Potential for Data Loss: The steps detailed in the resolution of this article may result in a loss of critical data if not performed properly. Before beginning these steps, make sure all important data is backed up in the event of data loss. If you are unsure or unfamiliar with any complex steps detailed in this article, please contact Product Support for assistance.
Security Expert Installation steps for separate SQL, SX application Server, and Client for use with Windows Authentication and Active Directory
- Microsoft SQL Server
- Microsoft Windows10
- Security Expert Server and Client
Access Denied error appears when attempting to log into Security Expert with Windows Authentication with a multiple PC Security Expert Installation
Important considerations when connecting Security Expert to an external SQL Server:
- Machines should be on the same network and Domain.
- When you install Security Expert, reference the SQL database in this form:
Machine Name\SQL Instance Name
- The Windows user account doing the installation must have admin rights on both machines. The windows login you're using to install on the Security Expert machine has to have admin privileges to alter the SQL Database on the remote machine. The easiest way to do this is to use the same account to set up all machines. Different accounts can be used, but the accounts have to have privileges added to the SQL Database manually. (Not covered in this document)
- Active Directory server has a domain user that can be used to install the applications on all machines.
- Licenses cover all machines
- Security Expert users are set up to use Windows Authentication (snapshots at the end of the document)
- If the SQL server ever had Security Expert Installed on it, uninstall Security Expert and reboot.
- If the Security Expert application server had SQL on it, uninstall SQL, reboot and reinstall Security Expert without local SQL.
- If the Client PC had Server components installed, uninstall Security Expert, reboot and install the client only.
- Perform the SQL Server Installation onto a separate Server per the Security Expert Installation Instructions
- Security Expert Application Server/Client installation (No SQL)
If this box is selected, the install may fail because the service has not been installed yet.
With this option selected, the install will finish and then the service can be configured later.
3. Change the database server to NOT be localhost\SecurityExpert
Use machinenameofSQLServer\SecurityExpert (Ex. SECEXPERTVM\SecurityExpert)
4. Select Windows Authentication
Complete the installation.
5. Open Windows Services on the Security Expert Application Server (Run> services.msc)
Right-click on Security Expert Data Service> Properties
Select the Log On tab
Deselect Login As Local System Account
Select This account and then click browse to search for the domain admin user
Start the service.
Security Expert Data Service, Security Expert Event Service, and Security Expert Update should all start
- Client only setup - Ensure the Server option is deselected
In the following dialog select Custom
7. Select the drop-down next to Server> then select “This feature will not be available”
Complete the installation
A successful login with the domain admin account using Windows Authentication from the Security Expert machine and also the client PC should work.
From the Client PC – Security Expert application server = 10.169.90.170
From the Security Expert Server/Client
SecurityExpertSV.exe.config (Server) – This file did not have to be changed
SecurityExpert.exe.config (Client) - This file did not have to be changed
Note: There may be circumstances where these files do need to be configured. See LL
Domain Tab example set up in Security Expert for Active Directory Windows Authentication
Operator Example setup in Security Expert for Windows Authentication
Global Support Lab Testing
SX Application Server (Windows10 1803)
SQL Server – Server 2012 R2 with SQL 2016 SP1 (VM)
SX Client – Window 8.1 Pro