Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SEP12: Lost Password for Embedded Database

Created: 02 Jul 2012 | 16 comments

The previous administrator have set up a brand new SEP12 Manager Console but did not share the password with the current administrators. Is there any way that I can reset or recover the forgotten password?

Comments 16 CommentsJump to latest comment

Simpson Homer's picture

Please go ahead and reset the password of the Manager console.

Go to the following location 

Drive:\Program Files\Symantec\Symantec Endpoint Protection Manager\Tools and then double click on the resetpass.bat a CMD window would appear and then login into the SEPM as the user name : admin and password also admin.

It should then ask you to enter a new password.

For embedded databse password refer to the following links:-

https://www-secure.symantec.com/connect/forums/management-server-configuration-wizard-login

https://www-secure.symantec.com/connect/forums/determine-database-type

Bouncetheking's picture

I already have the admin password. Now I need to recover the embedded database admin (DBA) password.

I follow the instructions in given link but there is nothing to be found in the System DSN.

Simpson Homer's picture

Try the password as SYMANTEC or symantec

Bouncetheking's picture

I have tried all combinations of the word Symantec but still can't get through. Anyway to reset of recover the DBA password?

consoleadmin's picture

 How to find the Database password for Embedded Database

Click Start > Run and type "odbcad32"

Data required in ODBC

Username should be "DBA"
Password should be the first password that you used to login to SEPM.
Server name should be the name of the server.
Database name should be  "sem5"

If you dont remember the password follow the following steps to get the password

  •  Remove all the details from ODBC and change the name for the database from sem5 to SEM
  • Go to C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Php\
  • Go to php.ini properties, and uncheck the read-only option
  • Open php.ini using a notepad
  • Modify the following lines to read:

             display_errors = On
             display_startup_errors = On

Fatal error: Uncaught exception 'com_exception' with message '<b>Source:</b> ASAProv.90<br/><b>Description:</b> Request to start/stop database denied' in C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\Reporting\Common\ado.php:40 Stack trace: #0 C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\Reporting\Common\ado.php(40): com->Open('Provider=ASAPro...', 'DBA', 'password') #1 C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\Reporting\Common\connectdb.php(46): ado_connect(Object(com), 'SymantecEndpoin...', 'DBA', 'password', NULL, NULL) #2 C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\Reporting\Login\curl_funcs.php(360): connectnav(Object(com)) #3 C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\Reporting\Login\curl_funcs.php(98): doProcessLoginResponse('admin', '<?xml version="...', '<?xml version="...', 0) #4 C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\Reporting\Login\Login_verify.php(2 in C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\Reporting\Common\ado.php on line 40

Note: The password next to DBA which is bold in the above example is the password for ODBC

  • Open php.ini using a notepad
  • Again Modify the following lines to read:

             display_errors = Off
             display_startup_errors = Off

  • Go to ODBC and change the name of the database to SEM5
  • Go to C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Php\php.ini properties, and check read-only

Then try the ODBC with the password and the connection should be successful.

Thanks.

Simpson Homer's picture

Well, then in that case there's only one way, Perform Disaster Recovery. 

How to perform Disaster Recovery without Database backup/Restore

https://www-secure.symantec.com/connect/articles/how-perform-disaster-recovery-without-database-backuprestore

Sayan's picture

Solution

The embedded database password can be changed by using the tool "dbisqlc.exe", provided by Sybase. 

This tool is stored in the following default location:

C:\Program Files\Symantec\Symantec Endpoint Protection Manager\ASA\win32\

To change the embedded database password, follow the steps below:

    1. Click on Start > Run.
    2. Type services.msc
    3. Click Ok.
    4. Verify that the "Symantec Embedded Database Service" is running.
    5. Stop the "Symantec Endpoint Protection Manager Service."
    6. Exit the Services window.
    7. Browse to:
      C:\Program Files\Symantec\Symantec Endpoint Protection Manager\ASA\win32\
    8. Double-click on dbisqlc.exe to launch the application.
    9. Click the Login tab.
    10. Type DBA as the username and enter the current complex password.
    11. Under choose an ODBC data source select 'Data source name' and select SymantecEndpointSecurityDSN.
    12. Click on the Database tab.
    13. Enter the path to the database in the field labeled "Database file:" The default path is:
      C:\Program Files\Symantec\Symantec Endpoint Protection Manager\db\sem5.db
    14. Click Ok to log into the embedded database.
    15. In the "Command" input box, type:
      GRANT CONNECT TO DBA IDENTIFIED BY "<New Password>"
    16. Click Execute. The password should now be changed.
    17. Exit the application.

After changing the password, it is necessary to run the Management Server Configuration Wizard, then restart the IIS and SEPM services.

Sayan's picture

Solution

Follow the steps below to resolve this issue:
    • ON THE OLD INSTALLATION
    1. Copy the "Server Private Key Backup" folder from:
      \\ProgramFiles\Symantec\ Symantec Endpoint Protection Manager\Server Private Key Backup 
    2. Paste it to another storage area (as it will be deleted during Symantec Endpoint protection Manager uninstall)
    3. Stop the services "Symantec Embedded database" and the "Symantec Endpoint Protection Manager"
    4. Copy the "db folder" from:
      \\ProgramFiles\Symantec\ Symantec Endpoint Protection Manager\
    5. Paste it to another storage area.
    • ON THE NEW INSTALLATION AFTER THE DISASTER RECOVERY OF OPERATING SYSTEM (OS)

Warning: Re-installation of Symantec Endpoint Protection Manager needs to be done on the same IIS Port and Website for it restore client-server communication after the Disaster Recovery Process is complete.

    1. Ensure that the server has the same IP Address and Host Name the Operating System has been Installed.
    2. Install the "Symantec Endpoint Protection Manager" with the "Embedded Database" with the default settings.
    3. Log in to the Console
    4. Click Admin.
    5. Select TasksServers.
    6. Under "View Servers", expand Local Site.
    7. Click the that identifies the local site.
    8. Select Tasks.
    9. Click Manage Server Certificate.
    10. In the "Welcome panel", click Next.
    11. In the "Manage Server Certificate panel", select Update the Server Certificate
    12. Click Next.
    13. Under "Select the type of certificate to import", select JKS keystore.
    14. Click Next.
      Note: If one of the other certificate types has been implemented, select that type.
    15. In the "JKS Keystore panel", click Browse.
    16. Locate and select the backed up "keystore_.jks" keystore file.
    17. Click OK
    18. Open the "server_.xml" file
    19. Select and copy the "keystore password."
    20. Activate the "JKS Keystore" dialog box.
    21. Paste the "keystore password" into the "Keystore" and "Key boxes."
      Note: The only supported paste mechanism is Ctrl + V.
    22. Click Next 
      Note: If you get an error message that says you have an invalid keystore file, you probably entered invalid passwords. Retry the password copy and paste. (This error message is misleading.)
    23. In the "Complete panel", click Finish.
    24. Stop the services Symantec Embedded database and the Symantec Endpoint Protection Manager
    25. Go to:
      \Program Files\Symantec Endpoint Protection Manager\ 
      on the new "Symantec Endpoint Protection Manager" and rename the "Db" folder to "Db_new"
    26. Move the "old db" folder under:
      \Program Files\Symantec Endpoint Protection Manager\
    27. Go to Administrative ToolsData Sources ODBC
    28. Ensure the database connectivity after the changing the database file location to:
      \Program Files\Symantec Endpoint Protection Manager\db1\sem5.db
    29. Start the service Symantec Embedded database
    30. Run the Management Server Configuration Wizard
    31. Click Yes to replace the database after entering the password
    32. Login to the "Symantec Endpoint Protection Manager" using the OLD password.
    33. Ensure that the Domain ID is same as it was on the old clients.
    34. All of the clients should begin reporting back within approximately 30 minutes.
    35.  
John Q.'s picture

Symantec Support might know a way to achieve this, so I would suggest you to open a ticket and see with them.

Please remember to mark the proper comment as SOLUTION:
 - to identify threads that do not require further assistance
 - to let other visitors know how to fix such issue

greg12's picture

Try your SEPM console password (system admin). That may or may not work; if this password was not changed since the installation, it should work because the DB password is arguably the initial password of the system admin of SEPM.

If you are not able to log in, try to remember to the initial admin password.

In SEP 11, there was a rather dirty hack to retrieve the password, but that does not seem to work anymore.

The database user name is "dba".

Mohan Babu's picture

Create a support case with symantec they might have any steps to reset the DB password.

No public article is der to help you in this case...

Kindly check with Symantec Support Team ASAP.

Mohan Babu

moglie20@gmail.com

+91 9884382160

Your satisfaction is very important to us.If you find above information helpful or it has resolved your issue...please mark it accordingly :)

Chetan Savade's picture

Hi,

I am agree with Simpson Homer, you will have to perform the diaster recovery without database.

Create a new database password & keep it at secure place.

Total how many clients you have in the network? 

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

consoleadmin's picture

Have you tried my attached step. Hope it help you.

Thanks.

Mohan Babu's picture

Any update on this?

Mohan Babu

moglie20@gmail.com

+91 9884382160

Your satisfaction is very important to us.If you find above information helpful or it has resolved your issue...please mark it accordingly :)