Environment
- App Control Server: 8.8.2
Symptoms
- App Control server was upgraded to 8.8.2
- App Control has been configured to use local SQL authentication (e.g. "sa" login) prior the upgrade
- Web console error: "The Carbon Black App Control Console cannot connect to the database"
- Reporter Log: System.Data.SqlClient.SqlException (0x80131904): Cannot open database "das" requested by the login. The login failed
Cause
During upgrade to 8.8.2 the authentication method used to connect to SQL Server is modified from local SQL authentication (e.g. "sa" login) to Windows authentication using the service account typed in the setup wizard
Resolution
This is currently being investigated by the engineering team under EA-21077
Assigning the necessary SQL permissions for the service account on the 'das' database will resolve the issue
per this KBAlternatively the following workaround can be applied in the meantime:
- If an App C agent is on the system please disable it temporary per this KB
- Stop the App Control Server and Reporter services
- Copy and backup the following files to another folder:
C:\Program Files (x86)\Bit9\Parity Server\WSProxy.config |
C:\Program Files (x86)\Bit9\Parity Server\Reporter\WSProxy.config |
C:\Program Files (x86)\Bit9\Parity Server\Reporter\ParityReporter.exe.Config |
C:\Program Files (x86)\Bit9\Parity Console\API\Web.config |
C:\Program Files (x86)\Bit9\Parity Console\WebUI\html\Dashboard\Web.config |
C:\Program Files (x86)\Bit9\Parity Console\WebUI\include\DataObject.ini |
Optional: C:\Program Files (x86)\Bit9\Integrations\CheckPoint\bin\bit9.dsn |
Optional: C:\Program Files (x86)\Bit9\Integrations\FireEye\listener\Web.config |
- Start with editing the following 3 files:
C:\Program Files (x86)\Bit9\Parity Server\WSProxy.config |
C:\Program Files (x86)\Bit9\Parity Server\Reporter\WSProxy.config |
C:\Program Files (x86)\Bit9\Parity Server\Reporter\ParityReporter.exe.config |
- Change the following line:
<add key="ConnectionString" value="Integrated Security=SSPI; server=SQLSERVER\SQLINSTANCE; database=das" />
- For SQL authentication the line will look like this:
<add key="ConnectionString" value="Trusted_Connection=No; uid=userhere; pwd=passwordhere; server=SQLSERVER\SQLINSTANCE; database=das" />
- For example:
<add key="ConnectionString" value="Trusted_Connection=No; uid=sa; pwd=Password1234; server=CBSQL01\MSSQLSERVER; database=das" />
- Edit these 2 files:
C:\Program Files (x86)\Bit9\Parity Console\API\Web.config |
C:\Program Files (x86)\Bit9\Parity Console\WebUI\html\Dashboard\Web.config |
- Change the following line:
<add name="ConnectionString" connectionString="Integrated Security=SSPI; server=SQLSERVER\SQLINSTANCE; database=das;" providerName="System.Data.SqlClient" />
- To look like this:
<add name="ConnectionString" connectionString="Trusted_Connection=No; uid=userhere; pwd=passwordhere; server=SQLSERVER\SQLINSTANCE; database=das;" providerName="System.Data.SqlClient"/>
- Edit this 1 file:
C:\Program Files (x86)\Bit9\Parity Console\WebUI\include\DataObject.ini |
- Change the following line:
database_das ="sqlsrv://SQLSERVER\SQLINSTANCE/das"
- To look like this:
database_das ="sqlsrv://user:password@SQLSERVER\SQLINSTANCE/das"
- For example:
database_das ="sqlsrv://sa:{Password1234}@CBSQL01\MSSQLSERVER/das"
- Verify that the content of this file "C:\Program Files (x86)\Bit9\Parity Server\shepherd.dsn" looks similar to this:
[ODBC]
DRIVER=SQL Server Native Client 11.0
UID="loginhere"
Trusted_Connection=No
DATABASE=das
SERVER=SQLSERVER\SQLINSTANCE
pwd="passwordhere"
- Start the App C Services
Related Content