Cannot upgrade Symantec Endpoint Encryption (SEE) Management Server using an account without the SQL Server sysadmin role
search cancel

Cannot upgrade Symantec Endpoint Encryption (SEE) Management Server using an account without the SQL Server sysadmin role

book

Article ID: 206626

calendar_today

Updated On:

Products

Endpoint Encryption Desktop Email Encryption Drive Encryption Encryption Management Server File Share Encryption Gateway Email Encryption Mobile Encryption for iOS PGP Encryption Suite PGP Command Line PGP Key Management Server PGP Key Mgmt Client Access and CLI API PGP SDK

Issue/Introduction

Starting with Endpoint Encryption 11.3.1, when upgrading, it is no longer necessary to connect to the Endpoint Encryption database (SEEMSDb by default) using SQL Server Authentication and an account that has the sysadmin role.

Instead, you can upgrade by connecting to the database using an account that has the db_owner role.

Note: that a sysadmin account is still needed in order to do a fresh install because the installer needs to create the database.

Using an account with db_owner membership is the better option as for convenience and security. 

 

The db_owner role can be assigned to a Windows account. You can then connect to the database using Windows Authentication during the upgrade.

You may see this error when trying to upgrade:

For more information on how to install Symantec Endpoint Encryption Management Server, see the following article:

179347 -HOW TO: Install/Upgrade Symantec Endpoint Encryption Management Server (SEE Management Server)

 

Environment

Symantec Endpoint Encryption 11.3.1 and above.

Cause

The account does not have db_owner membership.

Resolution

In order to grant the account db_owner membership, please do the following:

  1. Login to SQL Server using SQL Server Management Studio and a sysadmin account.
  2. In Object Explorer, expand Databases.
  3. Expand SEEMSDb.
  4. Expand Security.
  5. Expand Users.
  6. Double click on the user you wish to modify.
  7. Click on Membership.
  8. Enable the db_owner role.
  9. Click OK.

Note that the account with db_owner membership will not necessarily be able to manage the SEEMSDb database using SQL Server Management Studio.
However; the db_owner account account can still be used to upgrade Endpoint Encryption Management Server.

For more information on database permissions, see the following article:

152737 - Minimum Database Permissions for Symantec Endpoint Encryption Administrators

 

Additional Information