[KB7220] Enable encrypted connection between ESET Security Management Center Server and MS SQL database

Issue

ESET business product no longer supported

This content applies to an ESET product version that is currently in End of Life status and is no longer supported. This content is no longer updated. 

For a complete list of supported products and support level definitions, review the ESET End of Life policy for business products.

Upgrade ESET business products.

Solution

Prerequisites:

  • ESMC Server and MS SQL Server installed on separate Windows computers.
    Are you running EMSC Server on Linux?

    If you have ESMC Server installed on Linux connected to MS SQL database installed on Windows, follow these instructions to enable encrypted connection to the database.

  • TLS 1.2 enabled on a supported MS SQL Server - read more here.

 

Enable encrypted database connection on ESMC Server machine:

  1. Download and install Microsoft ODBC Driver for SQL Server version 13 and later.
     
  2. Navigate to StartServices, right-click ESET Security Management Center Server service and select Stop.
     
  3. Navigate to the following directory:

    C:\ProgramData\ESET\RemoteAdministrator\Server\EraServerApplicationData\Configuration\
     
  4. Edit the startupconfiguration.ini file:
    Create a backup

    Create a backup of the startupconfiguration.ini file before you edit it.

  • Replace SQL Server with the name of the MS ODBC Driver, as listed in Start ODBC Data SourcesDrivers tab.
     
  • Add the following code to the end of the file: Encrypt=yes;TrustServerCertificate=yes;

Below is an example of startupconfiguration.ini (replace the parts highlighted in yellow with your values):

DatabaseType=MSSQLOdbc

DatabaseConnectionString=Driver={ODBC Driver 13 for SQL Server};Server=10.20.30.40,1433;Uid=era_user;Pwd={SecretPassword};CharSet=utf8;Database=era_db;Encrypt=yes;TrustServerCertificate=yes;

  1. Save the startupconfiguration.ini file.
     
  2. Navigate to StartServices, right-click ESET Security Management Center Server service → select Start.
     
  3. If you are able to log in to the ESMC Web Console, the encrypted connection to the database works properly. If you are not able to log in to the ESMC Web Console, follow the troubleshooting steps below to revert the configuration changes.

 

Troubleshooting:

  1. Navigate to StartServices, right-click ESET Security Management Center Server service and select Stop.
     
  2. Navigate to C:\ProgramData\ESET\RemoteAdministrator\Server\EraServerApplicationData\Configuration\
     
  3. Replace the startupconfiguration.ini file with the backup file (created in step 4 above).
     
  4. Navigate to StartServices, right-click ESET Security Management Center Server service and select Start.