18 Replies Latest reply on Feb 13, 2019 8:52 AM by dragoon231

SQL Server Compact Edition 3.5

dsimpkins Sep 5, 2018 11:37 AM

Hi,

I understand this is needed as part of the job engine but our security team has just jumped all over my back as it is EOL and support ended back in April 2018.

Version 4 is available but i'm not sure i can just go install the latest version without causing any issues, has anyone got any experience with this and how to keep the security team happy??

Thanks

Re: SQL Server Compact Edition 3.5

ronhilldiscover Sep 17, 2018 1:36 PM (in response to dsimpkins)

Just echoing the same issue. I received a security violation notice today from our internal security team when they found that this is running on EOL software and the requirement that we move it off the SQL Server Compact 3.5 platform.
Like (0)

Actions
Re: SQL Server Compact Edition 3.5

yagyavir.singh@gmail.com Sep 24, 2018 9:40 AM (in response to dsimpkins)

Don't

We have spent more than 50 hours in identifying that compact version 4 does not work well with
Orion Platform 2017.1.3 SP3, NPM 12.1, SAM 6.4.0 and
Orion Platform 2018.2.1 SP1, NPM 12.3, SAM 6.6.1

I am going to open a support case to identify support version matrix for SQL compact engine
1 of 1 people found this helpful
Like (1)

Actions
Re: SQL Server Compact Edition 3.5

yagyavir.singh@gmail.com Sep 24, 2018 11:17 AM (in response to dsimpkins)

I got the response from Solarwind support.

Hi ,

Currently we only support 3.5 even for NPM 12.3
There is already a request to have CE 4 and our developers are now looking into it.
We don't have ETA for that yet because this will be on the architectural level.

Cheers,
Rechmonjun Guarin
SolarWinds Technical Support | Unexpected Simplicity

aLTeReGo - I am tagging you for bringing this to your attention. 3.5 has already reached EOL and security teams are giving tough time to keep this version running. Latest version 4.0 SP1 is not going well with Orion platform. I will request your support to prioritize this work. I am sure this will become a big security risk item in my company.
Like (0)

Actions
- Re: SQL Server Compact Edition 3.5
  
  aLTeReGo Sep 24, 2018 11:23 AM (in response to yagyavir.singh@gmail.com)
  
  There is currently no way in which to get SQL CE 4.0 SP1 to work with Orion. Rest assured, however, that there are zero known vulnerabilities with SQL CE 3.5 and therefore poses no security risk. We are aware of SQL CE 3.5 being EoL and are actively taking action to address.
  
  Like (0)
  
  Actions
  - Re: SQL Server Compact Edition 3.5
    
    yagyavir.singh@gmail.com Sep 24, 2018 11:25 AM (in response to aLTeReGo)
    
    Thank you aLTeReGo
    
    Like (0)
    
    Actions
  - Re: SQL Server Compact Edition 3.5
    
    dragoon231 Dec 12, 2018 8:55 AM (in response to aLTeReGo)
    
    Any word on a time frame on this? I am in the same boat with security team flagging me.
    
    Like (0)
    
    Actions
Re: SQL Server Compact Edition 3.5

timmckeehan Oct 2, 2018 10:45 AM (in response to dsimpkins)

We have the same EoL flag showing up on our vulnerability assessment.

I understand there are no known vulnerabilities with SQL CE 3.5 but that is no excuse for SolarWinds to ignore the end of life date, is it too early to inform them that CE 4.0 was released in 2011 and extended support ends in 2021?
Like (1)

Actions
Re: SQL Server Compact Edition 3.5

NatroN Oct 23, 2018 6:59 AM (in response to dsimpkins)

any news on this one? Server is flagged severity critical for running EOL Software
Like (0)

Actions
- Re: SQL Server Compact Edition 3.5
  
  aLTeReGo Dec 12, 2018 4:48 PM (in response to NatroN)
  
  SQL Compact Edition is no longer used in Orion Platform 2018.4, which is included with NPM 12.4.
  2 of 2 people found this helpful
  
  Like (3)
  
  Actions
  - Re: SQL Server Compact Edition 3.5
    
    dragoon231 Dec 12, 2018 11:28 PM (in response to aLTeReGo)
    
    Always the person with the answers! Will let client know it is time to get to moving on upgrading those servers.
    
    Like (0)
    
    Actions
  - Re: SQL Server Compact Edition 3.5
    
    dsimpkins Dec 13, 2018 3:49 AM (in response to aLTeReGo)
    
    Great news, although that does make something that happened me to yesterday more interesting...
    
    Did a fresh install of 12.4 on my test system which went smoothly but when i did the install for an APE it complained of a missing file (SSCERuntime_x86-ENU), i found a copy to put in the folder and everything continued.
    
    Digging deeper this morning and found the "product_catalog.log.json" file which references this file so although it looks like it didn't need the file it wanted it to be present.
    
    Like (0)
    
    Actions
    - Re: SQL Server Compact Edition 3.5
      
      serena Dec 13, 2018 1:54 PM (in response to dsimpkins)
      
      dsimpkins wrote:
      
      Great news, although that does make something that happened me to yesterday more interesting...
      
      Did a fresh install of 12.4 on my test system which went smoothly but when i did the install for an APE it complained of a missing file (SSCERuntime_x86-ENU), i found a copy to put in the folder and everything continued.
      
      Digging deeper this morning and found the "product_catalog.log.json" file which references this file so although it looks like it didn't need the file it wanted it to be present.
      Thanks for letting us know. I'll investigate internally on this matter, and will reach out to you directly if I have more questions.
      
      Like (0)
      
      Actions
Re: SQL Server Compact Edition 3.5

dsimpkins Feb 1, 2019 7:26 AM (in response to dsimpkins)

Dragging up my old post.

Does anyone who has done the upgrade to 12.4 know if it removes this component or if you have to manually uninstall it afterwards?

Thanks
Like (0)

Actions
- Re: SQL Server Compact Edition 3.5
  
  aLTeReGo Feb 1, 2019 8:55 AM (in response to dsimpkins)
  
  SQL Compact Edition 3.5 is not removed upon upgrade, though Orion Platform 2018.4 no longer relies upon it. Instead, Orion Platform 2018.4 utilizes SQL Compact 4.0.
  
  We do not uninstall SQL Compact Edition 3.5 automatically as we have no way of knowing if there are other products and solutions installed on the same server as Orion which rely upon SQL Compact 3.5. It is better to air on the side of caution than to have your upgrade of Orion break other products installed on the same server.
  
  Like (0)
  
  Actions
  - Re: SQL Server Compact Edition 3.5
    
    dsimpkins Feb 1, 2019 9:06 AM (in response to aLTeReGo)
    
    Makes sense but couldn't find anything concrete so say either way if it does get rid of it.
    
    Is there anyway to confirm the dependency is removed post upgrade so that one i start uninstalling the system doesn't crumble beneath me?
    
    Thank you for the speedy reply, i wasn't expecting it so quickly so apologies to others i may have asked at the same time
    
    Like (0)
    
    Actions
    - Re: SQL Server Compact Edition 3.5
      
      aLTeReGo Feb 1, 2019 9:36 AM (in response to dsimpkins)
      
      Orion Platform 2018.4, or its related product modules have no reliance on SQL Compact 3.5, though I can't speak to any other possible products/features you may also have installed on your server.
      1 of 1 people found this helpful
      
      Like (0)
      
      Actions
      - Re: SQL Server Compact Edition 3.5
        
        dsimpkins Feb 1, 2019 9:38 AM (in response to aLTeReGo)
        
        These are all dedicated servers to Orion so i should be good to uninstall after my upgrade is completed.
        
        Thanks again
        
        Like (0)
        
        Actions
    - Re: SQL Server Compact Edition 3.5
      
      dragoon231 Feb 13, 2019 8:52 AM (in response to dsimpkins)
      
      Go to Control Panel to see Programs and Features and see if it is listed.
      
      Like (0)
      
      Actions

Go to original post