cancel
Showing results for 
Search instead for 
Did you mean: 
Reliable Contributor twenden
Reliable Contributor
Report Inappropriate Content
Message 1 of 6

January Patch Tuesday Updates and ePO unable to connect to SQL database

Jump to solution

This morning, we decided to test the latest Microsoft January Patch Tuesday Updates. This is on a Windows 2008R2 server running SQL 2014 R2 server. The SQL server is running on the ePO 5.9.1 server.

After installing the latest Microsoft Updates, I get a message "Unable to connect to the database error" as shown below. Have checked all the ePO and SQL services and all are running. When I try to check the database connection by going to core/config it gives me a error "This page can only be accessed from a local connection".

I had read that there are issues with the January Patch Tuesday updates. Has anyone else seen this and know ho to resolve. 

 

ePO1.jpgePO2.png

 

1 Solution

Accepted Solutions
Reliable Contributor twenden
Reliable Contributor
Report Inappropriate Content
Message 5 of 6

Re: January Patch Tuesday Updates and ePO unable to connect to SQL database

Jump to solution

Just done more research and it appears that Microsoft is aware of the issues. It has something to do with local account that are part of the Administrators group. The user account that are SQL server runs is part of this group. Someone also mentioned doing the following registry key changed. This fixed the issues. But I may just wait for a fix from Microsoft and delay installing this update.

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f

This is the info from Microsoft regarding the hotfix KB4480970 that affects Windows 2008R2 and Windows 7 systems.

Issue

Local users who are part of the local “Administrators“ group may not be able to remotely access shares on Windows Server 2008 R2 and Windows 7 machines after installing the January 8th, 2019 security updates. This does not affect domain accounts in the local "Administrators" group.

 

Fix

To work around this issue use either a local account that is not part of the local “Administrators” group or any domain user (including domain administrators).

We recommend this workaround until a fix is available in a future release.

 

Hopefully this helps another ePO Admin who may find issues with their SQL connections. 

 

 

5 Replies
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: January Patch Tuesday Updates and ePO unable to connect to SQL database

Jump to solution

What specific errors are you getting in the orion log and sql error logs?  As for the issue of "This page can only be accessed from a local connection", on the epo server itself, use localhost instead of IP or epo servername to see if you can then access core/config.  See KB69850 for some steps to reset passwords.  Once you get to core/config, make sure first of all that the port is correct.  If sql is using dynamic ports, that can sometimes change with a reboot of the system.  You would need to confirm that on the sql server in configuration manager.

If no password have changed, then it is possible the updates changed something with the cipher suites and tls.  Download the IISCrypto tool (free utility) and run it as administrator on epo and sql servers.  Click on the cipher suite tab, then click on best practices.  It will require a reboot.

Check also KB84390 to see if that applies.

 

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Reliable Contributor twenden
Reliable Contributor
Report Inappropriate Content
Message 3 of 6

Re: January Patch Tuesday Updates and ePO unable to connect to SQL database

Jump to solution

Have  just read on Krebs Security that someone else is unable to connect to their SQL server after the latest Microsoft Updates. This is someone not running ePO. They were able to function again after they removed the Microsoft KB448070.

https://krebsonsecurity.com/2019/01/patch-tuesday-january-2019-edition/

https://www.askwoody.com/category/microsoft-windows-patches-security/

Just removed that Microsoft cumulative patch KB448070 and noticed that the ePO server is now functioning again. There are a lot of reports of issues on the internet relating to the latest Microsoft Updates.

I will reinstall the update and if it breaks the SQL connection again, then I will try IISCrypto Tool. Maybe Microsoft is changing the cipher suites. 

 

Highlighted
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 4 of 6

Re: January Patch Tuesday Updates and ePO unable to connect to SQL database

Jump to solution

Could be, or disabling a tls protocol that sql is using.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Reliable Contributor twenden
Reliable Contributor
Report Inappropriate Content
Message 5 of 6

Re: January Patch Tuesday Updates and ePO unable to connect to SQL database

Jump to solution

Just done more research and it appears that Microsoft is aware of the issues. It has something to do with local account that are part of the Administrators group. The user account that are SQL server runs is part of this group. Someone also mentioned doing the following registry key changed. This fixed the issues. But I may just wait for a fix from Microsoft and delay installing this update.

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f

This is the info from Microsoft regarding the hotfix KB4480970 that affects Windows 2008R2 and Windows 7 systems.

Issue

Local users who are part of the local “Administrators“ group may not be able to remotely access shares on Windows Server 2008 R2 and Windows 7 machines after installing the January 8th, 2019 security updates. This does not affect domain accounts in the local "Administrators" group.

 

Fix

To work around this issue use either a local account that is not part of the local “Administrators” group or any domain user (including domain administrators).

We recommend this workaround until a fix is available in a future release.

 

Hopefully this helps another ePO Admin who may find issues with their SQL connections. 

 

 

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 6 of 6

Re: January Patch Tuesday Updates and ePO unable to connect to SQL database

Jump to solution

Thanks for the update!  good info

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Member Rewards
McAfee Community rewards active and helpful members just like you. Click here to take a look at the first community members who received a special reward and were recognized by McAfee leader, Aneel Jaeel, for their participation and trusted knowledge in the community.