The Problem

SharePoint Products Configuration Wizard, when run for the first time, will create the Configuration DB and create a new SharePoint farm. In higher environment other than Dev it is a mandated practice to maintain two separate servers for application and database. SharePoint Products Configuration Wizard will be run in the application server where SharePoint is installed. In the configuration wizard, we will be specifying the back-end database where configuration database has to be created. So there would be a continuous network traffic exchange between the Application Server and the back-end Database Server when the Configuration wizard is run. When the Configuration Wizard runs for the first time there can be a chance that the below error pops up intermittently.

In this article, we will see how we can overcome the issue.

↑ Return to Top

How it happens

During the SharePoint Installation time, Run the SharePoint Products Configuration Wizard and click Next.

Click Yes to continue.

We are setting up a new farm, hence select the radio button ‘Create a new server farm’ and click Next.

Specify the database server name (VM02-SQL2016 in our case) in the field ‘Database Server’. The database access account used for the configuration will be ‘SPFarmAccount’ which will act as the farm account which is present in the domain.  Click Next.

However, we may run into the problem which is shown below.

On checking the SQL Server for the account permissions for SPSetupAccount(the account used for installing SharePoint), it was having ‘DBCreator’ and ‘Security Admin’ Privileges as mandated. As per the requirement, ‘SPFarmAccount’ (Farm Account) just needs to be a domain user. During the time of Configuration, the installer will automatically grant SPFarmAccount with DBOwner and SecurityAdmin privileges in the SQL Server. We don’t have to explicitly grant anything for SPFarmAccount.

↑ Return to Top

Root Cause & Resolution

After a lot of digging the root cause seems to be that SQL Server was not allowing any incoming connections. So we will have to enable it. Let’s see how to do it.

Go to the SQL Server VM and spin up SQL Server 2016 Configuration Manager.

Select SQL Server Network Configuration and click Protocols for MSSQLSERVER. TCP/IP is disabled by default. Enable it.

After doing that we have to write a firewall rule that will enable incoming connections to 1433 port which is where SQL Server listens to. Go to Control Panel -> System and Security -> Windows Firewall. Select Advanced Settings option.

Click ‘Inbound Rules’ and select ‘New Rule’ option.


This will open up the inbound rule configuration wizard. Select the radio button ‘Port’ and click Next.

Select the TCP radio button and specify the port 1433 in specific local ports text box.

Specify the action that has to be taken as part of the rule, select ‘Allow the connection’ radio button.

In profiles page, select the check box ‘Domain’ and click Next.

Specify the name for the rule and click Finish.

Make sure that you restart the SQL Server service for the changes to take effect.

Now if we go back to the Configuration Wizard in the SharePoint VM and click Next, it will proceed to the next page without any exception. 


Thus we saw how to resolve the ‘Cannot connect to database master at SQL Server’ error that occurs during the installation of SharePoint Server 2016.

↑ Return to Top

See Also

This article can also be viewed at the below link :