Kevin Spencer
asked on
Uninstallation of MS SQL Express on VUM, SRM and vSphere
Hey guys,
I have a few VUM, SRM and vSphere servers that have never been configured to use MS SQL Express, always direct to an external database. So the issue that all these devices have been scanned by Retina (for the first time) and one of the findings has been "Unsupported version of SQL detected"
I have confirmed that all of the boxes do have SQL Express installed (which could only have come from the VMware SRM, VUM or vSphere/Center install), and does not appear in add remove programs. Nessus has found out about its existence through the registry, detecting the key that are there from the SQL Express install.
This is a CVE 10, critical finding, so there is no ignoring it... The question is can it be uninstalled, or updated, even though it has been installed as part of the VMware products above without breaking anything? I don't know why it was installed as our build document for these apps clearly states that SQL Express should never be chosen as an option, the presumption is that it gets installed by the VMware app regardless of the choices made in the install wizard.
Any help would be greatly appreciated.
I have a few VUM, SRM and vSphere servers that have never been configured to use MS SQL Express, always direct to an external database. So the issue that all these devices have been scanned by Retina (for the first time) and one of the findings has been "Unsupported version of SQL detected"
I have confirmed that all of the boxes do have SQL Express installed (which could only have come from the VMware SRM, VUM or vSphere/Center install), and does not appear in add remove programs. Nessus has found out about its existence through the registry, detecting the key that are there from the SQL Express install.
This is a CVE 10, critical finding, so there is no ignoring it... The question is can it be uninstalled, or updated, even though it has been installed as part of the VMware products above without breaking anything? I don't know why it was installed as our build document for these apps clearly states that SQL Express should never be chosen as an option, the presumption is that it gets installed by the VMware app regardless of the choices made in the install wizard.
Any help would be greatly appreciated.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Can you share install path of SQL express???
ASKER
The issue here was that on the servers that SQL Express was "uninstalled", the MSI had failed and the engineer that had set off the unattended install had scripted to not halt even on errors. The main directory was left behind with the SQL EXP exe intact. The scanner was seeing the exe and reading the version and reporting a finding.
As soon as the failed installs were manually cleared up, and the devices rescanned the finding disappeared!
As soon as the failed installs were manually cleared up, and the devices rescanned the finding disappeared!
So no SQL Express - red hearing! - and therefore no security issue!
ASKER
Thanks for point me in the direction of looking at the filing system itself!
ASKER
This is the same for all the ~100 servers we have... I am not sure why it would have been installed if it was not needed, I think I am going to experiment on one of the servers after I take a snapshot of it.
I wanted to see if anyone else had come across this situation and had managed to uninstall the instance without there being any serious consequences.