Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 5 subscribers
  • Views 10594 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Safeguard Enterprise SQL Server Connection

MichaelZ

Hello Sophos experts,

I have a problem with the communication between our Sophos Safequard Enterprise Server and the Database Server,

The Database (SQL Express Server) is member of our Domain. The Safeguard Server because of security reasons not.

If I try a connectiontest on the Safeguard Server the DBAuth failed.

Is it right that i have to set up de defaultapppool credentials to the Network service user?

If i try a test with a odbc connect with a NT Authentification i get this error:

[Microsoft][ODBC SQL Server Driver][SQL Server]Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.

with sa (sql user) it works.

Any suggestions?

Thanks a lot

Michael

:20181


This thread was automatically locked due to age.
  • 0

    Hi Michael,

    thank you very much for posting. Actually this is a limitation of SQL / Microsoft that you are facing. You could try to enable [NT-Authority\Network Service] in the SQL Server but I don't see much of a chance that this will work.

    I would suggest to create a dedicated SQL account with access to the SGN DB, no permission to physically log on to the SQL server (if I remember correctly this can be configured) and you could then additionally use SSL between IIS and SQL. This should then work.


    Regards

    Dan

    :20901
  • 0

    Hi Daniel,

    sry but it did not work for me.

    Could you explain you 2nd solution?

    I don't know how to add a user to the default application pool. I get an "error" like "The specified passwor is invalid. Type a new password." But the Password is correct. I worked with the best practise installation guide and hang on point 2.6 (page 22) 

    Thanks a lot ...

    Michael

    :21199
  • 0

    Hi Michael,

    ok lets see if I can shed some light here ;) The idea is to use SQL authentication to access the SQL server but so secure that using SSL. This would provide the maximum of transport security but with a static account.

    In this scenario the Application Pool identity would remain on default and you would not use a dedicated account. The installation best practice assumes that all machines are part of a domain environment.

    Regards

    Dan

    :21201
Unfiltered HTML