Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Endpoint Sensor (TMES) clients cannot register to the server using Windows account authentication with SQL server

    • Updated:
    • 19 Oct 2016
    • Product/Version:
    • Trend Micro Endpoint Sensor 1.6
    • Platform:
    • Windows 2008 Server R2 Enterprise
    • Windows 2012 Server R2
Summary

You want to know why TMES clients cannot register to the server when using Windows account authentication with SQL server.

The root cause of this is that the ESClient cannot register to the server because the IIS (Fast channel) cannot access the SQL server using a Windows account.

Details
Public

As a workaround, do the following:

  1. Add the domain account to the Administrator's Group.

    1. On the Computer Management console, go to Computer Management > Local User and Groups > Groups > Administrators.
    2. Right–click Administrators and select Properties.
    3. On the Members section, under Admnistrator, check if the domain account belongs to the group.

      Check for the domain account

      Click image to enlarge.

  2. Make sure the domain account contains the "Log on as a service" and "Log on as a batch job" user rights.

    To add the "Log on as a service" right to an account on your local computer:

    1. Open Local Security Policy.
    2. In the console tree, double-click Local Policies, and then click User Rights Assignments.
    3. In the details pane, double-click Log on as a service.
    4. Click Add User or Group then add the appropriate account to the list of accounts that possess the Log on as a service right.
  3. Make sure the SQL Server has the domain account and contains the dbcreator and db_owner database roles.

    1. On the SQL ServerManagement Studio, select the domain account. The login Properties window appears.
    2. On the Select a page pane, choose Server roles.

      Tick the checkbox before dbcreator. Make sure the dbcreator and public (default) are selected. Tick the checkbox before db_owner if this role is included in your SQL server version.

      The checkboxes selected in this example are dbcreator , public(default).

      Check the SQL Server

      Click image to enlarge.

  4. Add Impersonation setting in IIS.

    To configure ASP.NET impersonation authentication:

    1. Open IIS Manager and navigate to the level you want to manage. For information about opening IIS Manager, see Open IIS Manager (IIS 7). For information about navigating to locations in the UI, see Navigation in IIS Manager (IIS 7).
    2. In Features View, double-click Authentication.
    3. On the Authentication page, select ASP.NET Impersonation.
    4. In the Actions pane, click Enable to use ASP.NET Impersonation authentication with the default settings.
    5. In the Actions pane, click Edit to set the security principal.
    6. In the Edit ASP.NET Impersonation Settings dialog box, select Specific user for the windows account you want to use.
    7. Click OK to finish or proceed to the next optional steps to change the identity to impersonate.
    8. Optionally, click Set to change the Specific user identity.

      Edit ASP.NET Impersonation Settings

      Click image to enlarge.

    9. In the Set Credentials dialog box, enter the name of an existing user account in User name, the password associated with that user account in Password, and then the exact same value in Confirm password for a new account IIS should use for anonymous access.
    10. Click OK to close the Set Credentials dialog box.
    11. Click OK to close the Edit ASP.NET Impersonation Settings dialog box.
Premium
Internal
Rating:
Category:
Troubleshoot
Solution Id:
1114294
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.