cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Error on epo 5.3 sql windows authentication

Jump to solution

Hi! Im getting some problems connecting my Epo server with my SqL server, both in the same domain.

On the epo server, when i acces to localhost:8443/core/config and change the values to a domain user, i get the following error: "The logon is from a untrusted domain and windows authentication cannot be used". Some thoughts? I read about enable sql logon, but for the particular rules of my network, i can have that option enabled.

I tried with an udl file without any error in windows authentication.

Other thing is that i don have certification entity, maybe an untrusted certificate can cause that problem? Thanks!

1 Solution

Accepted Solutions

Re: Error on epo 5.3 sql windows authentication

Jump to solution

Ok, maybe it was a little obvious, but the problem result in the incoming ntlm traffic, that  in my network was disabled. Once i  enabled it, start working perfect.

Thanks all for the help!

Tags (1)
11 Replies
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 2 of 12

Re: Error on epo 5.3 sql windows authentication

Jump to solution

That windows account needs to be a local administrator also on the epo server itself.  If it isn't, that could explain the error.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: Error on epo 5.3 sql windows authentication

Jump to solution

Thanks for the response.

In both servers, epo and sql, the managed service account  for the sql server service and the domain user trying to connect to the epo server are in the administrator local group of each machine, and doesnt seems to work. 

Someone tell me about spn, but i dont know how to set it properly.

Thoughts?

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 4 of 12

Re: Error on epo 5.3 sql windows authentication

Jump to solution

Follow KB70929 to test the connection.  Make sure you are using the right port and instance name.  You might need to get assistance from your dba to make sure you are configuring it properly.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: Error on epo 5.3 sql windows authentication

Jump to solution

I made that test and work fine with windows NT security, it shows me all the db in the instance and the test is sucessfull, but still getting the "no trusted domain" error on the /core/config page.

 

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 6 of 12

Re: Error on epo 5.3 sql windows authentication

Jump to solution

does that nt user have logon rights or is it set to deny local logon?

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 7 of 12

Re: Error on epo 5.3 sql windows authentication

Jump to solution

Has smbv1 been disabled?  See KB89473.  Has this ever worked?  If so, what changed?  Has tls 1.0 been disabled?  See kb89317.  Does it authenticate ok if you use sql authentication?

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: Error on epo 5.3 sql windows authentication

Jump to solution

Log with sql authentication works fine. I try disabling smb1, but seems doesnt work. The user is set with logon permissions and is enabled. The full message on /core/config is "com.mcafee.orion.core.db.base.databaseconnectivityexception: failed to get a connection: logon error. Untrusted domain and windows authentication cannot be used"

My checklist is:

User with logon rights and enabled on the instance. 

User added to DB as db_owner, also db_owner propertie scheme. Default scheme dbo.

Smb1 is disabled.

User is on the local admin group of epo server and local admin on sql server.

Same with the managed service account on the sql server service and sql server agent

 

How must i set properly the spn? Already set, but maybe are not properly set.

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 9 of 12

Re: Error on epo 5.3 sql windows authentication

Jump to solution

Microsoft has a good article on spn and links to a diagnostic tool also.

https://docs.microsoft.com/en-us/sql/relational-databases/native-client/features/service-principal-n...

Try this first - go to kb80096 and try some of that kb's solution and/or workaround.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: Error on epo 5.3 sql windows authentication

Jump to solution

I uninstall the epo server and try to install again. In the data base information of the instalattion of epo5.3.x , when i try to set the windows authentication, i get a constant error saying that the credential are incorrect, but the domain user that i use is on the admin group of the epo server machine and is on the sql server with db_creator and login enabled.

Seems like doesnt recognize the domain, but in the .udl file, with Windows NT authentication still connecting with the database.

I dont really understand that situation or why isnt connecting.

Thanks and hope that we can get a solution.

Tags (1)
MPower Badge Now Available
Customers attending MPower can earn a community badge. Check into the MPower forum and say hi to have the badge awarded to your community profile.