Starting with Endpoint Encryption 11.3.1, when upgrading, it is no longer necessary to connect to the Endpoint Encryption database (SEEMSDb by default) using SQL Server Authentication and an account that has the sysadmin role.

Instead, you can upgrade by connecting to the database using an account that has the db_owner role.

Note: that a sysadmin account is still needed in order to do a fresh install because the installer needs to create the database.

Using an account with db_owner membership is the better option as for convenience and security. 

The db_owner role can be assigned to a Windows account. You can then connect to the database using Windows Authentication during the upgrade.

You may see this error when trying to upgrade:

For more information on how to install Symantec Endpoint Encryption Management Server, see the following article:

179347 -HOW TO: Install/Upgrade Symantec Endpoint Encryption Management Server (SEE Management Server)

Symantec Endpoint Encryption 11.3.1 and above.

The account does not have db_owner membership.

In order to grant the account db_owner membership, please do the following:

1. Login to SQL Server using SQL Server Management Studio and a sysadmin account.
2. In Object Explorer, expand Databases.
3. Expand SEEMSDb.
4. Expand Security.
5. Expand Users.
6. Double click on the user you wish to modify.
7. Click on Membership.
8. Enable the db_owner role.
9. Click OK.

Note that the account with db_owner membership will not necessarily be able to manage the SEEMSDb database using SQL Server Management Studio.
However; the db_owner account account can still be used to upgrade Endpoint Encryption Management Server.

For more information on database permissions, see the following article:

152737 - Minimum Database Permissions for Symantec Endpoint Encryption Administrators

179347 -HOW TO: Install/Upgrade Symantec Endpoint Encryption Management Server (SEE Management Server)

152737 - Minimum Database Permissions for Symantec Endpoint Encryption Administrators