Guidelines for configuring remote SQL connections for WIN-PAK:

Login Page:

Login Page asks for 2 options as given below

1. Database Server Machine (WIN-PAK Installed Machine)

• Backup Database
• Database Server Machine Configuration
2. Remote SQL Server Machine
• Restore Database
• SQL Server Machine Configuration

Note:

• To take backup of WIN-PAK installed machine – login with that local machine credentials
• To update Database Server Machine Configuration in WIN-PAK installed machine for
configuring encrypted connection – login with Remote SQL Server Hosted Machine
Credentials
• To restore database and SQL Server machine configuration in the Remote SQL Server
hosted machine - login with that local machine (remote SQL machine) credentials.
• Once taken backup using this tool, need to restore the backup only using this tool. One
could not use Old Backup & Restore tool in WIN-PAK.
• In Remote SQL Server hosted machine, ensure TLS 1.2 is enabled and TLS 1.0 & TLS 1.1
should be disabled.
• It is recommended to run SQL service with built-in Local System account or NT Service
Account when Remote SQL Server configuration supported with WIN-PAK.

User Login:

1. ‘sa’ login not allowed using this tool.

 If the user tried login with correct ‘sa’ credentials, below error popup will be displayed.

2. Only high privileged SQL server user (with sysadmin privilege) will be allowed to login. If tried to
login with user (without sysadmin privilege), below error popup will be displayed.

4 Steps to Establish Remote SQL Server Connection with WIN-PAK

1. Backup a database in WIN-PAK Database Server Machine

2. Restore this backup in Remote SQL Hosted Machine
3. Update Encryption Configuration in Remote SQL Hosted Machine
4. Update Registry Configuration in WIN-PAK Installed Machine

1. Backup a database in WIN-PAK Database Server Machine:

1. Connect “WIN-PAK PRO” Database installed machine.

2. Copy “Honeywell.Winpak.DBManager” tool to desktop.
3. Open “WIN-PAK Service Manager” and stop all the WIN-PAK Services.
4. Run the tool as administrator and select “Database Server Machine” and connect with local
machine Database Credentials.
5. If connection established then Select “Backup” tab.
6. Select folder path to save the database backup files.

7. Select folder path to save the master key backup file.

8. Enter the master key password for encryption. Please ensure to remember the password as it
will be asked during Restore of this backup file.
9. Click “Backup” button to save the database backup files (if trinity database available then two
backup files created in that selected location). Also master key backup file will be saved to the
selected master key file location.
Note:
• To copy the master key backup file, need to modify the security settings in properties of
backup file to grant read access for user as given in below screenshot (Advanced option
and add the user and select permission).
10. Open “WIN-PAK Service Manager” and restart all the WIN-PAK Services.

2. Restore this backup in Remote SQL Hosted Machine:

1. Connect Remote SQL Server Hosted Machine to restore database.

2. Copy database and master key backup files to destination machine.
3. Copy “Honeywell.Winpak.DBManager” tool to desktop.
4. Run the tool as administrator and select “Remote SQL Server Machine” and connect with local
machine Database Credentials.

5. If connection established, then Select “Restore” tab

 6. Select backup file path to be restored.
7. Select master key backup file path to be restored.
8. If SQL authentication, give credentials for creating low privileged SQL server user which will be
used by WIN-PAK application.
9. Enter the password for creating “wppcswlogin” database user.
10. Enter the master key password given during backup.
11. Click “Restore” button to restore the database.
Note:
• If got error in given scenario - Database Backup and Master Key files copied on the
desktop gets an error that Cannot open backup device operating system error during
restore at Remote SQL Server.
• Try copying Database Backup and Master key files to the location where the user has
admin access and try restoring again.

3. Update Encryption Configuration in Remote SQL Hosted Machine:

1. Go to Remote SQL Server Hosted machine.

2. Open the copied tool “Honeywell.Winpak.DBManager”.
3. Run the tool as administrator and select “Remote SQL Server Machine” and connect with local
machine Database Credentials.

4. If connection established, then Select “Remote SQL Server Machine Configuration” tab
 5. Click “Create Certificate to create and install the self-signed certificate with the machine name
(IP Address or Server name – Ensure name should be same as the server name given during SQL
User Login).
6. Select the path to export the installed self-signed certificate in this machine.
7. Click “Update Encryption Configuration” to update the SQL encryption settings in the machine.
8. Restart the SQL Server Service (for selected SQL instance).
9. Restart the SQL Browser Service.

Note:

• If not able to start the SQL Server Service as given in below screenshot, add Service
Account on which the SQL Server runs (default NT Service\MSSQLSERVER) to the newly
created certificate in MMC console. Steps are given below.

❖ Open Run command prompt and type MMC.

❖ Click File menu and select “Add/Remove Snap-in…”
❖ Select Cetificates under “Available Snap-ins” and click Add.
❖ In “Certificates snap-in” window, select “Computer Account” and click
Next.

❖ Click Finish and click Ok.

❖ Under Console, expand “Certificates(Local Computer)”.
❖ Expand “Personal” and select “Certificates”).
❖ In right side pane, right click the newly created certificate and select
“All Tasks” and select “Manage Private Keys”.
 ❖ In the opened window if SQL Server Account is not listed(default NT
Service\MSSQLSERVER), click “Add” and add the service account and
grant permission for the certificate.

❖ Restart the SQL Service (for selected instance).

4. Update Registry Configuration in WIN-PAK Installed Machine:

1. Connect WIN-PAK installed machine.

2. Copy the exported self-signed certificate from the Remote SQL Server hosted machine.
3. Copy “Honeywell.Winpak.DBManager” tool to desktop.
4. Open “WIN-PAK Service Manager” and stop all the WIN-PAK Services.
5. Run the tool as administrator and select “Database Server Machine” and connect with Remote
SQL Server hosted machine database credentials ( DON’T USE ‘sa’ user).
Note:
• If you are facing issues in connecting the remote SQL server like “A network-
related or instance-specific error occurred while establishing connection with
SQL Server” ensure the firewall is configured in remote SQL server hosted
machine.
• Add firewall exception for SQL TCP Port (Default port 1433) in the remote SQL
Server hosted machine.
❖ Open remote SQL server hosted machine.
❖ Open Run command prompt and type “firewall.cpl”
❖ In “Windows Defender Firewall” window, click “Advanced Settings”.
❖ In the opened window select “Inbound Rules” and click “New Rule”.
❖ In “New Inbound Rule Wizard” select “Port” and click Next.

❖ In “Protocols and Ports” window, select TCP and select “Specific local
ports” and type the port number(Default port -1433) and click Next.
 ❖ Select “Allow the Connection” and click Next.
❖ Click Next and give a rule name and description and click Finish.
❖ Now open WIN-PAK Installed Machine and try to login with Remote
SQL Server hosted machine credentials.

6. If connection established then Select “Database Server Machine” tab.

7. Select the path of the self-signed certificate exported from Remote SQL Server hosted machine.
8. Click “Import Certificate” to import the certificate to the Trusted Root Certificate Authority
store.
9. Enter the low privileged SQL server user credentials, which will be used by WIN-PAK application.
10. Enter the password for “wppcswlogin” database user.
11. Click “Update Registry” to configure the DSN encryption settings and database connections to
WIN-PAK applications.
12. By Default “Trusted Connection” will be unchecked.
13. If we see below message after updating registry values, then follow the given steps
• Open SQL Server Configuration Manager and right click SQL Native Client Configuration
and select Properties and set “Force Protocol Encryption” flag to “yes”.

• Open WIN-PAK System Manager and update the password in Database Server tab (if
SQL authentication).
• Update Database password using ODBC DSN as given below
❖ In Windows Start type “ODBC” and select “ODBC Data Sources (32-bit).
❖ In ODBC window opened, select “System DSN” tab,
❖ Select “WIN-PAK Database” and click Configure.
❖ Click Next.
❖ Type Password (if SQL authentication) and click Next.

❖ Click Next and click Finish.

❖ Click “Test Data Source”
❖ The result should be shown as
 ❖ If you got any certificate related errors, Run the
“Honeywell.WINPAK.DBManager.exe” tool as administrator and select
“Database Server Machine” and connect with Remote SQL Server hosted
machine database credentials and select “Database Server Machine” tab.
❖ Give “wppcswlogin user credentials” and select “Trusted Connection” and click
“Update Registry”.

❖ Now try to update the password in ODBC DSN again as given in above steps.

• Restart SQL Service.

• Restart the SQL Browser Service.
• Open “WIN-PAK Service Manager” and restart all the WIN-PAK Services.

VMS Remote SQL

For VMS Remote SQL configuration, follow the below steps

To change the Connection string information:

1. Navigate to VMS Installed Path >bin > Trinity.SystemServices.exe.config file.
2. Right click and then select Edit to open the config file.
3. In the config file, go to ConnectionStrings section to change DBConnectionString.
 • The Windows Authentication Connection String should be similar as shown below: User
need to provide the Databasename & Server details
<connectionStrings>
<add name="DBConnectionString"
connectionString="Database=Databasename;Server=.\SQLEXPRESS;Inte
grated Security=SSPI;" providerName="System.Data.SqlClient" />
</connectionStrings>
• SQL Authentication Connection String should be similar as shown below: User need to
provide the Databasename,UserID,Password & Data Source details
<connectionStrings>
<add name="DBConnectionString" connectionString="Persist
Security Info=False;User ID=UserID;Password=UserPassword;Initial
Catalog=Databasename;Data Source=.\SQLEXPRESS"
providerName="System.Data.SqlClient" />
</connectionStrings>
4. Modify the Connection String and then Restart the Trinity Server Service.

DataBase Registry Settings Update for 64 bit machine:

1. Click Start > Run and then type Regedit' command in the Run command box.
2. Click OK.
3. Path for 64 bit machine:
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Honeywell\TrinityFrame
work\DatabaseDetail
4. Registry Settings update screenshot

5. Update the entries as mentioned in the below table:

Note:
• In case of SQL Authentication update low privileged SQL user credentials in the connection
string (both in registry and Trinity.SystemServices.exe.config file).
• Known Observation:
 “Database=TrinityDatabase” must be the first value in the registry entry
“CONNECTIONSTRING”.
• In domain environment with remote SQL configuration, need to ensure Trinity Server
service run with domain user login.
• In workgroup environment with remote SQL configuration, need to ensure Windows user
name should not be "admin"(VMS Limitation).

For further details on VMS Remote SQL Configuration, please refer the below PDF – (Page# 7)

800-26012-A_MAXP
RO VMS 600 Permissions and Recommendations Technical Not....pdf

STEPS TO UPGRADE REMOTE SQL CONFIGURED MACHINE FROM WIN-PAK 4.8.2 to WIN-PAK 4.8.3:
1. WIN-PAK 4.8.2 will be installed in Machine 1 which points to SQL server Database in Machine
2 (Remote SQL server machine).
2. Backup the Database along with master key in Machine 2 (Remote SQL server machine)
through Remote SQL server utility by login with “Database Server” option (Machine 2
credentials).

3. Copy the Database and master key backup files from Machine 2 (Remote SQL server
machine) to Machine 1.
4. In Machine 1, open WIN-PAK Service Manager and stop all WIN-PAK Services.
5. In Machine 1, update Registry settings to point to the local Database through Remote SQL
server utility by login with “Database Server” option (Machine 1 credentials).
• Login to Remote SQL server utility with “Database Server” option (Machine 1
credentials).
• Go to Database Server Machine Configuration.
• Fill Low Privileged SQL user credentials and “wppcswlogin” credentials of local
machine (Machine 1).
• Click “Update Registry”.
• Open System Manager and update the password for “Database Server” tab and
“Database Archive Server” tab.
• Update Database password using ODBC DSN.
• Restart SQL Service.
6. In Machine 1, restore the Database backup taken from Machine 2 (Remote SQL server
machine) through Remote SQL server/B&R utility by login with “Remote SQL Server” option
(Machine 1 credentials).

7. Proceed with WIN-PAK 4.8.3 upgrade from WIN-PAK 4.8.2 in Machine 1.