Home, Monitors and Reports tabs are blank in the Endpoint Protection Manager version 14.x

book

Article ID: 224719

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

  • Upon logging into the Symantec Endpoint Protection Manager (SEPM) the Home, Monitors and Reports tabs are all blank.
  • Error: Unexpected server error 0x10010000

The reporting.log includes repeated error entries as follows:

ERROR:fatal error at login: EXCEPTION block1: Error message: Source:Microsoft OLE DB Provider for ODBC Drivers

Description: [Microsoft][SQL Server Native Client 10.0][SQL Server]Cannot open database "sem5" requested by the login. The login failed. Error code: -2147352567

ERROR:fatal error at login: EXCEPTION block1: Error message: Source: Microsoft OLE DB Provider for ODBC Drivers
Description: [Microsoft][SQL Server Native Client 11.0][SQL Server]Login failed for user 'GRANITE\DC2012R2$'. Error code: -2147352567

PHP Fatal error: Uncaught Source: Microsoft OLE DB Provider for ODBC Drivers
Description: [Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for user ''. The user is not associated with a trusted SQL Server connection.
Error code: -2147352567
Trace: ##0 C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Php\Include\Common\ado.php(67)#2Ftw')

Login:start

2017-10-23 19:05:38    ERROR:warning: error at login. will retry once. error message : <b>Source:</b> Microsoft OLE DB Provider for ODBC Drivers<br/><b>Description:</b> [Microsoft][SQL Server Native Client 11.0][SQL Server]Cannot open database "sem5" requested by the login. The login failed.
2017-10-23 19:05:38    ERROR:fatal error at login: \r\nEXCEPTION block1: Error message: <b>Source:</b> Microsoft OLE DB Provider for ODBC Drivers<br/><b>Description:</b> [Microsoft][SQL Server Native Client 11.0][SQL Server]Cannot open database "sem5" requested by the login. The login failed.\r\nError code: -2147352567\r\nFile and line: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Php\Include\Common\ado.php(96)\r\n

Cause

  • REPORTER_[DBname][SQLuser] SQL account login properties were changed from default configuration. 
  • The primary SQL account lacks the permissions necessary to configure the "REPORTER_[DBname][SQLuser]"
  • REPORTER_[DBname][SQLuser] in "security>logins" not found

REPORTER_[DBname][SQLuser] Examples: 

REPORTER_DBnameSQLuser or REPORTER_sem5sem5

Environment

  • SEPM 14.x
  • Microsoft SQL database

Resolution

Ensure that the REPORTER_[DBname][SQLuser] login exists and is configured correctly:

  • Launch Microsoft SQL Server Management Studio.
  • Connect to the SEPM database*.
  • Expand the Security node, then expand the Logins node.
  • Check for the 'REPORTER_[DBname][SQLuser]' login, if it does not exist, create it.
  • Right click Logins, select New Login.
  • In the general tab, set Login name for the reporter account.  The account name is based on the name of the sql user and the database name.  So if the SQL username is SQLuser and the database name is DBname, the reporter account should be REPORTER_DBnameSQLuser.
  • Set the new account for SQL Server authentication and default database to DBname (or whatever the database name is.) 
  • Click OK.
  • Once the 'REPORTER_[DBname][SQLuser]' account is created, right click on the account under Security > Logins and select Properties.
  • Under General, ensure the 'Default database:' value is set to your SEPM database name.
  • Under Server Roles, ensure public is checked.
  • User Mapping should show the following:
    • Checkbox checked under the Map column, [DBname] under the Database column, REPORTER_[DBname][SQLuser]​ under the User column and dbo under the Default Schema column.
    • Database role membership for: [DBname] should have public and REPORTER both checked.
  • Explicit permissions under Securables should have Grant checked for Connect SQL with a Grantor of sa.
  • Status should be configured so that Permission to connect to database engine: is granted and Login: is enabled.

Once correctly configured, you will need to re-launch the Management Server Configuration Wizard (MSCW) and ensure you can successfully reconnect to the SQL database.

If the REPORTER account has all the necessary permissions, check the following permissions for the default SEPM SQL account [SQLuser]: 

  1. Launch Microsoft SQL Server Management Studio.
  2. Connect to the SEPM database*.
  3. Expand the "Security" node, then expand the Logins node.
  4. Right Click on the [SQLuser] account and select "Properties"
  • Under "General", ensure the 'Default database:' value is set to your SEPM database name.
  • Under "User Mapping" Checkbox checked under the Map column, [DBname] under the Database column, dbo​ under the User column and dbo under Default Schema. Check that "db_owner" and "public" in the Database role memberships section.
  • Under "Status" confirm that "Login is locked out" is unchecked, "Permissions to connect to database engine" is selected under "Grant", and "Login" is selected under "Enabled."
  • Explicit permissions under "Securables" should have "Grant" checked for "Alter Any Login" and "Connect SQL" with a Grantor of sa.

Once the accounts are setup, log into the SEPM server and run the "Management Server Configuration Wizard" from Start > All Programs > Symantec Endpoint Protection Manager > Symantec Endpoint Protection Manager Tools.