About SQL Server configuration settings
If you install Symantec Endpoint Protection Manager with a Microsoft SQL Server database, there are specific configuration requirements for SQL Server. You can install Symantec Endpoint Protection Manager with either a local database or a remote database.
See Installing and configuring Symantec Endpoint Protection Manager with a SQL Server database.
Before you create the database, Symantec recommends that you install a new instance of SQL Server that conforms to Symantec installation and configuration requirements. You can install a database in an existing instance, but the instance must be configured properly or your database installation fails. For example, if you select a case-sensitive SQL collation your installation fails.
Warning:
Symantec Endpoint Protection Manager authenticates to Microsoft SQL Server with a clear text database owner user name and password. To maximize the security posture of remote Microsoft SQL Server communications, collocate both servers in a secure subnet.
Table: Required SQL Server configuration settings
Configuration setting | Installation requirement |
|---|
Instance name | Do not use the default name. Create a name such as SEPM. By default, a database named Sem5 is created in the SQL Server instance when you install the Symantec Endpoint Protection Manager. The default instance is unnamed. It is supported, but can cause confusion if you install multiple instances on one computer. |
Authentication configuration | Mixed Mode or Windows Authentication mode See About SQL Server database authentication modes. |
sa password | Set this password when you set Mixed Mode authentication. |
Enabled protocol | TCP/IP |
IP addresses for TCP/IP (SQL Server 2005 and 2008 only) | Enable IP1 and IP2 |
TCP/IP port numbers for IP1, IP2, and IPALL (SQL Server 2005 and 2008 only) | Set TCP Dynamic Ports to blank, and specify a TCP Port number. The default port is typically 1433. You specify this port number when you create the database. The Symantec Endpoint Protection Manager database does not support dynamic ports. |
Remote connections (SQL Server 2005 and 2008 only) | Must be enabled. TCP/IP protocol must also be specified. |
If your database is located on a remote server, you must also install SQL Server client components on the computer that runs Symantec Endpoint Protection Manager.
During Symantec Endpoint Protection Manager installation, you make decisions about what database values to set. You must make these decisions before you start the installation.
Table: SQL Server database settings
Setting | Default | Description |
|---|
Select IIS Web site configuration options | Use the default Web site | Use the default Web site Installs the Symantec Endpoint Protection IIS Web application in the default IIS Web site. The site works with any other Web application that is installed in the Web site. TCP Port The port that is used by the Web site created. Create a custom Web site Creates an independent Symantec Web server for Symantec Endpoint Protection Manager.
|
Server name | local host name | Name of the computer that runs the Symantec Endpoint Protection Manager. |
Server port | 8443 | Port number on which the management server listens. |
Web console port | 9090 | The HTTP port that is used for remote console connections. |
Server data folder | C:\Program Files\Symantec Endpoint Protection Manager\data | Directory in which the Symantec Endpoint Protection Manager places data files including backups, replication, and other Symantec Endpoint Protection Manager files. The installer creates this directory if it does not exist. |
Site name | Site local host name | Site name of the highest level container under which all features are configured and run with the Symantec Endpoint Protection Manager. |
Encryption password | None | The password that encrypts communication between the Symantec Endpoint Protection Manager, clients, and optional Enforcer hardware devices. The password can be from 1-32 alphanumeric characters and is required. Document this password and put it in a secure location. You cannot change or recover the password after you create the database. You must also enter this password for disaster recovery purposes if you do not have a backed up database to restore. See Preparing for disaster recovery. |
Database server | local host name | Name of the Microsoft SQL Server and the optional instance name. If the database server was installed with the default instance, which is no name, type either host name or the host's IP address. If the database server was installed with a named instance, type either host name\instance_name or IP address\instance_name. Using host name only works with properly configured DNS. If you install to a remote database server, you must first install the SQL Server client components on the computer that runs the Symantec Endpoint Protection Manager. |
SQL Server Port | 1433 | The port used to send and receive traffic to the SQL Server. Port 0, which is used to specify a random, negotiated port, is not supported. |
Database Name | sem5 | Name of the database that is created. |
User | sem5 | Name of the database user account that is created. The user account has a standard role with read and write access. The name can be a combination of alphanumeric values and the special characters ~#%_+=|:./. The special characters `!@$^&*()-{}[]\\<;>,? are not allowed. The following names are also not allowed: sysadmin, server admin, setupadmin, securityadmin, processadmin, dbcreator, diskadmin, bulkadmin.
|
Password | None | The password to associate with the database user account. The name can be a combination of alphanumeric values and the special characters ~#%_+=|:./. The special characters `!@$^&*()-{}[]\\<;>,? are not allowed. |
SQL client folder | SQL Server 2000: C:\Program Files\Microsoft SQL Server\80\Tools\Binn SQL Server 2005: C:\Program Files\Microsoft SQL Server\90\Tools\Binn SQL Server 2008: C:\Program Files\Microsoft SQL Server\100\Tools\Binn | Location of the local SQL Client Utility directory that contains bcp.exe. |
DBA user | None | Name of the database server administrator account, which is typically sa. |
DBA password | None | Name of the password that is associated with the database user account. |
Database data folder | Automatically detected after clicking Default SQL Server 2000: C:\Program Files\Microsoft SQL Server\MSSQL\Data SQL Server 2005: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data SQL Server 2008: C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Data | Location of the SQL Server data directory. If you install to a remote server, the volume identifier must match the identifier on the remote server. If you install to a named instance on SQL Server 2000, the instance name is appended to MSSQL with a dollar sign. For example, \MSSQL$instance name\Data. If you install to a named instance on SQL Server 2005, the instance name is appended to MSSQL with a dot numeric identifier. For example, \MSSQL.1\instance name\Data. If you install to a named instance on SQL Server 2008, the instance name is appended to MSSQL10. For example \MSSQL10.instance name\Data.
Note:
Clicking Default displays the correct installation directory, if you entered the database server and instance name correctly. If you click Default and the correct installation directory does not appear, your database creation fails.
|
Admin User Name | admin | Name of the default user name that is used to log on to the Symantec Endpoint Protection Manager console for the first time. (not changeable) |
Admin Password | None | The password that you specified during server configuration to use with the admin user name. |
Email address (optional) | None | System notifications are sent to the email address specified. |
Thank you.