search cancel

Install fails during configuration in SIM with error in logs: Failed to open database connection

book

Article ID: 164131

calendar_today

Updated On:

Products

Symantec Products

Issue/Introduction

During installation of ITMS the install would fail as soon as the configuration process would start.   

The following message could be seen in the logs

Failed to open database connection. Retry will be performed.
Cannot open database "Symantec_CMDB" requested by the login. The login failed.
Login failed for user 'Domain\Username'.
   [System.Data.SqlClient.SqlException @ .Net SqlClient Data Provider]
   at System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, SqlCredential credential, Object providerInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString userConnectionOptions, SessionData reconnectSessionData, DbConnectionPool pool, String accessToken, Boolean applyTransientFaultHandling)
   at System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, DbConnectionPoolKey poolKey, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection, DbConnectionOptions userOptions)
   at System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnectionPool pool, DbConnection owningObject, DbConnectionOptions options, DbConnectionPoolKey poolKey, DbConnectionOptions userOptions)
   at System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection owningObject, DbConnectionOptions userOptions, DbConnectionInternal oldConnection)
   at System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection owningObject, DbConnectionOptions userOptions, DbConnectionInternal oldConnection)
   at System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, UInt32 waitForMultipleObjectsTimeout, Boolean allowCreate, Boolean onlyOneCheckConnection, DbConnectionOptions userOptions, DbConnectionInternal& connection)
   at System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal& connection)
   at System.Data.ProviderBase.DbConnectionFactory.TryGetConnection(DbConnection owningConnection, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal oldConnection, DbConnectionInternal& connection)
   at System.Data.ProviderBase.DbConnectionInternal.TryOpenConnectionInternal(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions)
   at System.Data.SqlClient.SqlConnection.TryOpenInner(TaskCompletionSource`1 retry)
   at System.Data.SqlClient.SqlConnection.TryOpen(TaskCompletionSource`1 retry)
   at System.Data.SqlClient.SqlConnection.Open()
   at Symantec.Installation.Helpers.DatabaseManager.OpenConnection(String serverName, String catalog, String loginUserName, SecureString loginPassword, Boolean useIntegratedSecurity, Int32 retries)

SQL Exception details: code=4060, line=65536

Exception logged from: 
   at Symantec.Installation.Logging.LogActivity.ReportException(Int32 severity, String strMessage, String category, Exception exception, String footer)
   at Symantec.Installation.Logging.LogActivity.ReportException(Int32 severity, String strMessage, Exception exception)
   at Symantec.Installation.Helpers.DatabaseManager.OpenConnection(String serverName, String catalog, String loginUserName, SecureString loginPassword, Boolean useIntegratedSecurity, Int32 retries)
   at Symantec.Installation.InstallClasses.SQLAuth.GetProductGuidsOfConfiguredItems(String databaseName)
   at Symantec.Installation.Managers.ProductListingManager.SetInstalledProducts()
   at Symantec.Installation.WizardSteps.Process.PerformInstallAndConfig.InstallManager_InstallSessionsCompleteEvent(Object sender, ProgressEventArgs e)
   at System.EventHandler`1.Invoke(Object sender, TEventArgs e)
   at Symantec.Installation.Context.WizardProcess.InstallManager._installSessions_InstallSessionsComplete(Object sender, EventArgs e)
   at Symantec.Installation.InstallSessionQueue.ExecuteNextTask()
   at System.EventHandler`1.Invoke(Object sender, TEventArgs e)
   at Symantec.Installation.ConfigureNS.BeginConfiguration()
   at Symantec.Installation.ConfigureNS.Configure()
   at Symantec.Installation.Context.WizardProcess.InstallManager.PerformConfig()
   at Symantec.Installation.PerformInstall.InstallProducts(ComponentCollection componentsToInstall, List`1 installedPackageList, NsConfigureParameters nsParams)
   at Symantec.Installation.Context.WizardProcess.InstallManager.PerformInstallAndConfig()
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
   at System.Threading.ThreadHelper.ThreadStart()

 

Schannel errors in the system logs showed the following error:

A fatal alert was generated and sent to the remote endpoing.  This may result in termination of the connection.   the TLS protocol defined fatal error code is 40.  The Windows SChannel error state is 1205.

Environment

Windows 2012 R2 the customers had also changed the schannel ciphers to the following:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128]
"Enabled"=dword:00000000

Cause

The customer had enabled several ciphers in the registry forSchannel.  The are listed below.   We removed all the ciphers and the installation completed with no issues.

 

Ciphers that caused the problem:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128]
"Enabled"=dword:00000000

Resolution

Removed the ciphers from the schannel and rebooted the machine.  After running SIM again to configure it completed with no errors.