Findings

Application.evtx

SMEX_Master.log

SMEX_SystemWatcher.log

• The Application.evt log shows that the SMEX master service has issues connecting to the SQL database.
• The SMEX_Master.log found that the issue is with the database provider, SQL server native client SQLNCLI11.
• The SMEX_Master.log also contains error description: "DB exception: ProviderErr=0x800a0e7a, ADODB.Connection : Provider cannot be found. It may not be properly installed".
• The SMEX_SystemWatcher.log also encountered an unexpected error in the SMEX server while connecting to the SQL database.

To resolve the issue:

1. Ensure the connection to the SQL server is established properly.
2. Check the SMEX server services below. If they have stopped then restart the servers:
   • SQL Server (SCANMAIL)
   • SQL Server Agent (SCANMAIL)

   If issue persists then continue with the following steps:

3. Check if you can find the provider "Microsoft SQL Server 2012 Native Client" in the problematic SMEX servers:
   1. Open Control Panel > Programs and Features.
   2. Check if "Microsoft SQL Server 2012 Native Client" exists.
4. If the provider is not found, download sqlncli.msi to install "Microsoft SQL Server 2012 Native Client".
    

   The provider may be corrupted after installation. If this occurs, you may uninstall and then re-install it.

    
5. After installation, check if "SQL Server Native Client 11.0" is now found under the following:
   • Go to Control Panel > Programs and Features.
   • Go to Control Panel > Administrator Tools > ODBC Data Source Administrator (64-bit) > Drivers tab
   • If issue persists, collect the Full CDT logs that gets the needed system info (e.g. SMEX registry, windows event logs, etc.). Then contact Trend Micro Technical Support.