1. I am using the manual "McAfee Host Data Loss Prevention 9.0 Installation Guide for ePolicy Orchestrator 4.5"
2. I am installing HDLP 9.0 on an existing ePO 4.5 server, that I did not originally install. Note that the process seemed to work without a hitch in the test lab, but here in production, everything is going into the handbasket.
3. My problem comes into effect when I do the WCF installation. As my ePO and database on all on one Windows2K3 server, I am installing the WCF locally (Option 1).
4. My repository is a SQL Server 2005, and I have installed SQL Server Management Studio Express 9.0.4035
5. Following the instructions "Adding a user in SQL Server", I name the user (epohdlp).
Default Database: ePO4_SERVER
Server Role: public
User Mapping: Under "Users mapped to this login" I select the ePO4_SERVER, and verify that the User [DOMAIN\epohdlp] is listed under User.
Note: if I go back and look, the ePO4_SERVER sleect box is NOT checked, and there is nothing listed under User
6. When I follow the instructions to modify the Database User, under Securables, I select the ePO4_SERVER database, but when I select Effective Permissions, I see 61 different permissions. When I click OK, everything looks as it should. When I hit OK again, and then re-select the Database User [DOMAIN\epohdlp,] there is nothing listed under Securables.
7. At this point, following the instructions, I run the DLP WCF Installer. I do not change the WCF Server Port, and I add the [DOMAIN\Security] OU from Active Directory as the WAAG.
8. I select Windows Authentication, and select Finish to complete the installation.
9. When I open the browser to Troubleshoot the DLP WCF service (http://localhost:8731/DLPWCF/Admin/Testing), every test fails.
Since I am not really familiar with Windows troubleshooting, and even less familiar with SQL Server troubleshooting, any ideas?
TIAMessage was edited by: Jonathan Hawes to correct spelling on 1/26/11 8:52:07 AM CST
first of all I would recommend that you use DLP 9.1 🙂
regarding your sql issue.
do you have checked how the ePO connects to the sql db?
why do not you use the same systemaccount also for the WCF service?
Oh, if I only could. Without some document identifying a reasonable issue that is resolved in 9.1, the testing has gone on far enough, and the deadline is so close that 9.0 is it for now.
As I have said, I am not real familiar with SQL server, and in checking, I can't find anyone in the Security group real familiar with SQL Server. Internally, I am not sure how SQL Server connects to anything. I have never before used SQL Server, as Oracle is my normal DB. I am trying to track down one of the program software people that is familiar with SQL Server and hopefully it's communication.
As to why I did not use the system account, the documentation indicated to create a database account with minimal grants, and so I attempted to. More and more I am thinking the user I am connecting with does not have the authority. More will be found when I can find some database error log, or database server log that shows what is going on with the WCF test connection failures.
ok, please try the following...
for a better understanding i made five screen captures (of my german version of sql 2008r2 express)
beginning at your step 4, you started the SQL Management Studio.
screenshot1: make a right click on logins and create a new on.
follow screenshot 2
screenshot3: give the user rights for datareader and datawriter
now open the properties of the DB ePO_SERVER
select your user DOMAIN\epohdlp and also grand to execute (screenshot4). click on OK
open the properties of the DB ePO_SERVER again and verify the effective userrights (screenshot5).
hopefully, this should work.