"Failed to connect to the database." error when attempting to install Symantec Endpoint Protection Manager 11.x (SEPM) to a Microsoft SQL backend using Windows Authentication.

Article:TECH122555  |  Created: 2010-01-19  |  Updated: 2011-09-15  |  Article URL http://www.symantec.com/docs/TECH122555
Article Type
Technical Solution


Issue



When running the Management Server Configuration Wizard for the Symantec Endpoint Protection Manager (SEPM) and opting to install the database to a Microsoft SQL server backend using Windows Authentication, an error window pop-up appears when clicking the "Next" button or clicking the "Default" button for the "Database data folder" field:

Failed to connect to the database.

The Windows Event Viewer - Application log on the SQL Server will also appear:

Type: Error
Source: MSSQL${INSTANCENAME.EN_US}
Event ID: 17806
Description: SSPI handshake failed with error code 0x80090302 while establishing a connection with integrated security; the connection has been closed.

SEPM Tomcat log "install_log.err" will show an exception with text dependent upon the version of SQL Server that returned the error:

  • SQL Server 2008: Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.
  • SQL Server 2005 SP2: Login failed for user ''. The user is not associated with a trusted SQL Server connection.

Error



From Management Server Configuration Wizard:

Failed to connect to the database.

From install_log.err with Microsoft SQL Server 2005 back-end:

Login failed for user ''. The user is not associated with a trusted SQL Server connection

From install_log.err with Microsoft SQL Server 2008 back-end:

Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.

From Windows Event Viewer Application logs on the SQL server:

Type: Error
Source: MSSQL${INSTANCENAME.EN_US}
Event ID: 17806
Description: SSPI handshake failed with error code 0x80090302 while establishing a connection with integrated security; the connection has been closed.


Environment



Microsoft SQL Server with a Group Policy Object (GPO) that enforces NTLMv2 authentication.


Cause



The Symantec Endpoint Protection Manager does not support NTLMv2 authentication for database access.

This situation only occurs if the following policy is in place on the SQL server:

Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> Network security: Minimum session security for NTLM SSP based (including secure RPC) servers -> option: Require NTLMv2 session security

Note: this situation is unique to SSPI handshake error code 0x80090302. Other error codes are not handled by this document.


Solution



Two solutions are available in regards to Symantec Endpoint Protection Manager 11.x:

  1. Configure SQL server to allow SQL authentication instead of only Windows Authentication, or
  2. Ask the Active Directory administrator to remove the following option from the GPO:

Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> Network security: Minimum session security for NTLM SSP based (including secure RPC) servers -> option: Require NTLMv2 session security

Migrating/installing Symantec Endpoint Protection Manager 12.1 will completely mitigate this issue as NTLMv2 support has been added to this version.



Legacy ID



2010011915092048


Article URL http://www.symantec.com/docs/TECH122555


Terms of use for this information are found in Legal Notices