KB Article | Forcepoint Support

Notes & Warnings

Note This is only relevant if SQL is located off-box and is not SQL Express.

Problem Description

While attempting to configure the Temporary File Location from the Forcepoint DLP installer, the system displays the error:
Failed to write to local path "\\Path of backup folder" from SQL server
User-added image

This folder connection must be valid for incident partition management and DLP Backups and Restorations to be successful.

Resolution

The temporary location shown in the screenshot under the From SQL Server section is the default folder where the Forcepoint Setup installer will place the archive file of the SQL database that will be transferred to the final location set in the Forcepoint Security Manager. The purpose of this location is to serve as a holding ground for SQL files between the Management Server and the SQL Server.
 
This folder needs to be accessible by the service account used by the SQL Server service, the account running the SQL services (MSSQL) on the server where SQL is installed. This account is often the local service or local system which might be limited by a Group Policy Object.
 
To isolate the issue, consider the following options:
  1. Use a different service account to connect to SQL to see if the problem is the account. The sa account can be used if available. In order to change this, run a modify of Forcepoint Infrastructure, then Forcepoint DLP afterward.
  2. Confirm that the account used by DLP to connect to SQL has the proper permissions for the connection to pass:
    • The Service Account will need dbcreator, db_backupoperator, and dbreader (on msdb). 
    • The dbo default schema includes: 
      • master: db_backupoperator, public 
      • msdb:  db_datareader, public, SQLAgentOperatorRole, SQLAgentReaderRole, SQLAgentUserRole 
      • wbsn-data-security: db_datareader, db_datawriter, db_owner, public
  3. Ensure the account running the SQL service has read/write permissions to the folder destination. As a test, considering sharing the folder with Everyone temporarily.
The error for From SQL Server can also be displayed if the installer is unable to backup the master database, which is used during the verification test. If permissions are ruled out, add the sysadmin and DBBackupCreator role to the SQL account used by Forcepoint.

The temporary location shown in the screenshot under the From Forcepoint (formerly known as TRITON) Management Server section should be the same folder as the first location. The Data Security Suite (DSS) service account will be used to access this location and move from the folder created in SQL server.
 
The following services will be used to complete the archiving/backup process:
  • SQL Server Service Account
  • DSS Service Account
  • The account configured for the TRITON backup (usually the service account)
Also, ensure that the configured backup folder has enough permissions (read/write or higher) for a successful completion of this task.
 
Database Administrators should follow the Administering Databases Guide to ensure that permissions are set adhering to requirements.



Keywords: DSSBackup, Data DLP Backup; Backup Restore; SQL Server Issue; Management Server Issue; Service Account; SQL Database Permission; SQL Server Role; DB Configuration; DLP Upgrade Check; Pre-Upgrade; Server Migration; Temp Folder DLP MSI Modify; Archiving Archival Location; Temporary Folder;

Article Feedback



Thank you for the feedback and comments.