This article addresses some FAQs about the SQL Server Express installed with SMEX.
You may define a port value. Follow these steps:
- In SQL Server Configuration Manager, expand SQL Server Network Configuration in the console pane, and double-click Protocols for ScanMail.
- Double-click TCP/IP to show its properties.
- The TCP Dynamic Ports dialog box will show a value of 0, indicating the Database Engine is listening on dynamic ports. If you want to define a specific port, delete 0, and input your preferred TCP port. Click OK.
- Modify dbcfg_DatabaseInstance.txt
- Open the service panel, right-click SQL Server (SCANMAIL) and then click Restart to stop and restart SQL Server. Restart SMEX Sevices.
Instance SCANMAIL: Missing registry entry system\currentcontrolset\services\msolap$SCANMAIL
Instance SCANMAIL: Missing registry entry system\currentcontrolset\services\reportserver$SCANMAIL
SMEX doesn't use these hidden keys, but MSSQL$SCANMAIL should exist.
For more information, refer to this Microsoft article on SQL Server Network Configuration: Shared Memory Properties.
There are three ways to find the certificate:
- Exchange Control Panel(ECP). On the ECP website, navigate to servers and go to certificate.
- Open a MMC > Add Certificates Snap In > Select Local Computer > Personal Folder > Certificates
- Follow instructions on KB 1099200: Enabling SSL in ScanMail for Exchange. Open IIS Manager > Open Server Certificates.
Please refer to the Microsotf article on Enabling Encrypted Connections to the Database Engine.
To configure the server to force encrypted connections:
- In SQL Server Configuration Manager, expand SQL Server Network Configuration, right-click Protocols for server instance, and then select Properties.
- In the Protocols for instance name Properties dialog box, on the Certificate tab, select the desired certificate from the drop-down for the Certificate box, and then click OK.
- On the Flags tab, in the ForceEncryption box, select Yes, and then click OK to close the dialog box.
- Restart the SQL Server service and the SMEX master service.
- The certificate must be issued for Server Authentication. The name of the certificate must be the Fully Qualified Domain Name (FQDN) of the computer, otherwise the certificate is not shown in the drop-down for the Certificate box of instance properties.
- Enabling SSL encryption increases the security of data transmitted across networks between instances of SQL Server and SMEX. However, enabling encryption does slow performance. For reference refer to the Microsoft article on Encrypting Connections to SQL Server.
The remote access enabled is default set when installing SQL Express. If there is no need to remote control SQL server db, it is ok to disable it.
Based on tests, there is a possibility that disabling it may affect visiting SQL Server Management Studio. Please contact Microsoft Technology Support for further information about this setting.
During setup of SQL Server Express a login is added for the BUILTIN\Users group. This allows all authenticated users of the computer to access the instance of SQL Server Express as a member of the public role. The BUILTIN\Users login can be safely removed to restrict Database Engine access to computer users who have individual logins or are members of other Windows groups with logins.
Before remove BUILTIN\Users, it is better to back up the BUILTIN\Users create sql script.