The information I'm getting from the software vendor from which my wife recently purchased her new small business's domain-specific office management software is giving me the creeps. My impression is that this is relatively low-volume software, but it's developed and sold by a larger company that's a well-known name in her field. The software uses MS SQL Server as its database and our purchase agreement included 1 server license and 5 CALs for SQL Server 2008 Standard.
The first thing that struck me as odd was when I discovered that their installer app had taken the liberty of changing the SA password on my server to something much less secure. When I asked about this I was told that their particular reseller arrangement with Microsoft required them to change the SA password so that their specially-licensed instance could only be used for their application. Practically this isn't a problem as I still have dbo access via my Windows login, but the explanation sounded extremely suspicious.
Then today I inquired again about when we could expect to receive our official SQL Server product key, since to date we've been running on an instance I installed from my MSDN media, temporarily activated using one of my MSDN product keys (the business isn't open yet and I've been assuming I'd have a valid product key by this point). I was told that their rep would need remote access to our server so that he could re-install SQL Server using their media which has an "embedded key". Is MSSQL even offered on pre-pidded media, and if so is anyone allowed to re-sell pre-pidded media? Because he's insisting on remoting in and installing himself, my assumption is that we would not end up with a copy of this pre-pidded media with our own product key embedded. He also claimed that my instance installed with MSDN media will not work with their license.
Am I being paranoid or does this sound fishy? I'm a .NET developer with almost zero experience with MS licensing, but I know it can be complicated so I suppose this all could be completely normal. At this point though I'm leaning toward insisting they either send us a valid product key and server/CAL certificates, or give us a refund on the MSSQL portion of our purchase.
UPDATE as of 3/21/11: The vendor does now claim to participate in the ISV Royalty program mentioned by @Sergey below. They don't appear to me to be complying with that program's requirements though; specifically the SQL Server EULA wasn't incorporated into our contract, and they offer SQL as an optional extra-cost component of their solution rather than an integral part. I contacted MSFT Licensing and was told they'd need the vendor's ISV agreement number in order to look into it further. The vendor's Director of IT agreed to send me a copy of their ISV agreement, but I have yet to see it (or any response for that matter).
So finally, about 2 weeks ago I filed a report with the BSA. I should find out in the next several weeks whether they're going to open an investigation or not, but the rep I spoke with didn't sound optimistic -- he said priority is usually given to cases where end-user employees are reporting their employers.
At any rate, the MSFT licensing rep told me that as long as my wife's business has an invoice from the ISV showing the required number of SQL licenses were included in the purchase, she's covered, regardless of whether the vendor is in compliance or not.
Any SQL License that isn't a retail pack is pre-pidded so that isn't a worry. Sounds to me like he's charging you for software and isn't actually purchasing a license from Microsoft. If you have in fact purchased a SQL Server license then you are entitled to a sealed copy of the software, not a burned copy (which I'm pretty sure at this point is what he'd offer to give you).
There is no license restriction in place that Microsoft would require that a vendor change the sa password and say that the instance can only be used for their software. The license to run SQL Server belongs to you, you can run anything you like on it. The vendor may request that you only run their software on that server, in fact they may require that you only run their software on the server through their support agreement, but that is between you and the vendor and has nothing to do with Microsoft.
As for your MSDN license, Microsoft doesn't really care what key is installed, they care about what licenses you have purchased. If you are running on an MSDN license that is fine, provided that you have a legit purchased license sitting in a drawer (or email folder) that is assigned to be for that computer. Just make sure that the instance that you installed was a Standard Edition instance not a Developer Edition instance from MSDN. Also note that SQL 2008 and SQL 2008 R2 are licensed differently so you'll need to make sure you have the correct one installed. If when you connect in object explorer is says 10.0 that's SQL 2008 if it says 10.50 that's SQL 2008 R2.
Inform him that you want the physical copy of SQL Server 2008 that you are entitled to based on the fact that you have purchased a copy of the software. If he keeps giving you the BS about his license requires that he installs it, etc. tell him that you'll be contacting the BSA (Business Software Alliance) and reporting him for software piracy (which is exactly what he is doing if he is charging you for a license and not actually providing one). The BSA will be more than happy to hunt him down, skin him and take all his money (you'll get a cut as a finders fee). The BSA is basically the software license cops.
SQL Server is sold pre-PIDed. That does sound incredibly sketchy, though. A quick call to a Microsoft licensing rep should clear up the confusion, though since there's no possible way that anyone here can answer your actual question.
Actually there is Microsoft Independent Software Vendor (ISV) Royalty Licensing Program, through which a software vendor could obtain licenses for some Microsoft products and redistribute those Microsoft products integrated with their applications.
More information from Microsoft:
For some products, including SQL Server, there are two types of licenses:
Obviously the Run-Time license is cheaper (in some cases more than 2x).
As for how such products should look… Microsoft says in the ISV Royalty Program FAQ:
Well, I'm happy to report that you guys are all WRONG. I received my official installation media today, and while I'm a little disappointed in the decline in packaging quality at Microsoft, I'm happy to have this little episode behind me:
Seriously though, this is what I received in the mail yesterday, without even a scrap of paper along with it. At this point the explanation from my contact there is that his company has some form of Open license that allows them to resell SQL Server to their clients in this form, using their key. Again this sounds completely bogus to me. He volunteered to send me contact info so I could get in touch directly with their MS licensing rep but I haven't seen that info so far and we've been so busy with other things I haven't asked again for it yet. Is there any chance such an Open license exists?
Actually, SQL Server 2008 R2 licenses are transferrable per the EULA, so I assume SQL Server 2008 is allowed also. Here is the text from the EULA as downloaded from http://www.microsoft.com/en-us/download/details.aspx?id=2803
However, it did not look like in the screenshot that they included the Proof of License label. If it is truly a Volume License, they would not have such label. The license may be able to be transferred using the Volume Licensing Center, although the recipient might also need a Volume Licensing Agreement to transfer the license to (usually this is created when you make an initial volume licensing purchase).