Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 5 subscribers
  • Views 10596 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Safeguard Enterprise SQL Server Connection

MichaelZ

Hello Sophos experts,

I have a problem with the communication between our Sophos Safequard Enterprise Server and the Database Server,

The Database (SQL Express Server) is member of our Domain. The Safeguard Server because of security reasons not.

If I try a connectiontest on the Safeguard Server the DBAuth failed.

Is it right that i have to set up de defaultapppool credentials to the Network service user?

If i try a test with a odbc connect with a NT Authentification i get this error:

[Microsoft][ODBC SQL Server Driver][SQL Server]Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.

with sa (sql user) it works.

Any suggestions?

Thanks a lot

Michael

:20181


This thread was automatically locked due to age.
Parents
  • 0

    Hi Michael,

    thank you very much for posting. Actually this is a limitation of SQL / Microsoft that you are facing. You could try to enable [NT-Authority\Network Service] in the SQL Server but I don't see much of a chance that this will work.

    I would suggest to create a dedicated SQL account with access to the SGN DB, no permission to physically log on to the SQL server (if I remember correctly this can be configured) and you could then additionally use SSL between IIS and SQL. This should then work.


    Regards

    Dan

    :20901
Reply
  • 0

    Hi Michael,

    thank you very much for posting. Actually this is a limitation of SQL / Microsoft that you are facing. You could try to enable [NT-Authority\Network Service] in the SQL Server but I don't see much of a chance that this will work.

    I would suggest to create a dedicated SQL account with access to the SGN DB, no permission to physically log on to the SQL server (if I remember correctly this can be configured) and you could then additionally use SSL between IIS and SQL. This should then work.


    Regards

    Dan

    :20901
Children
No Data
Unfiltered HTML