cancel
Showing results for 
Search instead for 
Did you mean: 

Upgrade from 5.3.1 to 5.9.1 fails [SQL Errors]

Greetings All,

I've been bashing my head against the keys for the past few days trying to resolve this issue to no avail.

It appears that I'm having issues connecting to my SQL server (SQL Server 2014) and it looks like it's an SSL issue but I've tried everything I could find without any different results.

Actions include:

- Running PIA, reports ready for upgrade

- Updating cipher suites then enabling TLS1.2 and disabling other protocols

- Regenerating the SSL cert to use SHA256

- Setting the server(in /core/config) to try to use SSL

- Ensured credentials are able to authenticate and have requisite access

- Followed all steps outlined in the upgrade guide (https://kc.mcafee.com/corporate/index?id=KB71825&page=content)

Aggregated output from logs follows:

[MFS-CommonSetup.Log]

20190116174528 SQL::connect to server eposerver
20190116174528 Testing SQL Authentication to SQL Server.
20190116174543 Failed to connect to SQL Server [eposerver] with error code [0x80004005]
20190116174543 Description for error code is [[DBNETLIB][ConnectionOpen (SECCreateCredentials()).]SSL Security error.]

[EPO590-Install-MSI.log]
MSI (c) (14!04) [17:34:01:218]: PROPERTY CHANGE: Adding MFSDATABASESERVERNAME property. Its value is 'eposerver'.
MSI (c) (14!04) [17:34:01:218]: PROPERTY CHANGE: Adding MFSDATABASEINSTANCENAME property. Its value is 'MSSQLSERVER'.
MSI (c) (14!04) [17:34:01:218]: PROPERTY CHANGE: Adding MFSDATABASENAME property. Its value is 'epo_DB'.
MSI (c) (14!04) [17:34:01:218]: PROPERTY CHANGE: Adding MFSDATABASEPORT property. Its value is '1433'.
MSI (c) (14!04) [17:34:01:218]: PROPERTY CHANGE: Adding MFSDATABASEUSERNAME_UE property. Its value is ''.
MSI (c) (14!04) [17:34:01:218]: PROPERTY CHANGE: Modifying MFSDATABASEAUTHENTICATION property. Its current value is '1'. Its new value: '2'.
1: 17:34:01 EPO590CALog: End upgradeReadDBPropertiesFile()
MSI (c) (14!04) [17:34:01:218]: PROPERTY CHANGE: Modifying MFSDATABASESERVERNAME property. Its current value is 'eposerver'. Its new value: 'eposerver\MSSQLSERVER'.
.
.
.
InstallShield 17:38:36: Invoking script function Prod_CalculateDBServerAndInstance
1: 17:38:36 EPO590CALog: Start Prod_CalculateDBServerAndInstance
1: 17:38:36 EPO590CALog: Start calculateDBServerAndInstance
1: 17:38:36 EPO590CALog: DataSource detected with with an Instance Name.
1: 17:38:36 EPO590CALog: Root key set successfully.
1: 17:38:36 EPO590CALog: Set "DatabaseServer" value successfully.
1: 17:38:36 EPO590CALog: Root key set successfully.
1: 17:38:36 EPO590CALog: Set "DatabasePort" value successfully.
MSI (c) (14!FC) [17:38:36:452]: PROPERTY CHANGE: Modifying MFSDATABASESERVERNAME property. Its current value is 'eposerver\MSSQLSERVER'. Its new value: 'eposerver'.
1: 17:38:36 EPO590CALog: End calculateDBServerAndInstance
1: 17:38:36 EPO590CALog: End Prod_CalculateDBServerAndInstance
InstallShield 17:38:36: CallScriptFunctionFromMsiCA() ends
Action ended 17:38:36: Prod_CalculateDBServerAndInstance. Return value 1.

[EPO590-Error.log]
ErrorString=FAILURE: Failed to connect to the SQL server.
ActionName=MerMod_StartCurrentServices
CustomAction: MerMod_StartCurrentServices

[EPO590CommonSetup.log]
20190116173727 Calculating the DataSource for your SQL server.
20190116173727 UDP port is enabled so using standard DataSource convention.
DataSource used: [eposerver\MSSQLSERVER]
20190116173727 Setting connection string DataSource to [eposerver\MSSQLSERVER].
20190116173727 Connection string set for SQL Authentication database connection.
20190116173727 SQL::connect to server eposerver\MSSQLSERVER
20190116173727 Testing SQL Authentication to SQL Server.

[EPO590-ahsetupdll_eposerver.log]
20190116173727 I #02552 AHSETUP Database initialization: Starting.
20190116173727 I #02552 NAISIGN Found master install key, decoding
20190116173727 I #02552 MFEFIPS Loading: "D:\Program Files (x86)\McAfee\ePolicy Orchestrator", Role = Officer, Mode = Normal
20190116173727 I #02552 MFEFIPS Module Initialized.
20190116173727 I #02552 MFEFIPS MFEFIPS_Status() returned 1
20190116173727 I #02552 EPODAL Using SQL Authentication for [eposerver\MSSQLSERVER,1433].[epo_DB]
20190116173727 I #02552 EPODAL Succesfully initialized database access for [eposerver\MSSQLSERVER,1433].[epo_DB]
20190116173727 I #02552 EPODAL ePolicy Orchestrator configured to run in SINGLE-TENANT (On-Prem) mode.
20190116173727 I #02552 AHSETUP Database initialization: Succeeded.

[ePIPAPI.log]
3740 2019-01-16 05:31:30 I ...........................................
3740 2019-01-16 05:31:30 I Environment details:
3740 2019-01-16 05:31:30 I EPOTargetVersion : 5.9.1
3740 2019-01-16 05:31:30 I Install type = Upgrade
3740 2019-01-16 05:31:30 I DB server name = eposerver
3740 2019-01-16 05:31:30 I DB server instance = Default
3740 2019-01-16 05:31:30 I DB name = epo_DB
3740 2019-01-16 05:31:30 I User login to DB =
3740 2019-01-16 05:31:30 I User login as sysadmin to DB =
3740 2019-01-16 05:31:30 I DB Port : 1433
3740 2019-01-16 05:31:30 I ...........................................
3740 2019-01-16 05:31:30 I new connection created
3740 2019-01-16 05:31:30 E IDispatch error #3149
3740 2019-01-16 05:31:30 E Failed to connect to SQL

 

Any input is greatly appreciated!!!

Labels (3)
11 Replies
McAfee Employee hem
McAfee Employee
Report Inappropriate Content
Message 2 of 12

Re: Upgrade from 5.3.1 to 5.9.1 fails [SQL Errors]

https://kc.mcafee.com/corporate/index?page=content&id=KB76711

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: Upgrade from 5.3.1 to 5.9.1 fails [SQL Errors]

When running the installer to upgrade, all of the DB fields are prepopulated with what I'm presuming is the contents of the db.properties file. 

When checking the /core/config page, my instance name was clear and I populated the instance field with the instance name in an effort to see if maybe that was the issue but even when reverted it's not taking.

If it provides any more details, I'm running off the DISA HBSS deployment. I'd reach out to DISA but it doesn't appear that many DISA customers have started the upgrade since Win 10 1809 is not being fielded.

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 4 of 12

Re: Upgrade from 5.3.1 to 5.9.1 fails [SQL Errors]

In your setup when you are entering sql server information, are you adding the instance name?

Log shows - eposerver\MSSQLSERVER

When using the default instance of mssqlserver, do not enter it in setup fields, if you are.  Is sql on the same server as epo?  If it is not on the same server, run iiscrypto on both epo and sql servers and go to cipher suites tab, click on best practices, apply and reboot. 

Check also kb86318 - epo 5.3.1 uses tls 1.0 so you might have to modify it to disable tls 1.0.

 

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: Upgrade from 5.3.1 to 5.9.1 fails [SQL Errors]

All of my SSL configs have been updated to support 5.9.1 and the PIA checks reflect that. 

All of the Cipher suites and SSL settings have been configured using the script found in the below blogpost from Hass Alexander.

https://www.hass.de/content/setup-microsoft-windows-or-iis-ssl-perfect-forward-secrecy-and-tls-12

Former Member
Not applicable
Report Inappropriate Content
Message 6 of 12

Re: Upgrade from 5.3.1 to 5.9.1 fails [SQL Errors]

I ran across this myself.  Apply ePO 5.9.1 Hotfix 1226775 , it MUST be applied if your upgrading from 5.x to 5.9.1. When you do a fresh 5.9.1 install instead of an upgrade, ePO already has the SHA-2 built into the deployment. When you upgrade, your upgrading SHA-1 to SHA-2 and the hotfix MUST be applied, or you will run into serious issues. 

https://kc.mcafee.com/corporate/index?page=content&id=KB90182

 

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 7 of 12

Re: Upgrade from 5.3.1 to 5.9.1 fails [SQL Errors]

They have to get to 5.9.1 first, which is failing. 

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Former Member
Not applicable
Report Inappropriate Content
Message 8 of 12

Re: Upgrade from 5.3.1 to 5.9.1 fails [SQL Errors]

Ok looking at the logs, you CAN get to the /core/config screen? But issue is its failing to connect? Are you using SQL Express or do you have access to SQL Management Studios? If you do have access to SQL Management Studios i would look at your SQL Account and make sure the password is  set to  NOT expire. Have seen where this happens, especially if you have a SQL Team that handles SQL and your not setting it up yourself.

 

Hope that helps.

Former Member
Not applicable
Report Inappropriate Content
Message 9 of 12

Re: Upgrade from 5.3.1 to 5.9.1 fails [SQL Errors]

If your using SQL Express - 

Log in using MS SQL DB studio right click SERVERxxxx\SQLEXPRESS (SQL Server 9.0.4035 >Properties>Security>Change the authentication type to mixed mode(Windows and SQL mode)

Expand security >Logins>Enabvle SA account> change the password>

Now lpgin with sa account. and check ithat it is successful.

Now try the sa user on ePO config page, if your TEST connection is successful then you can creat another user with same permission as SA has and disable SA again.

 

And if sa account is ok for you to use in your environment,  then you may use it. 

Re: Upgrade from 5.3.1 to 5.9.1 fails [SQL Errors]

While this doesn't apply to me yet, it did make me step back and realize that the hotfixes for 5.3.1 weren't applied...Guess that's what I get for assuming it was already handled. I'll report back with results from an upgrade attempt after hotfixes are applied.

Thanks for the reminder!
ePO Support Center Plug-in
Check out the new ePO Support Center. Simply access the ePO Software Manager and follow the instructions in the Product Guide for the most commonly used utilities, top known issues announcements, search the knowledgebase for product documentation, and server status and statistics – all from within ePO.