This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to Uninstall Sophos Enterprise Console (551) & Database

Hello,

I have Sophos Enterprise Console installed on an SDC W12 R2. There are several issues with the install in that when I try to run the installer, I get the "You do not have sufficient database rights". I am in the Domain Admins, Sophos DB Admin, Sophos Console Admin etc etc groups so not sure why this is an issue. 

I checked the logs in: c:\ProgramData\Sophos\Management Installer\Sophos_bootstrapper..... and I get this error:

Error: COM error. Connection String:Provider=SQLOLEDB.1; Integrated Security=SSPI; Initial Catalog=Sophos551; Data Source=(local)\SQLExpress; use procedure for prepare=1; Auto Translate=......... Error: IDispatch error#3081; Description: The SELECT permission was denied on the Object 'Computers'; database 'SOPHOS551', schema  'dbo'.

I went into SQL Studio and looked at the properties of the SOPHOS551 db. The owner of that is set for a <domain\username> where the username is no longer valid. I believe this was meant to the SophosManagement (Sophos DB) useraccount? 

I tried to then follow two KB articles: 

  1. support.sophos.com/.../KB-000033317
  2. https://support.sophos.com/support/s/article/KB-000034444?language=en_US

But I could not uninstall the Sophos Database step or the step from there onwards. 

My questions are:

1. How can I change the owner of this database to <domain\SophosManagement>? (If this is the right account it should be installed to?)

2. why, as a domain admin doesn't have "sufficient database rights"?

3. How can I cleanly uninstall all components of Sophos SEC including the database so that I can start a fresh install?

Thank you. 



This thread was automatically locked due to age.
Parents
  • Hello Quad Zero,

    this is, err, a little bit chaotic. Last but not least an answer to question 3 would make 1 and 2 obsolete.

    As this is 5.5.1 and furthermore the database owner's username is no longer valid it has apparently been running for some time.
    What were the issues that prompted you to re-run the installer and was running setup.exe the first thing you tried in order to collect the problem? If not, what have you done before?
    The SQL error is a little bit strange, accessing the Computers view is not the first thing the bootstrapper does. I'm not sure if everything was correct up to this point, the whole log would be required to assess this.

    What exactly is I could not uninstall? You used Programs and Features, uninstalled the Console first, then tried to uninstall the Database component but ...?

    Christian

  • Hi Christian,

    Thank you for your reply.

    I have been at this problem for about 5 days now, done tons of research so apologies in advance if I come across as a little frustrated. Nevertheless, I want to find a solution to the problem.

    When you re-run the installer you get the #2 error msg, "You do not have sufficient database rights". The SEC would not start after the latest Windows 2012 R2 and came up with the error and could not start the Sophos Host Management Service. Because I could not re-start the svc, I opted to re-run the installer. 

    You are right, there are several things the bootstrapper does first. I just mentioned where and what the error was. There is no way to export the logs, it is running on an air-gap env. 

    With the "I could not uninstall" comment, I meant trying to uninstall through Add/Remove programs (appwiz.cpl). Here, I could uninstall the Sophos Management Console but could NOT uninstall the Sophos Database. It runs the uninstall window but nothing happens. The database is still existent in the appwiz window. 

    The questions that is still hard to compute are:

    1. Why can't I uninstall and reinstall Sophos? Why is this such a difficult task?

    2. I am not worried about the existing database. How can I remove it all and start from scratch? If this is possible, could you please point me to the right KB doc? 

    Thank you so much for your time Christian. 

  • Do you still have machines protected by the server? If you don't need the data in the database - I would just start fresh. You can use our installation guide and prep the new server.

    Is the SQL db on the same box or a remote server?

    Have you open SQL management studio and added your account to read/write the Sophos Databases?

    RichardP

    Program Manager, Support Readiness | CISSP | Sophos Technical Support
    Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • Hi Richard,

    Thanks for your message. 

    I am happy to start fresh but since this is on a secondary domain controller, I cannot clean swipe the OS. Hence I asked about removing SOPHOS completely and its DATABASE!! to start again. I have addressed this in point 2 above. 

    So this is one of the MAIN problems. Even though I am a DB Admin and in the right groups, the SQL Studio states that I do not have necessary privs to conduct the task to add/modify any existing or new user. 

    So ideally need a doc that would show how i can remove the existing database and then re-install. 

    Thank you.

  • Hello Quad Zero,

    I see. Could be that the repair attempts destroyed some evidence, anyway I'll mention what I would have done (just in case it helps someone else, even though SEC will be around for not much more than two years).

    could not start the Sophos Host Management Service
    this should result in events in the Windows Event log and depending whether it is an early failure or the service could at least partially initialize some message in the  %ProgramData%\Sophos\ManagementServer\log\FrontEndService.log.

    where and what the error was [...] no way to export the logs
    too bad. As to the where and what, while this is definitely the error that resulted in the abort of the bootstrapper the preceding workflow often gives additional hints at the cause. Some errors the bootstrapper encounters are deemed "potentially recoverable" and are consequently flagged as only warnings. An alternate path is taken and the final error might be misleading.

    Why is [uninstall] such a difficult task?
    Normally it isn't. Using SEC since day one (actually I took part in the V1.0 Beta) as far as I can remember I never encountered a failed uninstall. The MSI log should help, to obtain it run the uninstall from an elevated cmd prompt: msiexec.exe /x {AA43D7FA-D526-48D6-9F3B-11ABF0F74FC2} /qn /lv %windir%\Temp\DatabaseUninstall.log for the 64bit database (for 32bit the product code would be {7E770C6F-B685-4410-A397-1B8D7769E30A})

    Christian

Reply
  • Hello Quad Zero,

    I see. Could be that the repair attempts destroyed some evidence, anyway I'll mention what I would have done (just in case it helps someone else, even though SEC will be around for not much more than two years).

    could not start the Sophos Host Management Service
    this should result in events in the Windows Event log and depending whether it is an early failure or the service could at least partially initialize some message in the  %ProgramData%\Sophos\ManagementServer\log\FrontEndService.log.

    where and what the error was [...] no way to export the logs
    too bad. As to the where and what, while this is definitely the error that resulted in the abort of the bootstrapper the preceding workflow often gives additional hints at the cause. Some errors the bootstrapper encounters are deemed "potentially recoverable" and are consequently flagged as only warnings. An alternate path is taken and the final error might be misleading.

    Why is [uninstall] such a difficult task?
    Normally it isn't. Using SEC since day one (actually I took part in the V1.0 Beta) as far as I can remember I never encountered a failed uninstall. The MSI log should help, to obtain it run the uninstall from an elevated cmd prompt: msiexec.exe /x {AA43D7FA-D526-48D6-9F3B-11ABF0F74FC2} /qn /lv %windir%\Temp\DatabaseUninstall.log for the 64bit database (for 32bit the product code would be {7E770C6F-B685-4410-A397-1B8D7769E30A})

    Christian

Children
  • It is really this error msg "You do not have sufficient database rights". What causes this and how can i rectify this?

  • Hello Quad Zero,

    You do not have sufficient database rights
    this error is even more generic than the one you've posted initially.. As said, without context (and the bootstrapper log contains not everything but a significant part) it is all but impossible to tell What causes this, let alone how to rectify this.

    Christian

  • Well, this is what SOPHOS gives out. So if there is not a lot of context then SOPHOS needs to perhaps do that in their error msgs. And it is not more generic, it is exactly what I said in my frist msg, 2nd paragraph! 

    Please let me know what exactly you need out of the boot strapper log and I can post it on here.

  • Hello Quad Zero,

    I'm afraid, I can't tell what exactly [I] need - otherwise I would have already done so - and that's why I asked for the full bootstrapper log..There's not necessarily another error and sometimes not even a warning when the logic digresses due to an uncommon but not unexpected condition. 

    BTW - you did not pursue the the "uninstall route", did you?

    As the issue seems to be with the database I'd try to drop the database(s) and re-install them manually. Although I'm not sure whether the failed Database Component uninstall indicates an additional issue.

    Christian

  • Yes, of course. I asked the question "why is uninstall a difficult task" and you replied to that. I have tried uninstall several ways, one through running the appwiz.cpl and also tried re-running the sophos installer which gives me "You do not have sufficient database rights". 

    I think we are just going around in circles, with really no solution to fix this. I also found several other threads with admins having the same issue whilst trying to uninstall SOPHOS all with same solution... reinstall the OS.. this shouldn't be the way. 

    Anyways, open to anyone with more insight into this problem. Looks like we are heading to a reinstall of Win OS :/

  • So with this looming over us, could you please provide the link to the official documentation for installing the SEC in an airgap env?

    Thanks Christian. 

  • Hello Quad Zero,

    if just a few symptoms were all it takes to diagnose a disease we wouldn't need blood exams, PET scans, or other clinical tests. And telling the doctor the same symptoms over and over again would make him none the wiser.
    Of course if you prefer to reinstall the OS (I don't think this is necessary) you can do so. The Install and configuration Sophos Endpoint Security and Control on an air-gapped network isn't really a challenge.

    Christian