NOT monitored servers

Ever run into NOT monitored servers?
NOT monitored servers
NOT monitored servers
Unsure your experience, but recently, I’ve run across multiple occurrences where servers show up as ‘not monitored.  As a result, I’ve found three distinct sets of issues that might cause ‘not monitored’ status –
1) Orphaned Agent blog
This scenario usually entails deleting server from Managed Agents view in Administration tab, where alerts or other details may still exist.  The procedure leverages Holman’s orphaned agent blog (tried and true) post from years back to aid cleanup.
2) Do you have packs or connectors extending classes?
3) Rebuilding a server with the same name is a common server occurrence
Related to 1, Holman’s orphaned agent blog to be used to cleanup.
First, let’s test in the Lab.  Second, let’s talk about the express lane ‘easy button’.  Begin by deleting the Windows Computer orphaned object GUID.  Process the Windows Computer object (bottom), followed by the top two (2) are HealthService, and HealthServiceWatcher object properties (see three items highlighted).
16db02 properties
16db02 properties
Second piece, marking the Windows Computer GUID for deletion (IsDeleted=1) cleans up nearly ALL properties.  See the progress below, how this slight change makes short order of orphaned properties for ‘server’.
Windows Computer object marks all but SCVMM for deletion
Windows Computer object marks all but SCVMM for deletion
Third HealthService & SCVMM objects require manual deletion per GUID.
Note first screenshot shows health service properties marked ‘IsDeleted’ = 1 after manually processing each GUID.
HealthService marked for deletion
HealthService marked for deletion
Fourth, screenshot shows there the HealthServiceWatcher property is marked for deletion (IsDeleted=1)
HealthServiceWatcher marked for deletion
HealthServiceWatcher marked for deletion
If you have SCVMM, you will need to repeat for each of the SCVMM properties to clear out the orphans in the DB.
Why – the issue:
Typically, when servers are reimaged, i.e. NOT deleted from SCOM, there are two+ healthservice, HealthServiceWatcher, Windows Computer properties created for each image of example server.   Additional properties may show duplicated for any class discoveries that are common to the old and new image.
NOTE: Deleting the current agent may clean up objects for that instance of the discovered server, but NOT the old server image.

SCOM MS TLS1.2 drivers

SCOM MS TLS1.2 drivers
SCOM MS TLS1.2 drivers

Courtesy of Brook Hudson, who provided clarification for encrypting SCOM data –

Question – Can we update the OLE DB Driver from 18.6.5 to 18.6.7 and the ODBC driver from 17.10.3 to 17.10.5.1 without breaking anything?

 

This configuration applies to SCOM2016 forward –

MS OLE DB Driver 18.6.7: https://go.microsoft.com/fwlink/?linkid=2242656

ODBC Driver 17.10.5.1: https://go.microsoft.com/fwlink/?linkid=2249004

 

 

I did NOT have success with this for SCOM2019 and SCOM2022 –

If the SQL endpoint is secured with encryption, then the following drivers can be used.

MS OLE DB Driver 19.3.2: https://aka.ms/downloadmsoledbsql

ODBC Driver 18.3.2.1: https://aka.ms/downloadmsodbcsql

If you want to use these newer drivers then SQL encryption is required, more information about enabling SQL Encryption: Configure SQL Server Database Engine for encryption – SQL Server | Microsoft Learnhttps://learn.microsoft.com/en-us/sql/database-engine/configure-windows/configure-sql-server-encryption?view=sql-server-ver15

 

The SQL team noted that the newer versions are defaulting Encrypt to be Yes/Mandatory. That is why the new drivers were having an issue. Setting up a certificate in the SQL endpoint would have allowed the connection to work:

Enable encrypted connections – SQL Server | Microsoft Docs

Certificate Management (SQL Server Configuration Manager) – SQL Server | Microsoft Docs

OLE DB Driver 19.0 for SQL Server Released – Microsoft Tech Community

ODBC Driver 18.0 for SQL Server Released – Microsoft Tech Community

 

IMPORTANT:

Update: Hotfixes released for ODBC and OLE DB drivers for SQL Server – Microsoft Community Hub

 

SQL SysMessages 18054 events

 

SCOM2016+ SQL SysMessages 18054 events
SCOM2016+ SQL SysMessages 18054 events

Whether you’re building a new SCOM2019, SCOM2022 environment or not, you might be missing these event details, and NOT even know!

 

It’s been a while for me, and I came across these, so posting for a fresh heads up!

Leverage Holman’s TXT files to keep your logging up to maximum potential!  Use the information below to resolve SCOM2016+ SQL SysMessages and 18054 events.

Holman GitHub download – contains SQL TXT files to run on OpsMgr & DW databases https://github.com/thekevinholman/SQLFix18054EventsSysmessages

 

The Github TXT files to download contain a clear scope of messages.

 

SQL messages excerpt

—————————————–
— MOMv3 messages are 77798xxxx —
—————————————–

———————————————–
— Discovery range: 77798-0000 to 77798-0049 —
———————————————–
— Managed type doesn’t exist.
EXECUTE sp_addmessage @msgnum = 777980000, @msgtext = N’The specified managed type doesn”t exist.’, @severity = 16, @lang = ‘us_english’, @with_log = false, @replace = ‘REPLACE’
GO

— Relationship type doesn’t exist.
EXECUTE sp_addmessage @msgnum = 777980001, @msgtext = N’The specified relationship type doesn”t exist.’, @severity = 16, @lang = ‘us_english’, @with_log = false, @replace = ‘REPLACE’
GO

— Source entity of the relationship doesn’t exist.
EXECUTE sp_addmessage @msgnum = 777980002, @msgtext = N’The specified relationship doesn”t have a valid source.’, @severity = 16, @lang = ‘us_english’, @with_log = false, @replace = ‘REPLACE’
GO

— Target entity of the relationship doesn’t exist.
EXECUTE sp_addmessage @msgnum = 777980003, @msgtext = N’The specified relationship doesn”t have a valid target.’, @severity = 16, @lang = ‘us_english’, @with_log = false, @replace = ‘REPLACE’
GO

— Discovery data from invalid managed entity is dropped.
EXECUTE sp_addmessage @msgnum = 777980004, @msgtext = N’Discovery data has been received from a rule targeted to a non-existent entity. The discovery data will be dropped.’, @severity = 16, @lang = ‘us_english’, @with_log = false, @replace = ‘REPLACE’
GO

— Invalid relationship rejected by cycle detection.
EXECUTE sp_addmessage @msgnum = 777980005, @msgtext = N’Relationship {%s} was rejected because it would cause a containment cycle; relationship source = ”%s” and target = ”%s”.’, @severity = 16, @lang = ‘us_english’, @with_log = false, @replace = ‘REPLACE’
GO

— Discovery data generated by invalid connector.
EXECUTE sp_addmessage @msgnum = 777980006, @msgtext = N’Discovery data generated by invalid connector:%s.’, @severity = 16, @lang = ‘us_english’, @with_log = false, @replace = ‘REPLACE’
GO

— Discovery data generated by invalid rule, task, discovery.
EXECUTE sp_addmessage @msgnum = 777980007, @msgtext = N’Discovery data generated by invalid discovery source. Id:%s.’, @severity = 16, @lang = ‘us_english’, @with_log = false, @replace = ‘REPLACE’
GO

Documentation links

Blog for 18054 events https://kevinholman.com/2017/08/27/scom-2016-event-18054-errors-in-the-sql-application-log/

SCOM 2016, 2019 and 2022: Event 18054 errors in the SQL application log

Alternatively, if AlwaysOn configuration, leverage Holman’s newer blog post – https://kevinholman.com/2022/10/02/scom-deployment-configuration-for-sql-always-on/

SCOM deployment configuration for SQL Always On

 

SQL STIG vulnerabilities V-213902, V-213935

Happy leap year, let’s talk Security and SQL STIG vulnerabilities V-213902, V-213935!
Happy Leap year
Happy Leap year

DISA DOD SQL STIG vulnerabilities V-213902, V-213935

SQL DBA team for RCC-C customer requesting documentation for exception, in light of vulnerabilities.
V-213902
V-213935
SCOM uses individual computer accounts in SQL for these findings
Holman documented this since 2012

SCOM SECURITY Documentation

SCOM2019 https://kevinholman.com/2020/07/23/scom-2019-security-account-matrix/

Both V-213902 AND V-213935 state same identification action.

Run this SQL Query on SCOM DB(s)
SELECT name
FROM sys.database_principals
WHERE type in (‘U’,’G’)
AND name LIKE ‘%$’
To remove users:
Run the following command for each user:
DROP USER [ IF EXISTS ] ;

V-213935 has a different identifier:

Launch PowerShell.
Execute the following code:
Note: <name> represents the username portion of the user. For example; if the user is “CONTOSO\user1$”, the username is “user1”.
([ADSISearcher]”(&(ObjectCategory=Computer)(Name=<name>))”).FindAll()
If no account information is returned, this is not a finding.
If account information is returned, this is a finding.

Tab delimited view –

Remove Computer Accounts DB SQL6-D0-000400 V-213902 CAT II Non-repudiation of actions taken is required in order to maintain data integrity. Examples of particular actions taken by individuals include creating information, sending a message, approving information (e.g., indicating concurrence or signing a contract), and receiving a message.
Remove Computer AccountsSQL6-D0-004200V-213935CAT IINon-repudiation of actions taken is required in order to maintain data integrity. Examples of particular actions taken by individuals include creating information, sending a message, approving information (e.g., indicating concurrence or signing a contract), and receiving a message.
Can provide one work-around to mitigate.
Awaiting CSS engagement for official mitigation from support and  SCOM PG.

MCM Addendum pack

The MCM addendum pack helps monitor MEM. See start menu folder structure for Endpoint Manager software.
The MCM addendum pack helps monitor MEM. See start menu folder structure for Endpoint Manager software.

Rebranding central – MEM, EM, MECM, SCCM, Configuration manager, depending on the synonym, we’re referring to the same product.  Tune the most common critical alerts per the health model to warning.

 

QUICK DOWNLOAD https://github.com/theKevinJustin/MCMAddendum/

Background

Read Holman’s blog for more details.

Did you know – MCM discoveries are based on registry keys added with various role installs on windows servers.  These registry keys are typically under this path:  HKLM\SOFTWARE\Microsoft\SMS\Operations Management\Components

 

What capabilities does the ‘MCM addendum pack’ provide?

Quite simply, the pack provides warning severity overrides for common alerts, disable event collection rules.

9 overrides for monitors and rules included in addendum.
9 overrides for monitors and rules included in addendum.

 

Includes warning severity changes for the following rules and monitors:

Monitors

BackupStatus.StatusMessage.Monitor

ReportingPoint.RoleAvailability.Monitor

SoftwareUpdatePoint.RoleAvailability.Monitor

SoftwareUpdatePointSync.AlertState.Monitor

Rules

ComponentServer.ComponentStoppedUnexpectedly.Event.Rule

SiteComponentManager – CanNotFindObjectInAD.Event.Rule, CouldNotAccessSiteSystem.Event.Rule

StateSystem.FailedToExecuteSummaryTask.Event.Rule

WsusConfigurationManager.FailedToConfigProxy.Event.Rule

 

 

Utilize the ‘MCM Addendum pack’

Download Kevin Holman’s MCM pack from GitHub.

Download the Addendum here, to get alerts where manual intervention required.

Save packs

 

Enjoy some acronym humor and ‘who moved my cheese fun!’

MECM PowerShell
MECM PowerShell

 

Import into SCOM & Enjoy!

 

If you need more capabilities, reach out on the blog or GitHub.

 

Documentation

Github repository here

SCCM management pack

Holman blog for MEM, EM, MCM, MECM, CM, ConfigMgr, Configuration Manager

Update SCAP tools

DISA Security Content Automation Protocol
DISA Security Content Automation Protocol

 

One more admin process and workflow is to ‘update SCAP tools’ on servers.  Many times overlooked, this can save many headaches with the newest version installed on servers.

 

 

Check DOD Cyber Exchange

Check the website  here, to search for Win in SCAP tools, then download & Install

SCAP tool download from DOD Cyber Exchange public website.
SCAP tool download from DOD Cyber Exchange public website.

 

Navigation steps:

Control Panel > Programs > Programs and Features

In the search bar (top right) enter scap (and hit enter)

 

SCAP Control panel output showing multiple versions installed.  Need to install latest application, then remove the old versions (in this case, all three!)

SCAP Control panel output showing multiple versions installed.
SCAP Control panel output showing multiple versions installed.

 

 

Install SCAP application

Extract files from ZIP

Copy folder to repository (my path example below)

Save SCAP zip and files to folder repository and on server to install SCAP on.

Save SCAP zip and files to folder repository and on server to install SCAP on.
Save SCAP zip and files to folder repository and on server to install SCAP on.

 

 

Run SCAP application

Take the defaults (unless you want the checker icon on desktop).  Run SCAP application from PowerShell (as admin) window.

Open PowerShell as admin window

 Example:

cd “D:\MonAdmin\STIGS\scc-5.7.2_Windows”; gci; .\SCC_5.7.2_Windows_Setup.exe

Hit enter to begin install

Run SCAP install from PowerShell (as admin) window.
Run SCAP install from PowerShell (as admin) window.

 

On the SCAP EULA radio button application install screen, click ‘I accept’ radio button and click Next.

SCAP EULA radio button application install screen.
SCAP EULA radio button application install screen.

 

Select Destination location (preferably on non-system disk), and click Next

Change path to non-system disk (like d:)

SCAP Destination Location Application install window.
SCAP Destination Location Application install window.

 

From the ‘Select Components’ window, click Next

SCAP Select Components application install window.
SCAP Select Components application install window.

 

Click Next on the Setup Start Menu folder window

SCAP Start Menu folder install window
SCAP Start Menu folder install window

 

On the SCAP select additional tasks install window, click Next 

SCAP select additional tasks install window
SCAP select additional tasks install window

 

Click Install on ‘Ready to install’ popup screen

SCAP Ready to Install popup screen.
SCAP Ready to Install popup screen.

 

 

With the new SCAP tool Install window, click Finish to complete.

SCAP tool install finished splash screen.
SCAP tool install finished splash screen.

 

 

Refresh Control Panel SCAP search

Remove old versions

Click Continue and go through removal prompts

SCAP control panel remove old version with prompt to continue.
SCAP control panel remove old version with prompt to continue.

 

With the Uninstall screen, click Yes to uninstall.

SCAP uninstall yes/no screen
SCAP uninstall yes/no screen

 

Click OK on uninstall

Old SCAP unistall completed.
Old SCAP unistall completed.

 

 

Check Control Panel for SCAP installs

Verify control panel only has latest version installed.  Close out Programs and Features window

Windows Control Panel, Programs and Features, SCAP search for new version install
Windows Control Panel, Programs and Features, SCAP search for new version install

 

 

Review SCC (SCAP Compliance Checker) Release Notes

SCAP release Notes details
SCAP release Notes details

 

Verify SCAP application functionality

Click on Start > start typing SCAP > Click on SCAP Compliance Checker

SCAP Compliance Checker

 

From the SCAP checker UAC prompt, click Yes to continue

SCAP checker UAC prompt, click Yes to continue
SCAP checker UAC prompt, click Yes to continue

 

Click OK to end the install

SCAN new features popup after install
SCAN new features popup after install

 

 

Run Local Scan

Run local scan to prove functionality.

Select STIG(s) in the middle pane > Click Start Scan

Run SCAP scan against server, choose your STIGs and Start Scan
Run SCAP scan against server, choose your STIGs and Start Scan

 

Verify SCAP tool modified files after installation

Recheck Windows Explorer for OpenSSL; look at file properties for version details.  Interesting, NONE of these files have versions (openssl, x509 searches show nothing file version wise)

Verify SCAP tool modified files after installation
Verify SCAP tool modified files after installation

 

Ask the Security Admin to re-scan!

 

 

Documentation/Links

DOD Cyber Exchange https://public.cyber.mil/stigs/scap/

MSSQL Addendum pack

 

Time to tune MSSQL alerts!
Time to tune MSSQL alerts!

The ‘MSSQL Addendum pack’ wouldn’t be possible without Brandon Pires contributions.  Brandon dealt with my many questions to better alert!  If you need more background, check the ‘why addendum pack’ post.

Quick Download(s)

2012+ https://github.com/theKevinJustin/MSSQLAddendum

 

Capabilities

The pack is based on the SQL engineering blog and program team making multiple updates per year for SQL monitoring.  The addendum creates two groups for dev/test and notification/subscription modeling.  Second, the overrides, man there are a bunch! aid consumption of real issues.   Lastly, most environments should be SQL 2016+, as the 2012R2 EOL/EOSL is quickly approaching in October!

MSSQL groups defined in the Addendum pack
MSSQL groups defined in the Addendum pack

MSSQL group discoveries require updates to be applicable to environment

 

Tailor addendum

First, the Addendum pack requires the MSSQL packs MUST be installed.  The addendum is based on the MSSQL 2016+ version agnostic is currently supported, as the 2012,2012R2 products are near end of support.

Find/Replace the variables as needed:

Example    ##TESTSERVER##|##DEVSERVER##

Save file

 

Overrides

Addendum pack contains discovery, monitor, and rule overrides to tune MSSQL to CSA (old PFE/CE/CSAe Microsoft Field engineer recommendations), to match the health model reducing critical ‘wake me up in the middle of the night’ alerts.

Partial snapshot of MSSQL overrides in the pack
Partial snapshot of MSSQL overrides in the pack

Import

Download pack, and save to your environment

Import into SCOM

Enjoy!

 

 

MSSQL Addendum references

MSSQL Engineering blog and old post here

SQL Releases TechCommunity here

Engineering team latest management pack, TechCommunity release v7.2.0.0

Import ‘gotcha’ importing new custom functionality blog

Why Addendum packs

IT Ninja required for improving monitoring hence 'Why addendum packs'
IT Ninja required for improving monitoring hence ‘Why addendum packs’

 

‘Why addendum packs’?  What value can they bring to my customer?  Kevin Holman started the Addendum thought process quite a while back.  Added functionality to a core application/program/product.  The first example of this pack naming convention is his SQL RunAs Addendum to simplify SQL monitoring.   Let’s break down a number of examples how the SCOM community has built packs to better monitoring, and how I believe the addendum packs bring IT Ninja lessons from Microsoft experts monitoring to your environment.

 

Why Addendum packs

Better monitoring from the experts, including customer examples for other ‘blind spots’ in monitoring.  Blind spots consist of ‘not monitored’ pieces of infrastructure, from simply an event, ping, service, tcp port check, process, web site, scripted workflow, with the purpose to identify a problem.

The goal of monitoring is to:

Identify, self-heal, automatically run recovery or diagnostic workflows alert when manual intervention is required.  Doesn’t matter what tool you use, they all do some portion of these steps.

 

The addendum packs do these things, adding a few differentiators.

Auto closure daily scripts (close rules/monitors)

Auto reports of problems (M-F 0600-0700 local, reflecting last 24-72 hours of open/closed alerts)

Employ count logic (x in y time)

Self-heal monitors with no new events

Adjust alert severities to health model

where critical (red) = outage, warning (yellow) = issue, informational reports or FYI’s

Capable of updating alerts (status, owner, ticketID+)

Tasks to run workflows on-demand

Recovery tasks – (i.e. service restart automation or TopProcess, Logical disk cleanup, MECM Client cache clean )

Integrate additional monitoring (like DFS replication queue script/alerts)

Synthetic checks for DNS and web applications

Web Availability and Transactional monitoring, ADFS, CRL, PowerShell Invoke-WebRequest, and more

Security and Compliance checks

 

Imagine I forgot something capability wise.

Stay tuned, as this builds into an even better outcome, quality data into ‘a single pane of glass’ of multiple tools within PowerBI.

SQL query Plan howto

SQL Query Plan - can't you do anything right?
SQL Query Plan – can’t you do anything right?

Ever need to build out a capability and the SQL query is your blocker?  Use a SQL query Plan ‘howTo’ to figure out what’s taking query so long.  My thanks to Dennis Zwahlen (a Data and AI CSA – LinkedIn ) helping me figure out what was causing a SCOM DW SQL query to render data VERY slowly!

 

Don’t get me wrong, the sheer volume of events is definitely part of the problem.   Event rules are using expressions to further restrict collected event data.

SCOM DW Events ingested for DC Security Events when SIEM is a limit, and NOT using ACS feature

SCOM DW Events ingested for DC Security Events when SIEM is a limit, and NOT using ACS feature.  Will discuss the SCOM DW Event ingestion and additional XML authoring options to turn down the pressure.

 

Time to use the ‘SQL query Plan howto’ blog for SQL execution plan, to help to figure out why the DW Query takes so long.  Using the execution plan, similar to SQL profiler, will provide insight to possibly speed up query, allowing PowerBI app/report rendering of data.

From SSMS > View > Add Display Estimated Execution Plan

From SSMS > View > Add Display Estimated Execution Plan
From SSMS > View > Add Display Estimated Execution Plan

 

SQL execution plan starting from the left documenting SQL query
SQL query plan starting from the left documenting SQL query

SQL query plan starting from the left documenting SQL query

Sort is taking 4.5 minutes in this example of the SQL execution plan visual.  You can see moving right from the Join lines documents how SQL behaves, and how each piece affects overall execution.

SQL query plan starting moving right from the left documenting SQL query
SQL query plan starting moving right from the left documenting SQL query

Hope this helps for another diagnostic SQL step in your tool box!

Vuln 178852 OLE DB driver

VulnID 178852 - Vulnerable to hackers - SQL OLE DB Driver update required
VulnID 178852 – Vulnerable to hackers – SQL OLE DB Driver update required

 

Got another vulnerability pop up on the last scan.  ‘Vuln 178852 OLE DB driver’ has vulnerabilities and needs updated.  My experience links this NOT to  ODBC vuln 175441, thereby related to added capabilities and drivers installed with SSMS v19NOTE: OLE has a pre-req of the new Visual C++ Redistributable x86 and x64 bits.  Let’s mitigate Vuln 178852 OLE DB driver update!

 

 

 

Quick outline of steps with Vuln 178852 OLE DB driver

Download the bits (and copy to repository and servers for install)

Update VC_Redist.x64.exe (and subsequent VC_Redist.x86.exe)

Update MSOLEDB drivers (x64 and possibly x86)

Re-scan to validate remediated!

 

 

Download the bits

Download Microsoft OLE DB Driver for SQL Server – OLE DB Driver for SQL Server | Microsoft Learn

https://learn.microsoft.com/en-us/sql/connect/oledb/download-oledb-driver-for-sql-server?view=sql-server-ver16

Latest supported Visual C++ Redistributable downloads | Microsoft Learn

https://learn.microsoft.com/en-us/cpp/windows/latest-supported-vc-redist?view=msvc-170

Latest supported Visual C++ Redistributable downloads | Microsoft Learn

https://learn.microsoft.com/en-us/cpp/windows/latest-supported-vc-redist?view=msvc-170#visual-studio-2015-2017-2019-and-2022

 Once downloaded, copy the OLE DB Driver and VC Redistributable EXE’s for x64 and x86 to the affected servers.  Search for OLE first, to assess OLE and Redistributable versions currently installed.

 

 

Assess ‘Vuln 178852 OLE DB driver’ updates on affected servers

Log into the server(s)

From Control Panel > Programs > Programs and Features > Search for ‘ole’ to see Redistributable versions

Check Control Panel for OLE DB Version

Check Control Panel for OLE DB Version

Check Redistributable version

From Control Panel > Programs > Programs and Features > Search for ‘Red’ to see Redistributable versions

From Control Panel > Programs > Programs and Features > Search for 'Red' to see Redistributable versions
From Control Panel > Programs > Programs and Features > Search for ‘Red’ to see Redistributable versions

 

 

If you don’t upgrade Visual C++ Redistributable first, you’ll get this setup error

Executing OLE DB Driver update pre-requisite error for Visual C++ Redistrubutable update
Executing OLE DB Driver update pre-requisite error for Visual C++ Redistrubutable update

 

 

Update VC_Redist.x64.exe (and subsequent VC_Redist.x86.exe

First, we have to install the Visual C++ updates to the server before we can update the driver.

From PowerShell (as admin) on affected servers

Go to saved directory for EXE and MSI files

PowerShell as admin > go to directory > run the EXE

PowerShell as admin > go to directory > run the EXE

  

Click the Check box to EULA ‘I agree’

At the Visual C++ Redistributable EULA splash screen

Check agree checkbox, then click Install button lower right

Visual C++ Redistributable EULA splash screen to check agree checkbox, then click on Install
Visual C++ Redistributable EULA splash screen to check agree checkbox, then click on Install

Update installing

VC_Redistributable installing screenshot
VC_Redistributable installing screenshot


Click Restart button (when in approved change window)

Click Restart when in change window to reboot server for Visual C++ update to apply
Click Restart when in change window to reboot server for Visual C++ update to apply

Restart server

 

 

Update VC_Redist.x86.exe

Second part, if applicable x86 library is installed, is to update.

Install next pre-req, if server contained both x86 and x64 bits for the ‘Vuln 178852 OLE DB driver’

 

From PowerShell (as admin) on affected servers:

Go to saved directory for EXE and MSI files

.\VC_redist.x86.exe

Powershell as admin window initiating the Visual C++ Redistributable x86 exe
Powershell as admin window initiating the Visual C++ Redistributable x86 exe

 

Click the Check box to EULA ‘I agree’

At the Visual C++ Redistributable EULA splash screen

Check agree checkbox, then click Install button lower right

Click on 'I agree' checkbox, and click Install button to begin the x86 Visual C++ Redistributable update
Click on ‘I agree’ checkbox, and click Install button to begin the x86 Visual C++ Redistributable update

 

Update installing

Screenshot installing the x86 Visual C++ Redistributable update
Screenshot installing the x86 Visual C++ Redistributable update

 

Update complete

Screenshot showing successful install of the x86 Visual C++ Redistributable update
Screenshot showing successful install of the x86 Visual C++ Redistributable update

 

 

 

Update MSOLEDB drivers

Third, assess first if you need x64 AND x86 drivers (my example is only x64)

Start by checking the Control Panel > Programs > Programs and Features > search for ole (and hit enter)

Control Panel > Programs > Programs and Features > searching for ole, showing old v18
Control Panel > Programs > Programs and Features > searching for ole, showing old v18

 

From PowerShell (as admin) on affected servers

Go to saved directory for EXE and MSI files

Open MSI to begin install

PowerShell as Admin running the ole MSI install
PowerShell as Admin running the ole MSI install

Click Next if you get the ‘User Account Control’ (UAC) prompt to initiate MSI install

OLE MSI Install - User Account Control (UAC) prompt to initiate MSI install
OLE MSI Install – User Account Control (UAC) prompt to initiate MSI install

Click Next

OLE MSI install, click Next
OLE MSI install, click Next

 

Click ‘I agree’ radio button and Click Next

OLE MSI Install, EULA splash screen to check 'I Agree' radio button and click Next
OLE MSI Install, EULA splash screen to check ‘I Agree’ radio button and click Next

 

Next, on the OLE MSI install, click next to accept default features (just the driver install)

OLE MSI install, click next to accept default features (just the driver install)
OLE MSI install, click next to accept default features (just the driver install)

 

Click Install to begin driver install

OLE MSI install, click install
OLE MSI install, click install

 

OLE driver install completed, click Finish

OLE driver install completed, click Finish
OLE driver install completed, click Finish

 

 

Verify Control Panel for OLE driver install and version

Lastly, assess server and application requirements to verify if the old OLE driver is okay to remove from system to clear vulnerability.  The old OLE driver on my system was installed the day I installed SSMS v19.x

Back to your Control Panel > Programs > Programs and Features window

Change search to OLE in the top right > hit enter

Click Delete on old version

On the Warning popup window, click continue

Control Panel view showing two OLE drivers, reflecting the newly installed, and the old version
Control Panel view showing two OLE drivers, reflecting the newly installed, and the old version

 

At the UAC prompt, click Yes

OLE MSI Install - User Account Control (UAC) prompt to initiate MSI install
OLE MSI Install – User Account Control (UAC) prompt to initiate MSI install

 

 Once complete, verify Control Panel window

Control Panel > Programs > Programs and Features > searching for ole, showing old v18
Control Panel > Programs > Programs and Features > searching for ole, showing old v18

 

 

 

 

Other documentation

Security Updates for Microsoft SQL Server OLE DB Driver (June … | Tenable®

https://www.tenable.com/plugins/nessus/178852