Systems Integration

Symantec Endpoint Protection Manager 11.x – New Site with Windows/SQL 2008 R2

When installing SEPM, and choosing to store your data in SQL Server (2005, 2008 or 2008 R2), you will often receive Error 11501. The normal folderol is to enable TCP/IP and restart SQL.

This is great if you’re using the Default Instance. However, if you use a named instance (e.g. “SUPPORT\SEPM”), the jTDS JDBC driver used by SEPM attempts to contact the SQL Server Browser service (even though SEPM won’t use the service – requiring instead that you enter a static port).

Here’s the process for getting SEPM installed to a server with a named instance of SQL Server, with the following settings:

(Make sure to run the Management Server Configuration Wizard as Administrator so you bypass any hidden UAC dialogs)

Management Server Configuration Wizard


  1. Install SQL Server.
  2. Enable TCP/IP, restart SQL Server service.
    Enable TCP/IPQuick connect - SUPPORT - SUPPORT.ncma.local - Remote Desktop Connection_2012-04-02_23-41-19
  3. Change SQL Server Browser service to start automatically, and start it.Start SQL Server Bowser service automatically
  4. And last but not least, make sure the Windows Advanced Firewall allows incoming connection for both the SQL Server and Browser services:
  5. netsh advfirewall firewall add rule name = "SQL Server – SEPM" dir = in protocol = tcp action = allow localport = 1439 remoteip = any profile = domain
    netsh advfirewall firewall add rule name = "SQL Browser" dir = in protocol = udp action = allow localport = 1434 remoteip = any profile = domain
    netsh advfirewall firewall add rule name = "SQL Browser" dir = in protocol = tcp action = allow localport = 2382 remoteip = any profile = domain

  6. Make sure the <SEPM Install Dir>\data file has "Everyone:(OI)(CI)F” (this one caused me hours of wasted time – I think the installation process tries to set permissions, and fails)

Of course, you can alter the particulars, namely the profile of the firewall rules and the port the instance listens on. The important thing to note here is that you must have the SQL Server Browser service available during setup of SEPM using a named instance of SQL Server.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s