Summary
Fix the PolicyServer SQL Server Service that fails to run.
Details
- Ensure that the SQL Server Service is running on the server.
- Remote Desktop into the SQL Server.
- Click Start > Run > Services.msc.
- Scroll down to MSSQLServer (or MSSQL$Instance if running in an instance install) and ensure it is started.
- Click Start > Run > SvrNetCn.exe.
- Ensure that Named Pipes and TCP/IP are in the Enabled Protocol section of the General tab and that the instance selected is the same instance that the Mobile ArmorDB/Log are installed under.
- If any changes are made, restart the SQL Service.
- Double-click the PolicyServer Health Monitoricon to use the Health Monitor in checking the connectivity.
Note: Health Monitor should be used with the assistance of Trend Micro Technical Support.
- If running as a user, ensure that the PolicyServer Windows Service is running correctly.
- Click Run and enter services.msc.
- Stop the PolicyServer Windows Service.
If not using Single Sign-On, proceed to step 7. - Double-click the service.
- Click the Log on tab.
- Make sure that the This Account radio button is selected.
- Ensure that the user running the service has Local Administrative Rights or Log on as a Service Permission.
- Retype the password to receive a confirmation that the user is allowed to run the service.
- Start the service.
- If you are still unable to connect to via MMC, reinstall the PolicyServer Windows Service.
- Check if Group Policy is stopping IIS from running properly.
- Group Policy denied guest logon on the server.
- The IUSER and IWAM account were members of the guest group.
- Remove the IUSER and IWAM accounts from that group, and move them into the Users group.
- Modify the GPO to allow the "Network Service" account to have read permission on \Windows\Temp folder.
- Below is an example of a Group Policy which works:
Computer Configuration
Windows Setting
Security Setting
Local Policies
User Rights Assignment - (The user whose rights are being modified is the same user whom you have set to run the PolicyServer Windows Service).
Access this computer from the network
Act as part of the operating system
Log on Locally
Bypass traverse checking
Impersonate a client after authentication
Lock pages in memory
Log on as service
Replace a process level token
Take ownership of files or other objectsComputer Configuration
Windows Setting
Security Setting
Local Policies
Security Options
Network security: LAN Manager Authentication Level
Send LM & NTLM responses
Network security: LDAP client signing requirement level
Negotiate signingWindows Setting
Security Setting
System Services
ASP.NET State Service – Automatic
Distributed Transaction Coordinator – Automatic
Event Log – Automatic
HTTP SSL – Automatic
IIS Admin Service – Automatic
SMTPSVC – Automatic
World Wide Web Publishing Service – Automatic
PolicyServer Windows Service - Automatic
MSSQLServer - Automatic
SQLServerAgent – AutomaticWindows Setting
Security Setting
File System
%SystemRoot%\Microsoft.NET\Framework\v1.1.4322
(Service account needs full control)
