Issue
The Symantec Embedded Database service (SQLANYs_sem5) fails to start after installing or migrating to Symantec Endpoint Protection 12.1.5 (SEP RU5).
Error
In the Windows event log:
SQLANYs_sem5
Can't open Message window log file: D:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\db\out.log
In the Upgrade-0.log:
The service SQLANYs_sem5 failed to be started.
In the Management Server Upgrade Wizard:
Setting
ACL...(100%)...Done
Error occurred
Cause
In SEP 12.1.5 (RU5), Symantec changed the SemSrv and SemWebSrv services to use service virtual accounts. These services are set to an UNRESTRICTED SID type, but the SQLANYs_sem5 service remains under the RESTRICTED category.
Solution
FIRST STOP ALL Symantec Endpoint Services!
Then use the following workaround to change the SID type to UNRESTRICTED, since we are using a service virtual account for the Symantec Embedded Database service as well.
Note: A permanent solution is targeted for SEP 12.1.5 RU5 MP1.
Check the SID type of the service
1.On the computer where SEPM is installed, click Start > Run.
2.Type CMD and click OK.
3.Type sc qsidtype SQLANYs_sem5
4.Verify that the following is returned:
[SC] QueryServiceConfig2 SUCCESS
SERVICE_NAME: SQLANYs_sem5
SERVICE_SID_TYPE: RESTRICTED
Change the SID type of the SQLANYs_sem5 service to UNRESTRICTED
1.On the computer where SEPM is installed, click Start > Run.
2.Type CMD and click OK.
3.Type cd "<Drive>:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin"
Note: Replace <Drive> with the drive that SEPM is installed on.
4.Type ServiceUtil.exe -changeservicesidtype 1 -servicename "SQLANYs_sem5"
Note: Running the command returns: "Change the semsrv service SID successfully." The string "semsrv" is hardcoded, but we are changing the SID type for the SQLANYs_sem5 service. Please disregard that message.
Verify that the SID type has changed to UNRESTRICTED
1.On the computer where SEPM is installed, click Start > Run.
2.Type CMD and click OK.
3.Type sc qsidtype SQLANYs_sem5
Start services
After following the preceding steps, start the following services:
(I ACTUALLY HAD To REBOOT the Server to get it to work)
•Symantec Embedded Database
•Symantec Endpoint Protection Launcher
•Symantec Endpoint Protection Manager
•Symantec Endpoint Protection Manager Webserver