The Symantec Endpoint Protection Manager (SEPM) upgrade fails during the Upgrade Wizard because the provided SQL user doesn't have system administrator (sa) privileges.

The user name and password that you entered are for a user who does not have system administrator privileges for the SQL server. Change the privileges and re-enter the credentials, or enter the credentials of a different user with system administrator privileges.

The SEPM 14 installation/upgrade creates a new SQL login, user, and database role with limited permissions. This new user allows the SEPM reporting Web site to access only the portions of the SEPM database that are necessary for its operation. The user is not able to read or write data except from tables and views necessary for its operation. Creating a new SQL login and database role requires sa equivalent privileges in SQL server.

Upgrading to SEPM 14.3 RU1 and later will also require sa privileges as a check will need to be made to determine whether Filestream is enabled.

For more information regarding FILESTREAM:  Enabling FILESTREAM for the Microsoft SQL Server database

note: After the migration completes, the SEPM service uses the same SQL login and account used by prior to the migration.

To upgrade, do one of the following:

• This error may be simply due to wrong password or non-existent user. Before attempting any other remediation, please verify your credentials by attempting a login with SQL Server Management Studio or other tool and be sure you are connecting to the correct SQL server and database instance.
  
  
• Use a SQL user with sa equivalent privileges during the migration
  
  
• Temporarily add the sysadmin server role to the SEPM SQL login (sem5 by default)