Endpoint Sensor (TMES) clients cannot register to the server using Windows account authentication with SQL server

As a workaround, do the following:

1. Add the domain account to the Administrator's Group.

   1. On the Computer Management console, go to Computer Management > Local User and Groups > Groups > Administrators.
   2. Right–click Administrators and select Properties.

   3. On the Members section, under Admnistrator, check if the domain account belongs to the group.

      

      Click image to enlarge.

2. Make sure the domain account contains the "Log on as a service" and "Log on as a batch job" user rights.

   To add the "Log on as a service" right to an account on your local computer:

   1. Open Local Security Policy.
   2. In the console tree, double-click Local Policies, and then click User Rights Assignments.
   3. In the details pane, double-click Log on as a service.
   4. Click Add User or Group then add the appropriate account to the list of accounts that possess the Log on as a service right.

3. Make sure the SQL Server has the domain account and contains the dbcreator and db_owner database roles.

   1. On the SQL ServerManagement Studio, select the domain account. The login Properties window appears.

   2. On the Select a page pane, choose Server roles.

      Tick the checkbox before dbcreator. Make sure the dbcreator and public (default) are selected. Tick the checkbox before db_owner if this role is included in your SQL server version.

      The checkboxes selected in this example are dbcreator , public(default).

      

      Click image to enlarge.

4. Add Impersonation setting in IIS.

   To configure ASP.NET impersonation authentication:

   1. Open IIS Manager and navigate to the level you want to manage. For information about opening IIS Manager, see Open IIS Manager (IIS 7). For information about navigating to locations in the UI, see Navigation in IIS Manager (IIS 7).
   2. In Features View, double-click Authentication.
   3. On the Authentication page, select ASP.NET Impersonation.
   4. In the Actions pane, click Enable to use ASP.NET Impersonation authentication with the default settings.
   5. In the Actions pane, click Edit to set the security principal.
   6. In the Edit ASP.NET Impersonation Settings dialog box, select Specific user for the windows account you want to use.
   7. Click OK to finish or proceed to the next optional steps to change the identity to impersonate.

   8. Optionally, click Set to change the Specific user identity.

      

      Click image to enlarge.

   9. In the Set Credentials dialog box, enter the name of an existing user account in User name, the password associated with that user account in Password, and then the exact same value in Confirm password for a new account IIS should use for anonymous access.
   10. Click OK to close the Set Credentials dialog box.
   11. Click OK to close the Edit ASP.NET Impersonation Settings dialog box.