6 Replies Latest reply on Aug 13, 2009 1:00 PM by runcmd

    Problem authenticating to remote SQL DB - new install

      ePO 4.0 setup is having issues authenticating to the remote SQL server. The error I get is:

      "The database user specified does not appear to have sufficient rights. Make sure you specify a user that has system administrator rights to the MSDE\SQL server."

      My DBA has assured me the username has full rights in SQL, and I have tested a remote connection with the Windows ODBC connect - which works fine.

      Does the username require local system admin rights on the server as well as rights in the SQL DB? If so - is it documented anywhere? I'd troubleshoot the SQL server myself, but security does not allow me to do so here.
        • 1. RE: Problem authenticating to remote SQL DB - new install


          please verify if ePO SQL account have db_owner role assigned, ODBC connection can be done with much less privileges, so its not indicative test
          • 2. RE: Problem authenticating to remote SQL DB - new install
            runcmd
            Did you find a solution for this? I'm encountering the same message while trying to establish an SQL connection from an ePO v4.5 server I'm in the process of building...

             

            McAfee ePolicy Orchestrator 4.5.0
            The database user specified does not appear to have sufficient rights.
            Make sure you specify a user that has system administrator rights to the MSDE/SQL server.
            [OK]



            I am using Windows authentication. I contacted our DBA and he verified that the AD account being used to establish the connection does have "db_owner". If I can avoid granting this account administrator rights on the SQL server I would like to do so. This SQL server is shared with other applications, so I would like to minimize any risks. If the only solution is to make this account an administrator on the server, does anyone know if any changes are made to the server and can those rights be revoked after the ePO database is built? Thanks!
            • 3. RE: Problem authenticating to remote SQL DB - new install
              PhilR
              Check the McAfee KB for the requirements for the password of the SQL user. You're probably using some characters that McAfee can't handle.

              Been there, done it, got the headache...

              Phil
              • 4. RE: Problem authenticating to remote SQL DB - new install
                runcmd


                Even after specifying 1433 as the SQL server TCP port, the error remained. We have the SQL database for the ePO hosted on a separate server and typically create unique DNS entries (named after each unique application), which point to the IP address of the SQL server. We do this so that if the database server needs to be upgraded or a database needs to be moved to a different SQL server, the application doesn't need to be touched--the DNS entries just need to be updated to point to a different IP address. Unfortunately, the ePO did not like this and I was only able to get past the port error by directing the ePO to the true hostname of the SQL server.

                Now I'm fighting with a licensing issue. :rolleyes: Thanks again for the response!
                • 5. RE: Problem authenticating to remote SQL DB - new install
                  runcmd
                  What I thought was a licensing issue is really still a database issue. Next error when attempting to logon to the ePO console...

                   

                  The license for ePolicy Orchestrator is invalid
                  Failed to load license data. To enter a new license, go here.



                  Referencing KB66166, this error message occurs when the ePO cannot connect to the database. (They are supposedly working to make the error message more intuitive for the next release.) I also noticed some entries in the "EpoApSvr.log" which I believe to be related...

                   

                  #2528 DAL Source = Microsoft OLE DB Provider for SQL Server
                  #2528 DAL Description = Login failed for user '[domain]\[username]$'.
                  #2528 DAL DAL2_CConnection::GetConnection: giving up retrying connection.



                  What's strange is that the username in the log isn't really a username at all--it looks like it's actually using the ePO server name as a user ID. According to the class book I mentioned, you can change the user account after the ePO is installed by accessing "https://<servername>:8443/core/config"; however, it won't let you in until it has validated your license. It's a Catch-22. :confused: *Sigh!* I'm either going to open a case with support or just reinstall the ePO. If anyone has any ideas, I'd love to hear them; otherwise, I'll let you know how it pans out.
                  • 6. Problem authenticating to remote SQL DB - new install
                    runcmd
                    I was able to address all of these issues by performing the following steps:


                    1. Uninstalled ePO v4.5 from the ePO server
                    2. Created a new AD service account, with alpha-numeric characters only for the account name and password (no special characters)
                    3. Had our DBA temporarily grant that account SQL server level privileges on the database
                    4. Reinstalled ePO v4.5 on the ePO server
                    5. Connected the ePO install directly to the SQL server by hostname (not an alternate DNS name) and using the previously mentioned service account



                    Although I have not yet begun to populate the tree, I am not receiving any DB errors at this time. I believe this issue to be resolved.