Upgrade wizard fails during SEPM upgrade to 14.3 RU5 or RU6
search cancel

Upgrade wizard fails during SEPM upgrade to 14.3 RU5 or RU6

book

Article ID: 245922

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Upgrade Wizard fails with Warning: Null, when upgrading to Symantec Endpoint Protection Manager (SEPM) to 14.3 RU5 or RU6

You may also see the error "The Symantec Endpoint Protection Manager reporting account does not connect to the Microsoft SQL Server database.  You must recreate or modify the reporting account in SQL Server Management Studio"

A review of the upgrade-0.log reveals the following error.

2022-07-12 17:09:32.721 THREAD 93 WARNING: DatabaseUtilities> hasUserAlterAnyLoginPermission>> Account permission verification done! hasRequiredPermission: true
2022-07-12 17:09:32.721 THREAD 93 INFO: DbUtil> addReporterUser>> hasPermissionAlterAnyLogin: true
2022-07-12 17:09:32.721 THREAD 93 INFO: DbUtil> addReporterUser>> Checking and adding report login!
2022-07-12 17:09:32.721 THREAD 93 INFO: doesDbLoginExist >> loginUsername: REPORTER_sem5SEM5
2022-07-12 17:09:32.721 THREAD 93 INFO: doesDbLoginExist >> Result: true
2022-07-12 17:09:32.721 THREAD 93 INFO: alterReporterLogin >> dbName: sem5, reporterUserName: REPORTER_sem5SEM5
2022-07-12 17:09:32.737 THREAD 93 INFO: Altered login default database: ALTER LOGIN [%s] with DEFAULT_DATABASE = [%s]
2022-07-12 17:09:32.777 THREAD 93 INFO: Reset password successfully!
2022-07-12 17:09:32.777 THREAD 93 INFO: DbUtil> addReporterUser>> Report login was altered successfully!
2022-07-12 17:09:32.777 THREAD 93 INFO: DbUtil> addReporterUser>> Checking and adding report user!
2022-07-12 17:09:32.777 THREAD 93 INFO: doesDbUserExist >> loginUsername: REPORTER_sem5SEM5
2022-07-12 17:09:32.779 THREAD 93 INFO: doesDbUserExist >> Result: true
2022-07-12 17:09:32.779 THREAD 93 INFO: DbUtil> addReporterUser>> adding REPOTER role to report user!
2022-07-12 17:09:32.783 THREAD 93 FINE:  calling close on connection.
2022-07-12 17:09:32.784 THREAD 93 FINE: Return connection to pool.
2022-07-12 17:09:32.784 THREAD 93 INFO: DbUtil> testReportingUserConnection>> Initializing datasource...
2022-07-12 17:09:32.784 THREAD 93 INFO: Skip using Cursors for MS JDBC to leverage Adaptive buffering
2022-07-12 17:09:32.785 THREAD 93 INFO: DbUtil> testReportingUserConnection>> Reporting user: REPORTER_sem5SEM5, URL: jdbc:sqlserver://SQLServername:1433;instanceName=sepm;databaseName=sem5;integratedSecurity=true;encrypt=true;trustServerCertificate=true
2022-07-12 17:09:32.785 THREAD 93 INFO: getDatabaseConnectionWithNTLMv2Retry, jdbcURL: jdbc:sqlserver://<Sqlservername>:1433;instanceName=<instanceName>;databaseName=sem5;integratedSecurity=true;encrypt=true;trustServerCertificate=true, user: REPORTER_sem5SEM5
2022-07-12 17:09:32.809 THREAD 93 SEVERE: exception retrieving connection
2022-07-12 17:09:32.810 THREAD 93 SEVERE: exception retrieving connection
2022-07-12 17:09:32.810 THREAD 93 FINE: connection is null.
2022-07-12 17:09:32.810 THREAD 93 WARNING: Login failed for user <Domain\username>. ClientConnectionId:533dd50b-7188-4d91-9d1b-ca0fd78f9f63
2022-07-12 17:09:32.810 THREAD 93 FINE: connection is null.


You may also see one of the following error messages:

 2022-08-08 14:31:28.931 THREAD 97 WARNING: Login failed. The login is from an untrusted domain and cannot be used with Integrated authentication. 

2022-12-06 11:34:01.233 THREAD 96 WARNING: Login failed for user 'REPORTER_sem5xxxxxxxx'. ClientConnectionId:5e2f208b-d58f-4533-a15f-57e8b219d442

Environment

Release : 14.3 RU5 and RU6

Component :SEPM

Remote SQL server

Cause

During the upgrade to 14.3 RU5 or RU6, the connection for the reporter account that the SEPM uses to connect to the SQL server attempts to connect using windows authentication which fails.

  1. The reporter account is a SQL-only account. The user account that is logged on to the SEPM's OS does not have access to the SEPM DB on the SQL server.
  2. The User Mapping from the SQL Login to the database is corrupt
  3. Server Authentication need to be set to SQL Server and Windows Authentication mode

 

Resolution

Three possible resolutions depending on the cause

1. SQL-only account:

  1. In SQL Server Management Studio, edit the Security Settings for the SEPM database (typically "sem5").
  2. Add the user account for the admin performing the SEPM install to the database users for the SEPM DB.  It does not need dbo privileges, but must be able to connect to the DB.
  3. On the SEPM, navigate to <SEPM-install-directory>\bin and run upgrade.bat to proceed with the upgrade.

2. Corrupt user mapping

  1. Verify that a backup of the database exists before making the following changes.
  2. In SQL Server Management Studio, edit the Security Settings for the SEPM database (typically "sem5").
  3. Delete the user shown in your error log (in this example REPORTER_sem5SEM5) from the following location. <SQL Server Name>\Databases\<SEPM database>\Security\Users
  4. Edit the login and add the mapping to the SEPM Database. <SQL Server Name>\Security\Logins
    1. Double-click the account that was deleted in step 3
    2. Select "User Mapping"
    3. Check the "Map" box next to the <SEPM database> 
    4. Make sure the "Default Schema" is "dbo" and the "Database role membership for: master" is "public" 

Note: The user account most likely be REPORTER_sem5<user>

3. Server Authentication need to be set to SQL Server and Windows Authentication mode

  1. Run SQL Server Management Studio
  2. Right click on the SQL server instance.
  3. Click on Properties.
  4. Click on Security on the left pane.
  5. Check SQL Server and Windows Authentication mode under Server authentication section.
  6. Click OK.

 

Additional Information

CRE-10852

Powered by Wolken Software