Endpoint Protection

 View Only

  • 1.  Encryption is Required

    Posted Nov 09, 2016 08:49 AM

    I am trying to install the Symantec Endpoint Protection Management Console on a server and connect to an SQL server SEP12 Database on a different server.  I am getting the following two errors

    In the SQL Error Logs
    Error 17835 Severity 20 state 1
    Encryption is required to connect to this server but the client library does not support encryption: the connection has been closed.  Please upgrade your client library Client

    In the configuration wizard on the management server pplication SEP12
    Error 11501 Unable to connect to the database.  Make sure that you have entered the correct database parameters and that the firewall is not blocking the connection ...

    Specifications:
    The database server
    Windows Server 2012
    SQL Server 2014
    Encryption of Data in Transit enabled and using a certificate.

    The management
    Windows Server 2008
    Management console trying to install is 12.17

    I have a feeling the connection cannot be made because of the SQL Encryption of Data in transit.  I have done the following

    I ensured that TLS 1.2 is enabled on both server
    I imported the CA Root Certificate into the Trusted Root Certificate Authority on the management server

    Any help is appreciated.



  • 2.  RE: Encryption is Required

    Posted Nov 09, 2016 10:42 AM

    Have you looked at this?

    https://msdn.microsoft.com/en-us/library/ms191192.aspx

    https://msdn.microsoft.com/en-us/library/ms189067.aspx



  • 3.  RE: Encryption is Required

    Posted Nov 10, 2016 12:18 PM

    Thank you very much for posting the information

    The thing is that we have already done the tasks illustrated in the two articles that you have sent to me.

    The trouble is when trying to get The Management Configuration Wizard to connect to an existing SEP12 database on a seperate server it will not connect. 

    On the SQL Server Error Logs we are getting
    Error 17835 Severity 20 state 1
    Encryption is required to connect to this server but the client library does not support encryption: the connection has been closed.  Please upgrade your client library Client xxx.xxx.xxx.xxx

    The wizard error is
    Error 11501 Unable to connect to the database.  Make sure that you have entered the correct database parameters and that the firewall is not blocking the connection ...
     

    The problem is getting the management console to connect to the database after encryption has been configure. 

    Your help is appreciated. 



  • 4.  RE: Encryption is Required
    Best Answer

    Broadcom Employee
    Posted Nov 10, 2016 02:45 PM

    Hi,

    Thank you for posting your query on Symantec community.

    Forced encryption is confirmed as not supported. The traffic between the SEPM and the SQL server is, by default, not encrypted. For this reason, we recommend co-locating the SEPM and SQL server on their own secure subnet.

    • Open the SQL Server Configuration Manager
    • Click on SQL Server Network Configuration
    • Right click on Protocols for <SQL server>, click on Properties
    • Change Force encryption value to No

    Once you enable the TCP/IP protocol, restart the SQL Server service

    Refer this guide: Running Management Server Configuration Wizard on Symantec Endpoint Protection Manager (SEPM) SQL 2008 db on a 2008 server fails to connect

    http://www.symantec.com/docs/TECH184549

    Though it's specifically talking about 2008 Server, check if it works in your case or not. 

    Refer this guide as well: http://www.symantec.com/docs/TECH164636



  • 5.  RE: Encryption is Required

    Posted Nov 11, 2016 04:11 PM

    Thank you very much for the help.  

    We are going to create a new unencrtyped instance of SQL Server and move the database there and try again

    Your help is appreciated.