP 12.1.)
Once you enable the TCP/IP protocol, restart the SQL Server service
Note: As of SEP 14, the SEPM supports the communications with the SQL Server over a TLS-encrypted channel. Symantec provides a tool (SetSQLServerTLSEncryption.bat) to enable or disable TLS encryption between the management server and the Microsoft SQL Server. This tool is in the Tools folder of the SEPM directory structure. Force Encryption is supported in SEP 14 as long as the SEPM has TLS enabled (this is on by default). You can check by running C:\Program Files(x86)\Symantec\Symantec Endpoint Protection Manager\Tools\SetSQLServerTLSEncryption.bat at a command prompt.