4 Replies Latest reply on Apr 28, 2017 11:54 AM by Radiowiz

    Enabled User Roles, but user is unable to open Shavlik Protect

    Radiowiz Rookie

      We recently installed Shavlik Protect and are now at the point of enabling User Roles so we can get a couple of techs into the application to Scan and run reports. I have added a new user, from our domain and assigned the permissions. However, when she logs onto the server and tries to open Protect, she gets the errors seen on the attachment. Anyone have any clues if this is a SQL permissions issue or?

        • 1. Re: Enabled User Roles, but user is unable to open Shavlik Protect
          ddenning SupportEmployee

          Hi,

           

          Thank you for contacting us.

           

          Please check out this document as it looks like there is an issue with the role assignment configuration https://community.shavlik.com/docs/DOC-2213.

           

          This will allow you to reset your role assignments.

           

          Thanks!

          • 2. Re: Enabled User Roles, but user is unable to open Shavlik Protect
            Radiowiz Rookie

            DDenning,

             

            Thanks for the reply. I will take a look at the document you mention and see if I can figure out the issue. In looking at the document, I am not sure it applies. I, as admin, still have access to the console. It is the user whose role I created who cannot open the application.

            • 3. Re: Enabled User Roles, but user is unable to open Shavlik Protect
              Radiowiz Rookie

              DDenning,

              I ran the TSQL script, cleared users from Roles table. Still the exact same error. User roles is turned off in Protect, no users showing in the "Roles" box. In theory (as I recall anyway) any user who can access the Protect server should be able to open it and work within it if Roles are not enabled. They are not enabled, and it still fails. As admin, I can still access it and open it and work within.

               

              Can you tell me if Protect should be automatically adding "Roles users" to the security permission on the Protect DB? I am finding that although I can connect to the DB via SSMS, even though I am a Protect admin, I have no upper level permissions on SQL. Unable to add users to DB, change roles within SQL, etc. I am unsure of how my associate installed Protect and SQL Express as I was out of the office at that time. But I am feeling like I am seeing a DB permissions issue.

               

              In one of the Shavlik logs (ST.Protect.Managed.dheiret@vts.log) , I am seeing the following:

              2017-04-27T14:59:56.6230689Z 0001 I Launcher.cs:348|'C:\Program Files\LANDESK\Shavlik Protect\ST.Protect.exe' is starting, version: 9.2.5119.0, full name: ST.Protect, Version=9.2.0.0, Culture=neutral, PublicKeyToken=19306d7375e33918.

              2017-04-27T15:00:07.0453065Z 0001 W Connection.cs:501|Attempting to recover from a broken connection in the database connection pool. Attempt: 1, connection state: Closed, error: System.Data.SqlClient.SqlException (0x80131904): Cannot open database "Protect" requested by the login. The login failed.

              Login failed for user 'VTS\dheiret'.

               

              Can you confirm if my SQL permissions issue is confirmed?

               

              Thanks,

              • 4. Re: Enabled User Roles, but user is unable to open Shavlik Protect
                Radiowiz Rookie

                Self reply to post resolution. Working with Ivanti support, we were able to determine that the users of the console need to proper SQL permissions, as well as being members of the local admins group on the machine Shavlik is running on. Protect console sets the permissions for Role users on SQL once Roles are enabled. The machine admin needs to add the required users to the local admins group. (Note to self: Be SURE you know how to log onto the console as a console admin prior to enabling roles. Also, add a back door admin user to the roles group so you can always get in.)