Unable to uninstall Sophos Management Server SEC 5.3.1

Question

Hi there, 
 I'm just having some trouble uninstalling the Sophos Management Server application on our Windows Server 2012 R2. I have been following https://community.sophos.com/kb/en-us/12360 for the uninstall process, and am getting stuck at this application. It appears to run the install, freezes for a moment and then rolls back. The domain of this server has changed recently, so the original installing account would've been from the previous domain - not sure if this could have something to do with it. 
 I've tried running the installer directly with the uninstall key found in the registry (MsiExec.exe /X{E9366D3F-ED09-42D1-BAFF-1EF2E3BF8A37}), however the same issue. These events appear in the event log: 
 Event 8025, Sophos Management Service: There is no database connection. Management Service will be shut down. 
 Event 8004, Sophos Management Service: 
 Initialization failed. 
 Step: Creating a database connection Error: std::runtime_error Data: [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified 
 I gave it a crack installing the ODBC driver 11 for SQL server from https://www.microsoft.com/en-au/download/details.aspx?id=36434 but that hasn't had an effect. 
 I've run the Sophos diagnostic utility in case anyone's interested in having a dig through there. If there's anything I can provide or if anyone's been a similar situation before, I'd love to hear from you! 
 Cheers, 
 Christian

jak · Accepted Answer

MSI (s) (40:70) [13:24:15:414]: Invoking remote custom action. DLL: C:\Windows\Installer\MSIADF8.tmp, Entrypoint: MessageQueuingExecuteUninstall MSI (s) (40:EC) [13:24:15:414]: Generating random cookie. MSI (s) (40:EC) [13:24:15:416]: Created Custom Action Server with PID 15032 (0x3AB8). MSI (s) (40:A4) [13:24:15:446]: Running as a service. MSI (s) (40:A4) [13:24:15:448]: Hello, I'm your 32bit Elevated Non-remapped custom action server. MessageQueuingExecuteUninstall: Entering MessageQueuingExecuteUninstall in C:\Windows\Installer\MSIADF8.tmp, version 3.5.2519.0 MessageQueuingExecuteUninstall: Error 0x80070032: Domain SIDs not supported MessageQueuingExecuteUninstall: Error 0x80070032: Failed to get SID for account name MessageQueuingExecuteUninstall: Error 0x80070032: Failed to remove message queue permission MessageQueuingExecuteUninstall: Error 0x80070032: Failed to remove message queue permissions CustomAction MessageQueuingExecuteUninstall returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox) MSI (s) (40:14) [13:24:15:469]: Note: 1: 2265 2: 3: -2147287035 MSI (s) (40:14) [13:24:15:469]: User policy value 'DisableRollback' is 0 MSI (s) (40:14) [13:24:15:469]: Machine policy value 'DisableRollback' is 0 Action ended 13:24:15: InstallExecute. Return value 3. 
 Looks like the issue. The custom action MessageQueuingExecuteUninstall is failing. 
 Based on the article: 
 https://community.sophos.com/kb/en-us/117710 
 The issue does seem to be related to the values of the registry entries under: HKLM\SOFTWARE\[Wow6432node]\Sophos\EE\Management Tools\DatabaseUser 
 This makes sense with the recent changes you made. 
 Hopefully you can use this information to fix it up. 
 If you're still struggling, I know that Microsoft Message Queueing (MSMQ) - the Windows component is added to support the Sophos Patch server side component. 
 You can remove/add MSMQ as follows: 
 Windows 2012 
 
 Open Server Manager 
 From the manage menu, click the Remove Roles and Features 
 This will open the "Remove Roles and Features" Wizard 
 Click Next until the Features option is shown 
 Scroll down and deselect the Message Queuing option and then click Next 
 Click the Remove Button to complete the removal. 
 
 You could try removing it, if that would take the CA down a different path but I would try and fix up the registry keys to reference the account. 
 Regards, 
 Jak