Management Server Configuration Wizard fails to connect to the SQL express database
search cancel

Management Server Configuration Wizard fails to connect to the SQL express database

book

Article ID: 235151

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Error 1: The Symantec Endpoint Protection Manager (SEPM) detected that the database password was changed on an external database tool. You must specify the same password used by the external database tool.

Error 2: Database inaccessible "Could not connect to SQL server express Database " 

Unable to login to Symantec Endpoint Protection Manager with 'unexpected server error' 

 

Environment

Release : 14.3 RU2

Component : Symantec Endpoint Protection Manager (SEPM)

SQL Express database

Cause

1. Certificate missing / blank for the Database (can be checked from SQL configuration manager)

2. SQL express Database Certificate expired

3. Force Encryption is enabled on SQL but not on the SEPM, or vice-versa.

4. Login with SQL Server Authentication is disabled for dba account.

Resolution

Option 1 or 2 : Certificate Missing/ expired in SQL server

  • Edit ROOT.XML in ..\Symantec Endpoint Protection Manager\tomcat\conf\Catalina\localhost\.
  • Set trustServerCertificate=true.
  • Save the changes to the ROOT.XML
  • Open Services.msc, restart the Symantec Endpoint Protection Manager services.


Rerun the Management Server Configuration Wizard and check if it is able to connect to the Database and update the correct certificate in SQL express Database.

Option 3 : Force Encryption is enabled on SQL but not the Symantec Endpoint Protection Manager (SEPM), or vice-versa

  • As of SEP 14, the SEPM supports the communications with the SQL Server over a TLS-encrypted channel.
    Symantec provides a tool (SetSQLServerTLSEncryption.bat) to enable or disable TLS encryption between the management server and the Microsoft SQL Server.
    This tool is in the Tools folder of the SEPM directory structure. Force Encryption is supported in SEP 14 as long as the SEPM has TLS enabled (this is on by default). You can check by running {SEPM_HOME}\Tools\SetSQLServerTLSEncryption.bat at a command prompt.
  • Force encryption can also be disabled from SQL configuration manager.

Option 4 : Login with SQL Server Authentication is disabled for dba account.

  • Open MS SQL Server Manager
  • Check status for DBA account
  • If "Disable login for SQL Server Authentication" is checked, uncheck it.

 

Powered by Wolken Software