Issue:

SQL 2012, through a new default security schema, does not give permission to NT Authority\System account.

Therefore unless the SES Admin requests the Domain Admin to set up an appropriate service account (under which SES Services that use the database can connect by changing the Login Account within the SDConnex and ADSync services), the common process (particularly during the SES evaluation phase) of using Windows Authentication to authenticate access to the database will not work, with the result that neither SDConnex nor ADSync windows services will start correctly if using Windows Authentication as the authority type.

Per this Microsoft article: http://msdn.microsoft.com/en-us/library/cc645578.aspx

"To enhance role separation, BUILTIN\administrators and Local System (NT AUTHORITY\SYSTEM) are not automatically provisioned in the sysadmin fixed server role.

Local administrators can still access the Database Engine when in single user mode.

SQL Server now supports Managed Service Accounts and Virtual Accounts when installed on Windows 7 or Windows Server 2008 R2."

NOTE: The above limitation applies to both full SQL Server 2012 and SQL Server Express Edition 2012

How to Correct this:

If you changed the 'NT AUTHORITY\SYSTEM' user to have db owner access, it will fix the issue.

How this issue was detected:

When configuring SES using SQL 2012 Server, the installing Admin noted:

"SDConnex does NOT work on SQL 2012 when using Windows Authentication. The service will indicate it as running, but it's actually not and you will see the following error in the event log;

**********Failed to open the Database : System.Data.SqlClient.SqlException: Cannot open database "winmagic" requested by the login. The login failed.Login failed for user 'NT AUTHORITY\SYSTEM'. at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj) at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj) ... approximately a dozen lines suppressed for brevity at System.Data.SqlClient.SqlConnection.Open() at WinMagic.SecureDoc.SDConnex.SdConnexWindowsService.CheckDBConnections()***********

During troubleshooting it was determined that, unlike previous versions of SQL Server (and Express), the NT Authority\System account no longer has the "sysadm" right in an installation of SQL 2012

By adding the DB_OWNER role to NT AUTHORITY\SYSTEM, and then restarting the SDConnex service (or ADSync Service), full functionality is restored.

Custom Fields

• Error message or code: Failed to open the Database / Login failed for user