When upgrading a SEPM embedded database to 14.3 RU1 or newer there is an error "The specified password does not meet strong password requirements"
search cancel

When upgrading a SEPM embedded database to 14.3 RU1 or newer there is an error "The specified password does not meet strong password requirements"

book

Article ID: 205656

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

When upgrading a SEPM embedded database to 14.3 RU1 or newer there is an error "The specified password does not meet strong password requirements"

There is no prompt that allows you to change the password or correct the error. 

Environment

Release : 14.3 RU1 14.3.3384.1000 or newer

Cause

Symantec Endpoint Protection Manager with embedded database 14.3 RU1 and newer now uses SQL Express.
During installation SQL express will utilize the policy for Windows password requirements.
If these requirements are more complex then the default installation script uses, then this error will occur. 

Resolution

Note: For new installs make sure the password configured for the SEPM Admin account meets applied Windows Password Policy GPOs

Option 1: Temporarily disable password requirements through the local Security policy, then re-run the install. See details and Microsoft's documentation here: https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/password-policy

  1. Open gpedit.msc
  2. Navigate to Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy
  3. Lower "Minimum Password Length" to at least 8
  4. Re-run the upgrade. 
    1. This can be done by running "Upgrade.bat" file as an admin. This is located in %sepm install location%\Symantec Endpoint Protection Manager\bin
    2. or re-running the setup.exe

 

Option 2: Follow Disaster Recovery process to reinstall and bypass the install script and allow for a custom password. 

Uninstall the SEPM completely, and reinstall with a blank database.

    1. Open Control Panel > Programs and Features
    2. Select Symantec Endpoint Protection Manager
    3. Select Change
    4. Choose Next > Remove
    5. Check "Remove the database during uninstall".
    6. Leave "Remove the database backup files during uninstall" unchecked
    7. Select Next > Remove

Once the uninstall is completed, start the install of the SEPM. 

    1. In the Symantec Endpoint Protection Installation Program dialog box, click Install Symantec Endpoint Protection, and then click Install Symantec Endpoint Protection Manager.
    2. Review the sequence of installation events, and then click Next to begin.
    3. In the License Agreement panel, click I accept the terms in the license agreement, and then click Next.
    4. In the Destination Folder panel, accept the default destination folder or specify another destination folder, and then click Next.
    5. Click Install.
    6. The installation process begins for the Symantec Endpoint Protection Manager management server and console. When the installation is complete, click Next.
    7. After the initial installation completes, you configure the server and database. Click Next.
    8. The Management Server Configuration Wizard starts. Note: You can also start the Management Server Configuration Wizard at any time after installation from Start > All Programs > Symantec Endpoint Protection Manager
    9. Select Installing Symantec Endpoint Protection Manager With the Default configuration for new installation selected, click Next.
    10. The default configuration automatically installs the default database, Microsoft SQL Server Express
    11. Enter company name, a password for the default administrator admin, and an email address. Alternately, you can add details to use a specified mail server.
    12. Optionally click Send Test Email. Symantec Endpoint Protection Manager sends password recovery information and other important notifications to this email account, so you should not proceed with configuration if you do not receive the email.
    13. Once you verify that you receive the test email, click Next.
    14. LiveUpdate runs automatically as part of a new installation.
    15. You can also add the optional Partner Information, if a partner manages your Symantec licenses, and then click Next.
    16. Indicate whether you want Symantec to receive pseudonymous data, and then click Next to begin the database creation.
    17. The database creation can take several minutes.
    18. When the database creation completes, Uncheck "Start Endpoint Protection Manager" and click Finish to complete the Symantec Endpoint Protection Manager configuration.

You will then want to start the database restoration through normal processes. see the instructions located here: Restoring the database

Once the database is restored, a couple items need to be considered: 

    1. Server Certificates need to be restored or re-imported. There are multiple methods to do this, so review Updating or restoring a server certificate for the best method. 
    2. 14.3 RU1 client packages need to be imported. You can get the packages from the unzipped install media in the "SEPM/Packages" folder. you can use 7zip to open the exe, run the exe. they will appear in the "AppData\Local\Temp" in a folder with randomly generated characters. The client installation package consists of two files. One file is named product_name.dat, and the other file is named product_name.info.
      then follow Importing client installation packages into Symantec Endpoint Protection Manager to import the packages.

Additional Information

ESCRT-5806