Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Unable to delete tenant account from the console after tenant creation failed

    • Updated:
    • 6 May 2019
    • Product/Version:
    • Deep Security 10.0
    • Deep Security 10.1
    • Deep Security 10.2
    • Deep Security 10.3
    • Platform:
    • Windows 2003 Standard 64-bit
    • Windows 2008 Enterprise 64-bit
    • Windows 2008 Standard 64-bit

When you added a tenant in the Deep Security Manager (DSM) under Administration > Tenants, the tenant creation failed. However, the tenant account name still appears in the T0 account as "Created", and you are unable to delete it.


Why tenant creation failed

The tenant creation failed because the database account does not have a dbcreator role.

The dbcreator role is not needed during initial DSM installation. However, for multi-tenancy, the dbcreator role in SQL is required for the database account used to connect to the Deep Security database. Without the appropriate db permission, tenant creation will fail and the tenant account will be in an orphaned state. It will appear in the T0 account as “Created”, but no new database is created for the tenant.

Why tenant account still appears

When you add a new tenant from the console, the tenant information is verified and inserted into the database first. The modified tables include tenants and tenanthistory. Afterwards, the DSM configures the new tenant by creating the corresponding tenant database. The two database transactions are done separately, thus the database creation failure will not cause a rollback of the tenant information that was added to the tenants table.

Why tenant account cannot be deleted

Because a tenant database does not exist, you cannot delete the tenant from the T0 account.

Workaround to delete tenant

As a workaround, do one of the following:

  • Wait for the tenant account to be removed after approximately seven (7) days.

    By design, the tenant can still be deleted from the console. It will be in “Pending Deletion” state for about seven (7) days, after which the database entry will be removed.

    During the "Pending Deletion" state, you cannot use the same tenant account name to create another tenant.
  • Remove the tenant account directly from the database:

    Run the following query on the SQL server:

    DELETE FROM tenants WHERE name like 'name of the tenant to delete'

    After the entry is removed from the database, you can create the tenant again using the same account granted with a dbcreator role.

Solution Id:
Did this article help you?

Thank you for your feedback!

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.