New in the Community? Get started here

Schneider Electric Exchange Community

Discuss and solve problems in energy management and automation. Join conversations and share insights on products and solutions. Co-innovate and collaborate with a global network of peers.

Register Now
Knowledge Base
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

- Join us for a Live Webinar: Innovation Talk - Ask your questions to our BMS Experts on November 19th! Register here!

- Discover the Exchange Community Top members of October here!

- The member of the month: Vassil, EcoXpert Master read the article here!

Security Expert Multiple Machine Installation for Windows Authentication with Active Directory

Warning

Potential for Data Loss: The steps detailed in the resolution of this article may result in a loss of critical data if not performed properly. Before beginning these steps, make sure all important data is backed up in the event of data loss. If you are unsure or unfamiliar with any complex steps detailed in this article, please contact Product Support for assistance.

Issue

Security Expert Installation steps for separate SQL, SX application Server, and Client for use with Windows Authentication and Active Directory

Product Line

Security Expert

Environment

  • Microsoft SQL Server
  • Microsoft Windows10
  • Security Expert Server and Client 

Cause

Access Denied error appears when attempting to log into Security Expert with Windows Authentication with a multiple PC Security Expert Installation

Resolution

Important considerations when connecting Security Expert to an external SQL Server:

  1. Machines should be on the same network and Domain.
  2. When you install Security Expert, reference the SQL database in this form: 

Machine Name\SQL Instance Name

  1. The Windows user account doing the installation must have admin rights on both machines. The windows login you're using to install on the Security Expert machine has to have admin privileges to alter the SQL Database on the remote machine. The easiest way to do this is to use the same account to set up all machines. Different accounts can be used, but the accounts have to have privileges added to the SQL Database manually. (Not covered in this document)

 

Assumptions:

  • Active Directory server has a domain user that can be used to install the applications on all machines.
  • Licenses cover all machines
  • Security Expert users are set up to use Windows Authentication (snapshots at the end of the document)
  • If the SQL server ever had Security Expert Installed on it, uninstall Security Expert and reboot.
  • If the Security Expert application server had SQL on it, uninstall SQL, reboot and reinstall Security Expert without local SQL.
  • If the Client PC had Server components installed, uninstall Security Expert, reboot and install the client only.

 

  1. Perform the SQL Server Installation onto a separate Server per the Security Expert Installation Instructions
  2. Security Expert Application Server/Client installation (No SQL)

If this box is selected, the install may fail because the service has not been installed yet.

With this option selected, the install will finish and then the service can be configured later.

Start Service.jpg

3. Change the database server to NOT be localhost\SecurityExpert

Use machinenameofSQLServer\SecurityExpert (Ex. SECEXPERTVM\SecurityExpert)

DatabaseServerRemote.jpg

4. Select Windows Authentication

WindwosAuthenticationSelect.jpg

Complete the installation.

 

5. Open Windows Services on the Security Expert Application Server (Run> services.msc)

Right-click on Security Expert Data Service> Properties

Select the Log On tab

Deselect Login As Local System Account

Select This account and then click browse to search for the domain admin user

SXDataServiceDomainUser.jpg

 

Start the service.

Security Expert Data Service, Security Expert Event Service, and Security Expert Update should all start

 

  1. Client only setup - Ensure the Server option is deselected

In the following dialog select Custom

ClientCustom1.jpg

 

7. Select the drop-down next to Server> then select “This feature will not be available”

ClientCustom2.jpg

Complete the installation

 

A successful login with the domain admin account using Windows Authentication from the Security Expert machine and also the client PC should work.

 

From the Client PC – Security Expert application server = 10.169.90.170

ClienLogin.jpg

From the Security Expert Server/Client

ServerLogin.jpg

SecurityExpertSV.exe.config (Server) – This file did not have to be changed

SecurityExpertSV.exe.Config.jpg

 

 SecurityExpert.exe.config (Client) - This file did not have to be changed

SecurityExpert.exe.Config.jpg

 

Note: There may be circumstances where these files do need to be configured. See LL

https://community.exchange.se.com/t5/Knowledge-Base/Security-Expert-Error-Server-Has-Rejected-Client...

 

Domain Tab example set up in Security Expert for Active Directory Windows Authentication

SX AD TAB.jpg

 

Operator Example setup in Security Expert for Windows Authentication

SX Operator WindowsAuth.jpg

 

Global Support Lab Testing

SX Application Server (Windows10 1803)

SQL Server – Server 2012 R2 with SQL 2016 SP1 (VM)

SX Client – Window 8.1 Pro

Tags (1)
Labels (1)
No ratings
Contributors