Endpoint Protection

HI,

In my environment SEPM (12.1 RU1 MP1) is installed with SQL 2005 ENT SP3 with windows authentication mode. we are not using the Mixed mode.

We have assigned Map AD account to SEPM database. SA account is disabled.  And SQL service is running with local system account.

For AD account we have provided access (Public and Sysadmin) access in SQL.  Now we have an issue recently

AD account password has been changed recently, after that all clients are in offline. When we checked the application event log we getting SQL error alerts stating that Authentication failed for AD account.

Now my Question is,

if we change the AD account password in Active directory is it new password for AD account will automatically update in SQL?

 Because we are using the windows authentication mode.

After long struggle we revert back to old password then SQL error alerts stopped and clients start reporting to SEPM.

Follow this KB article

https://www.symantec.com/business/support/index?page=content&id=HOWTO36029

HI,

About Microsoft SQL database authentication modes

http://www.symantec.com/business/support/index?page=content&id=HOWTO17974

About SQL Server configuration settings

http://www.symantec.com/business/support/index?page=content&id=HOWTO55330

About SQL Server database authentication modes

http://www.symantec.com/business/support/index?page=content&id=HOWTO55332#v52562814

How to install the Symantec Endpoint Protection Manager using Windows Authentication and SQL Server 2008

http://www.symantec.com/business/support/index?page=content&id=HOWTO36029

few more questions which comes in my mind during this  issue..

1. if databse is down , why entire clients are showing as offiline in SEPM?

2. Why if AD account is locked , then entire clients are showing as offiline?

3. what type of communication happening between SEPM and SQL ? and which account(SQL Account or AD account) is communicating between these two?

4. IF database is down, in that time is there any communication between client adn SEPM server?

5. Where the clients information and Daily DEF's Updates information,SEP policies, Virus Contents are stored? in SEPM folder or SQL database?

In your case I would re-run the Management Server Configuration Wizard and enter the new password.

1. if databse is down , why entire clients are showing as offiline in SEPM?

SEPM needs a running database. If database is down, SEPM stops as well. Therefore, clients are going offline.

2. Why if AD account is locked , then entire clients are showing as offiline?

Almost same reason. If the account for SQL Server is locked, SEPM isn't able to access the database ... see above.

3. what type of communication happening between SEPM and SQL ? and which account(SQL Account or AD account) is communicating between these two?

Almost all informations (including antivirus content, client packages, policies etc.) are stored in the database. So there is a constant flow of informations between SEPM and database. The communicating account can be determined during SEPM installation.

4. IF database is down, in that time is there any communication between client adn SEPM server?

See 1.

5. Where the clients information and Daily DEF's Updates information,SEP policies, Virus Contents are stored? in SEPM folder or SQL database?

See 3. Some information such as antivirus content is stored both in the database and in the file system.

Thanks greg12 for your valuable answers.. my question is

If we have reset AD account password, why we need to re configure the SEPM server. here we have reset the password for SQL AD account which is mapped for Database (sem5)..

If you change the password for the AD account that you are using as SQL Server login, you have to communicate this to SEPM. SEPM has to know the credentials of the Windows account to log in. It's by design.

You have to run the Management Server Configuration Wizard every time you change this password. Therefore, it's better not to change it and to make correspondent settings in AD.

You may not change anything else while the wizard is running.