Page tree

Skip to end of metadata
Go to start of metadata
Product Name
SQL Server
Publisher Page
Relational Database Management Systems
TKU 2021-Mar-1
More Information
Publisher Link


Product Description

Extended Discovery pattern which allows to model Database Detail Nodes being managed by the SQL Server  is available for this product.


Microsoft SQL Server is a relational database management system (RDBMS) produced by Microsoft. SQL Server is commonly used by businesses for small- to medium-sized databases, but the past five years have seen greater adoption of the product for larger enterprise databases. The code base for MS SQL Server (prior to version 7.0) originated in Sybase SQL Server, and was Microsoft's entry to the enterprise-level database market, competing against Oracle, IBM, and, later, Sybase itself.

Known Versions

Each version comes in several editions, details are described here.


  • 6.0
  • 6.5 (including SP1, SP2, SP3, SP5, SP5a, SP5a update)
  • 7.0 (including SP1, SP2, SP3, SP4)
  • 2000 (including SP1, SP2, SP3, SP3a, SP4)
  • 2005 (including SP1, SP2)
  • 2008 (including SP1, SP2, SP3, SP4)
  • 2008 R2 (including SP2, SP3)
  • 2012
  • 2014
  • 2016
  • 2017


  •  2017

Linux versioning table is displayed here.

Software Pattern Summary

Product ComponentOS TypeVersioningPattern Depth
SQLServerWindowsActive (WMI Query), Registry


SQL ServerLinuxDB query, Log file, PackageInstance-based

Platforms Supported by the Pattern

The pattern identifies Microsoft SQL Server running on the Microsoft Windows and Linux platforms.
Linux supported platforms are described here.


Apart from the actual Database server and supporting processes, SQL Server is shipped with some additional components. The presence of these components is governed by the edition of SQL Server product and on user choices made at installation.

The additional components (some of which Atrium Discovery discovers using additional patterns) are:

  • SQL Server Integration Services (SSIS) - a platform to build data integration and workflow applications. The primary use for SSIS is data warehousing, as the product features a fast and flexible data extraction, transformation, and loading (ETL) engine.
  • SQL Server Analysis Services - a group of OLAP and Data Mining services provided in Microsoft SQL Server.
  • SQL Server Reporting Services - a server based report generation environment.
  • SQL Server Notification Services - offers a scalable server engine on which to run notification applications.
  • SQL Server Management Studio - an application included with SQL Server for configuring, managing, and administering all components within Microsoft SQL Server.
  • SQL Server Agent - an application doing maintenance jobs for server.

Software Instance Triggers

Trigger NodeAttributeConditionArgument

regex '(?i)(\\(?:MSSQL\.\d+)\\.*|)\bsqlservr\.exe$'


unix_cmd 'sqlservr'

Software Instance type attributes created

The patterns in this module will set the following value for the type attribute on a SI:

 Pattern NameSI type
SQLServerMicrosoft SQL Server
MSSQLServer_LinuxMicrosoft SQL Server

Simple Identification Mappings

The following processes are identified through the use of Simple Identifiers and are modelled within a full Software Instance for Adaptive Server Enterprise using the primary and associate relationships (See Application Model Produced by Software Pattern for more details about modelling this product).

SQL Server Database serversqlservr.exe
SQL Server Agentsqlagent.exe or sqlagent90.exe
SQL Browser Servicesqlbrowser.exe
Full Text Engine for SQL Servermsftesql.exe
SQL VSS Writersqlwriter.exe
DTS (Data Transformation Services) Package ExecuterDTSRun.exe
SQL ODBC Server Communication processosql.exe
SQL Service Manager - Not present in SQL Server 2005sqlmangr.exe
SQL sqlwtsn processsqlwtsn.exe
Replication Distribution Agentdistrib.exe
Replication Log Reader Agentlogread.exe
Replication Queue Reader Agentqrdrsvc.exe
Replication Merge Agentreplmerg.exe
SQL Server Profilerprofiler.exe or profiler90.exe
Database Engine Tuning AdvisorDTASHELL.EXE
SQL Integration Services (SQL Server Integration Services)msdtssrvr.exe
SQL Analysis Services Server (SQL Server Analysis Services)msmdsrv.exe
SQL Server Reporting Service (SQL Server Reporting Services)reportingservicesservice.exe
SQL Notification Services (SQL Server Notification Services)nsservice.exe
SQL Server Management StudioSqlWb.exe


The pattern tries to get version information from a database query on both Linux and Windows. If that fails different versioning methods are tried depending on the platform.

Database Query

The pattern can obtain version information from the following SQL query:

  • SELECT SERVERPROPERTY('productversion') AS ProductVersion, SERVERPROPERTY ('productlevel') AS ProductLevel, SERVERPROPERTY ('edition') AS Edition

To enable SQL Server versioning, you need to set up valid SQL Server database credentials.


Internal version information for the product is currently collected using one of several approaches described below. The pattern uses standard mappings to map the internal version to the marketing version (e.g. 13.0.5207.0 is 2014 SP2).

Active Versioning - WMI Query

The pattern attempts to obtain version information from the following WMI query:

  • The WMI query executed is: select Version from CIM_DataFile where Name = '<abs_path_to_trigger_process>'

This returns a build number that the pattern maps to a version number using regular expressions. For example, a build number of 2014.120.5538.0 corresponds to a version of to 12.0.5538.0.

Registry Versioning

Versioning is found for the CSDVersion or CurrentVersion registry key.

This key is always under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer

If we have identified the instance we will only check registry keys whose path contains the instance name. Otherwise we will check almost all registry subdirectories.

Package versioning

The pattern tries to obtain version information from the version field of the package Microsoft SQL Server <version number> <SP number> Database Engine Services

If that fails the pattern tries to obtain version information from the name field of any package that starts SQL Server <version number>


Version information for the product is currently collected using one of two approaches - DB Query,  parse error log file (these methods are provided by Microsoft) and package versioning. The pattern execute the methods in order and use the first successful method it can. 

Log file versioning

We extract full version and edition from /var/opt/mssql/errorlog

Package versioning

Pattern looking for packages with regex '^mssql-server$' and if number of found packages only one - collects its version.

Package version shows only full version, without edition. 

Additional Attributes


A Note on Registry Keys

The pattern checks for registry key under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer. If we have identified the instance we will only check registry keys whose path contains the instance name. Otherwise we will check almost all registry subdirectories.


Instance information is obtained from the -s argument of the trigger process. If no instance name exists the default of MSSQLServer is used.

Edition Information

Microsoft publishes details of SQL Server editions are described here.

If the instance is MICROSOFT##SSEE or MICROSOFT##WID the edition is always set to "Windows Internal Database".

Otherwise we check the Edition from:

Backup Directory Information

Backup Directory information is also obtained from the BackupDirectory registry key

Data Directory path information

There are three methods of obtaining the data directory.

The best method is to use the SQLDataRoot registry key.

The second best method is to use the trigger process arguments. Unfortunately we can't find the trigger process arguments directly, but we can check the registry keys of the form <root>\MSSQLServer\Parameters\SQLArg[0-9] . If any have the form -d <filename>.mdf we can discover the data directory (e.g. -de:\DATA\master.mdf means a data directory of e:\DATA)

The third best method is to the use the path to the trigger process. A trigger process of c:\Program Files\SQL Server\bin\sqlservr.exe implies a data directory of c:\Program Files\SQL Server\data

Licensing Information

The license key attribute is obtained from the Setup\ProductID registry key

The creation date attribute is obtained from the database query "SELECT create_date from sys.server_principals where name = 'NT AUTHORITY\\SYSTEM'"


There are two methods of obtaining the path to the ERRORLOG file

The best method is to use the trigger process arguments. Unfortunately we can't find the trigger process arguments directly, but we can check the registry keys SQLArg[0-9] . If any have the form -e <path>\ERRORLOG we can discover the path to the errorlog file from that.

Alternatively, we can use the path to the trigger process. A trigger process of c:\Program Files\SQL Server\bin\sqlservr.exe implies an ERRORLOG file at c:\Program Files\SQL Server\LOG\ERRORLOG.

Determining Listening Port and Bind Address

If the pattern can identify instance name and TCP is enabled the pattern gets a list of ports from the following registry queries:

Listen On All IPs StatusRegistry Keys to check
If Listen On All IPs is enabled
  • HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Microsoft SQL Server\\<instance name>\\MSSQLServer\\SuperSocketNetLib\\Tcp\\IPAll\\TcpPort
  • HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Microsoft SQL Server\\<instance name>\\MSSQLServer\\SuperSocketNetLib\\Tcp\\IPAll\\TcpDynamicPorts
  • HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Microsoft SQL Server\\<instance name>\\MSSQLServer\\SuperSocketNetLib\\Tcp\*\\TcpPort'
  • HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Microsoft SQL Server\\<instance name>\\MSSQLServer\\SuperSocketNetLib\\Tcp\\*\\TcpDynamicPorts


If the above fails, the pattern checks the following registry keys for port information:

  • HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Microsoft SQL Server\\<server name>\\MSSQLServer\\SuperSocketNetLib\\Tcp\\TcpPort
  • HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MSSQLServer\\MSSQLServer\\SuperSocketNetLib\\Tcp\\TcpPort

The pattern uses standard BMC Discovery functionality to obtain bind_address.

Details of whether TCP is enabled can be found at registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\\Microsoft SQL Server\\<instance name>\\MSSQLServer\\SuperSocketNetLib\\Tcp\\Enabled. Details of whether SQL Server is Listening On All IPs can be found at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\\Microsoft SQL Server\\<instance name>\\MSSQLServer\\SuperSocketNetLib\\Tcp\\ListenOnAllIPs

Cluster Information

The pattern checks if the database is running on a cluster, and if so what the name of the cluster is, by checking one of the following registry keys:

  • HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\MSSQLServer\\Cluster\\ClusterName
  • HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\Microsoft SQL Server\\<server name>\\Cluster\\ClusterName
  • HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\Microsoft SQL Server\\<instance name>\\Cluster\\ClusterName

The pattern models the SI as running on a Cluster if one of the following is true:

  •  If the "cluster name" is equal to the name of a ClusterService, the SI is modelled as hosted on the linked Cluster with a SoftwareService link to the ClusterService
  • If the "cluster name" is equal to the name of a Cluster, and that cluster has a ClusterService whose name is equal to the SQL Server instance. The SI is modelled as hosted on the linked Cluster

In all other cases the SI is modeled as running on a host.

MS SQL AlwaysOn Availability Group

Extended Discovery pattern identify and model Availability Groups.


Configuration File

The main configuration file of MS SQL for Linux is stored in /var/opt/mssql/mssql.conf . We get the following information from the file

  • bind_address - A bind address of means use of any available IPv4 address. So, if a bind_address of is reported, we set the bind_address of the Software Instance to ""

  • listening_ports
  • data_directory
  • backup_directory

Instance name and instance ID

Instance name is username of triggered process owner, by default is 'mssql'
Instance ID extracted from the file: <SQL_home_directory>/.system/instance_id

Obtaining detailed SQLServer Database and table information

A separate pattern has been created to query the Microsoft SQL Server in order to obtain database list and (optionally) database table details. For more information about this pattern, see this page.


In due course, the attributes, dbs and db_list, will be phased out in favour of Database Detail and Detail nodes.

Application Model Produced by Software Pattern

Software Pattern Model

An SQL Server installation typically comprises one Database server which hosts several databases.

The current pattern definition uses the Database server process (sqlservr.exe or sqlservr) as the trigger process.

The name of the DB server is extracted from the 'servername' variable that has been created during process identification. This name is used to create a unique SI.

NOTE: In cases where this variable was not populated during identification (e.g. on Windows 2000 Server systems command-line arguments cannot be obtained by Atrium Discovery), a default name 'MSSQLServer' is set in 'servername' and therefore used within the pattern. This can lead to the SI not being unique which will lead to 'normalizing' of non-unique instances to a single instance.

Configuration Options

There is a configuration option available for this product which allows to run database queries.

To enable this option user just needs to set "True" to variable db_queries .

SI Depth

The pattern produce a Deep (Instance Based) SI for Microsoft SQL Server. The key used is a unique combination of the DB server name, Type (Microsoft SQL Server) and the Host.

NOTE: If 'servername' variable is not populated through a regular expression match, it is set to a default value: 'MSSQLServer' which is a value given to default (single) MS SQL Server installations

If this occurrs and additional information about the SQL Server can be obtained (i.e. version, edition and listening port), then the Software Instance created still uses a key.
In cases where some of the information is not available, a group-based Software Instance is created using full path to the triggering process to group instances.

Subject Matter Expertise

The simple identifiers and pattern definitions for Microsoft SQL Server were developed with assistance from BMC ADDM R&D in-house SQL Server SME. They have been tested on various versions and configurations of SQL Server (v7, 2000, 2005, 2008, 2008 R2) running in Windows 2003 Server, Windows 2008 Server and Windows XP.


Testing to ensure the processes related to Microsoft SQL Server components have been correctly identified has been performed using both ADDM record data and in-house SQL Server installations running on Windows XP Pro, Windows 2000 Server, Windows 2003 Server and Windows 2008 / 2008 R2 Server installations.

Registry versioning approach was tested against in-house Microsoft SQL Server installations and was deemed to work well unless constrained by the data returned from the hosts (e.g. ADDM discovery typically cannot obtain process command-line on hosts running Windows NT or Windows 2000 Server. This limitation no longer exists on hosts running Windows XP or Windows 2003 server).

WMI Query versioning approach was tested against in-house Microsoft SQL Server installations and was deemed to work well unless constrained by the data returned from the hosts (e.g. ADDM discovery user privileges do not allow execution of WMI queries). WMI Query is now used in preference to Registry query approach for this product as it yields more accurate version information - 'full_version' attribute contains the build information that indicates the cumulative updates (hotfixes) applied.

Information Sources

List of SQL Server build numbers

Open Issues


Created by: Rebecca Shalfield 19 Oct 2007
Updated by: Rebecca Shalfield 11 Jun 2014
Reviewed by: Alex Kashkevich 23 Jun 2014