Management Server Configuration Wizard fails to connect to the SQL database
search cancel

Management Server Configuration Wizard fails to connect to the SQL database

book

Article ID: 156113

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

During installation of the Symantec Endpoint Protection Manager (SEPM) database on your SQL server or when running the Management Server Configuration Wizard to reconfigure the database result with errors:

  • Error 11501: Unable to create the database for Symantec Endpoint Protection Manager
  • Error 11501: Unable to connect to the database. Make sure that you have entered the correct database parameters, and that the firewall is not blocking the connection, then try again. Please click here for more information.

The following error is written to the Microsoft SQL ERRORLOG:

2017-05-01 19:13:50.88 Logon       Error: 17835, Severity: 20, State: 1.
2017-05-01 19:13:50.88 Logon       Encryption is required to connect to this server but the client library does not support encryption; the connection has been closed. Please upgrade your client library. [CLIENT: x.x.x.x]

Environment

2008 SQL server

2012 SQL server

2014 SQL server

SQL Express 

Cause

  • In the Management Server Configuration Wizard, you need to choose SQL Authentication instead of Windows Authentication
  • Network connectivity between the Symantec Endpoint Protection Manager and the Microsoft SQL Server is unavailable
  • The TCP/IP protocol is disabled in Microsoft SQL Server itself
  • Force Encryption is enabled on SQL but not on the SEPM, or vice-versa.

Resolution

There are four possible root causes that make this error message appear.

  • In the Management Server Configuration Wizard, you need to choose SQL Authentication instead of Windows Authentication

    • Relaunch the Management Server Configuration Wizard and change the authentication method

  • The TCP/IP protocol is disabled in Microsoft SQL Server itself

    • Enable the TCP/IP protocol in Microsoft SQL Server.
    • To enable TCP/IP, follow the instructions for your version of Microsoft SQL Server
      • Microsoft SQL Server 2000: In SQL Server Network Utility, add TCP/IP to the Enabled protocols list.
      • Microsoft SQL Server 2005 or newer: In SQL Server Configuration Manager, go to SQL Server Network Configuration > Protocols for MSSQLSERVER, and enable TCP/IP protocol.
    • Once you enable the TCP/IP protocol, restart the SQL Server service.

  • Network connectivity between the Symantec Endpoint Protection Manager and the Microsoft SQL Server is unavailable

    • Ensure that the SEPM can communicate with the SQL server
    • If specifying the SQL server by domain name, ensure that the SEPM server can resolve the domain name to an IP address.
    • If specifying the SQL server by IP address, ensure that the SQL server's IP address is entered correctly in the Management Server Configuration Wizard.
    • Use the ping command to determine whether network traffic can flow between the SEPM computer and the SQL server.

  • Force Encryption is enabled on SQL but not the SEPM, or vice-versa

    • As of SEP 14, the SEPM supports the communications with the SQL Server over a TLS-encrypted channel.
    • Symantec provides a tool (SetSQLServerTLSEncryption.bat) to enable or disable TLS encryption between the management server and the Microsoft SQL Server.
    • This tool is in the Tools folder of the SEPM directory structure. Force Encryption is supported in SEP 14 as long as the SEPM has TLS enabled (this is on by default). You can check by running {SEPM_HOME}\Tools\SetSQLServerTLSEncryption.bat at a command prompt.