SQL Server Missing Role AppCWebServer or Users AppCDownloads and DefaultAppPool Are Missing
search cancel

SQL Server Missing Role AppCWebServer or Users AppCDownloads and DefaultAppPool Are Missing

book

Article ID: 436182

calendar_today

Updated On:

Products

Carbon Black App Control

Issue/Introduction

  • When attempting to change the Identity of the Application Pools to ApplicationPoolIdentity the Console becomes unavailable.
  • The SQL Server Role AppCWebServer is not added to SQL Server > Security > Server Roles.
  • The users IIS APPPOOL\AppCDownloads and IIS APPPOOL\DefaultAppPool are missing from SQL Server > Security > Logins

Environment

  • App Control Server: All Supported Versions
  • Microsoft SQL Server: All Supported Versions

Cause

In some instances this Role and the Accounts were not added due to various reasons including:

  • Missing permissions on the App Control Service Account at time of App Control Server install or upgrade.
  • Defect relating to handling of Special Characters on the Service Account during install/upgrade.
  • Two Tier environment requires pre-planning to configure a dedicated user for the IIS ApplicationPools before install or upgrade.

Resolution

Depending on the environment, the steps to fully address the missing Role and Users will vary.

Single Tier

  1. Verify SQL Permissions for the Carbon Black Service Account.
  2. Download AddAppCWSRole-T1.sql attached at the bottom of this article.
  3. Run SQL Server Management Studio as the Carbon Black Service Account.
    • Execute the AddAppCWSRole-T1.sql script.
  4. Update the IIS Identity with the new account.

Two Tier

  1. Create the account in Active Directory that will be used for the Application Pools in IIS (ex: DOMAIN\AppC-IIS)
  2. Verify SQL Permissions for the Carbon Black Service Account.
  3. Download the AddAppCWSRole-T2.sql attached at the bottom of this article.
  4. Run SQL Server Management Studio as the Carbon Black Service Account.
    1. Modify the script to properly reference the Windows account used in IIS for the Application Pools.
      • There are two locations that must be updated in the script (Database Level and Server Level)
    2. Execute the script.
  5. Configure IIS on the application server accordingly
    1. Verify the account has Full Control to the following directories
      \Parity Server\hostpkg\
      \Parity Server\HPIFiles\
      \Parity Console\WebUI\
    2. Update the IIS Identity with the new account.

Additional Information

Attachments

AddAppCWSRole-T2.sql get_app
AddAppCWSRole-T1.sql get_app
Powered by Wolken Software