Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

Connection String for SQL DB Scan - Unable to retrieve the list of table names

Created: 11 Jul 2013 | 8 comments

We are trying to find the correct Connection String to scan our SQL databases.  I've read the previous discussions and tried all the connection string I could find to no avail.

Please take a look at this and let me know any suggesstions for other things to try.  Also, are there specific database permissions we should set up.

We are getting the error:

   "Failed to read sqlserver://hpsqld04.mycompany.com:1433/SecAdmin_Test;instance=mssqlserver; error: Unable to retrieve the list of table names: null"

Under the Scanned Content Tab, Scan Database Servers:  Connection Strings we've tried (all get the same error):

sqlserver://hpsqld04.mycompany.com:1433/SecAdmin_Test;instance=mssqlserver

    sqlserver://hpsqld04.mycompany.com

sqlserver://hpsqld04.mycompany.com:1433/SecAdmin_Test

Use These Credentials:   UserName:  mycompany\svcDLPuser -- database permission System Administrator

 

Operating Systems:

Comments 8 CommentsJump to latest comment

jgt10's picture

It amy not be the connect string.  It might be that the user account doesn't have the rights to read the table.

 

JGT

--
John G. Thompson
JOAT(MON)

yang_zhang's picture

According to the log, the user can connect to the database, but, doesn't have permission to read the table. You can check whether the user have select permission on the table you want to scan.

If a forum post solves your problem, please flag it as a solution. If you like an article, blog post or download vote it up.
Susan_HP's picture

What specific database permissions we should set up?

We have the user mycompany\svcDLPuser setup with -- database permission System Administrator.  Shouldn't this give them read access?

Thanks, Susan.

jgt10's picture

It has been a while, but I believe the necessary rights are documented in the admin guide.

You can always open a case with technical support for assistance.

JGT

--
John G. Thompson
JOAT(MON)

Susan_HP's picture

Yup - the admin guide says "must have both Read permission and Write Attirbutes permissions on the scan target.  Write Attributes permission is required in order to update the 'last accessed' date."  My DBA says there is nothing she can set for "Write Attributes".  My account is set up as DBO.  My understanding is that this gives me Read/Write to the database.

I have a support ticket open too.  They suggested I try the sourceforge.net driver.  I've done that and get exactly the same result.  "Unable to retrieve the list of table names: null"

Also, I signed on with my account, used SQL Server Management Studio, executed the "SELECT table_schema + '.' + table_name FROM INFORMATION_SCHEMA.TABLES" statement (same as I have in the sqldatabasecrawler.properties).  It returns the name of the table without error.  Seems like this means the permissions are set up correctly for my account.

Does anyone have 11.5 successfully scanning SQL 2005 databases?

Thanks, Susan.

jjesse's picture

A quick Google shows this:https://www-secure.symantec.com/connect/forums/symantec-dlp-115-sql-scanning-ms-sql-server-configuration as the first response.  It notes the SQL Browser service needs to be running.

Does it help out at all?

Jonathan Jesse Practice Principal ITS Partners

asutariya's picture

Connect Using local sql a/c and not NT auth. a/c since that is not supported.