SEP 安裝或升級至 12.1.5(RU5)後,內嵌資料庫無法啟動

Posted on
錯誤訊息

In the Windows event log:

SQLANYs_sem5
Can’t open Message window log file: D:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\db\out.log

In the Upgrade-0.log:

The service SQLANYs_sem5 failed to be started.

In the Management Server Upgrade Wizard:

Setting
ACL…(100%)…Done
Error occurred

Cause

在 SEP 12.1.5 (RU5), Symantec changed the SemSrv and SemWebSrv services to use service virtual accounts. These services are set to an UNRESTRICTED SID type, but the SQLANYs_sem5 service remains under the RESTRICTED category.

Solution

Use the following workaround to change the SID type to UNRESTRICTED, since we are using a service virtual account for the Symantec Embedded Database service as well.

Check the SID type of the service
  1. On the computer where SEPM is installed, click Start > Run.
  2. Type CMD and click OK.
  3. Type sc qsidtype SQLANYs_sem5
  4. Verify that the following is returned:
    [SC] QueryServiceConfig2 SUCCESS
    SERVICE_NAME: SQLANYs_sem5
    SERVICE_SID_TYPE: RESTRICTED

image

Change the SID type of the SQLANYs_sem5 service to UNRESTRICTED
  1. On the computer where SEPM is installed, click Start > Run.
  2. Type CMD and click OK.
  3. Type cd “<Drive>:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin”
    Note: Replace <Drive> with the drive that SEPM is installed on.
  4. Type ServiceUtil.exe -changeservicesidtype 1 -servicename “SQLANYs_sem5”
    Note: Running the command returns: “Change the semsrv service SID successfully.” The string “semsrv” is hardcoded, but we are changing the SID type for the SQLANYs_sem5 service. Please disregard that message.

image

Verify that the SID type has changed to UNRESTRICTED
  1. On the computer where SEPM is installed, click Start > Run.
  2. Type CMD and click OK.
  3. Type sc qsidtype SQLANYs_sem5

image

Start services

After following the preceding steps, start the following services:

  • Symantec Embedded Database
  • Symantec Endpoint Protection Launcher
  • Symantec Endpoint Protection Manager
  • Symantec Endpoint Protection Manager Webserver

 

https://support.symantec.com/en_US/article.TECH225587.html

Comments

comments