Recently I became involved in a project to rollout the MOVE product, through ePO. As part of our internal proof of concept, we stood up an ePO server, but the user who performed that work is no longer with us.
When that user's account was deleted, DB authentication began to fail, and ePO stopped working. I have been able to regain control of the database, I can issue queries against the ePO tables successfully, etc, when connected to the DB through Management Studio. However, when I attempt to use the ePO config page:
everything appears ok. I enter credentials, they are saved, they are the same ones I am using in Management studio, but the connection is failing. Using the Test Connection button on the config screen results in an odd error:
Test failed: Login failed for user ''. The user is not associated with a trusted SQL Server connection.
The user is blank, though I have info added and showing in the proper fields. I have restarted the server, with no luck. Checking the logs that are written to %installdir%\McAfee\ePolicy Orchestrator\DB\Logs show that the right user appears to be getting sent to SQL:
20120504170523 I #02276 NAIMSRV Initializing server...
20120504170523 I #02276 NAIMSRV Database initialization: Starting.
20120504170523 W #02276 EPODAL DAL2_CConnection::Init: Login for MyDbUser failed. Building profile and retrying.
20120504170523 E #02276 PONTUTIL Failed to create local ePO User Group, push agent aborted! System error code 1379
20120504170523 E #02276 EPODAL DAL2_CConnection::Init: Failed to logon the domain user MyDbUser to connect to database.
20120504170523 E #02276 EPODAL DAL2_CConnection::Init: Error 0x80070002 returned from credentials callback. Database NOT available
When I check the SQL logs to see what is happening on that side, I note that no user appears to be passed to SQL at all:
Login failed for user ''. The user is not associated with a trusted SQL Server connection. [CLIENT: 127.0.0.1]
Anyone have ideas as to what I am doing wrong? My user setup is exactly the same as the one I am replacing, and I am not seeing the old credentials in logs anymore, but I am still not having any luck breathing life back into the server. We are running ePO 4.6.1 with the SQL Express 2005 option.
A DBA I am not, for sure, so any help or suggestions would be greatly appreciated!
I was able to restore connectivity to the server by resorting to SQL authentication. However, this is not ideal; our environment doesn't allow for local authentication on production systems of this nature.
If anyone has any input on how I can get AD user authentication working again, I would be very thankful.
To rule out a permissions issue - which is the most likely - try again with an account that is a member of the local admin group on the SQL server. By default this account group is assigned sysadmin rights to SQL.
The account I am using to connect to the DB is in fact a local admin. I needed to do that in order to regain access to the SQL Express install.
When ePO was installed, it was installed with the built-in SQL Express install. The user who did the install was logged into the server with their own AD account, and setup the install to run under those credentials throughout. That account was then disabled and deleted from AD.
What I tried to do was insert my account where the old one had been; I did this at the system level by adding my account to the local administrators group; I also did this within SQL, by adding my AD account in Management Studio to the Security -> Logins area, assigning my account the sysadmin role, then mapping that account to the dbo user/role on the ePO DB.
From Management Studio, I can query the master, temp, and ePO DBs without error. The issue only comes up when I am attempting to use my credentials on the core/config page of the ePO server.
Had the same issue and resolved it. I was using windows authentication and after changing the password of the database account for ePO it caused an account lockout (I'm guessing that ePO keeps retrying to connect to the database between the time I changed the password and updated it in localhost/core/config). All I did to resolve the problem was go to user management, right click the account, and unlock it.
Log in using MS SQL DB studio right click SERVERxxxx\SQLEXPRESS (SQL Server 9.0.4035 >Properties>Security>Change the authentication type to mixed mode(Windows and SQL mode)
Expand security >Logins>Enabvle SA account> change the password>
Now lpgin with sa account. and check is it successful.
Now try the sa user on ePO config page, if your connection gets successful then you can creat another user with same permission as as has and disable sa again.
And if sa account is ok with you then youmay use it.