I am upgrading on-prem Orchestrator from 2019.10 to 2021.4. As part of this the MSI installs Identity Server. An error message is returned when the install is attempted:
‘Verify the SQL connection string of Identity database and make sure that the server is accessible with the supplied credentials.’
Our DBAs have confirmed that the installer is accessing at least some parts of Orchestrator database as the user running the installer, not as the specified app pool user. They have had to grant my user account write permission to the database in order to proceed in the installer.
It is not IIS that is performing the installation so the app pool user would not apply here.
You can do one of a few things
Grant your user the necessary rights in the database
Create the database ahead of installation (if your DBAs have restrictions on owner/creation, etc.
Use the Run As to launch the install as the require service account
Log into the Orchestrator host as the service account, assuming it has rights to also manage install path and services, etc.
This would be the same as opening SSMS and using Integrated Windows Authentication, SSMS is going to launch in the context of the user who is running the application. In order to Authenticate as another user, one must use Run As to launch the application as another user in order to authenticate with IWA on the SQL Server.
Thanks. Installation worked when my account was given permissions on the database server.
I’ll say again that it is rather expected that when an installer dialogue asks for credentials, it is those credentials that it uses for all of its actions. This database permissions requirement should be stated in the documentation at is very unexpected.