Hollinford
    Database · SQL Server

    SQL Server 2016 End of Support: What UK SMEs Should Do If Legacy ERP Still Depends on It

    SQL Server 2016 is reaching the end of extended support. For many UK SMEs, the issue is not only the database version. The real risk is that ERP, reporting, integrations, SQL Agent jobs, SSIS packages, and legacy applications may still depend on the same SQL Server instance.

    For Hollinford clients, the key question is rarely "Can we upgrade SQL Server?" in isolation. The safer question is: what business-critical systems, reports, jobs, and integrations will break if we change this instance?

    Book a Legacy Health CheckTake the Legacy Systems Self-Check

    TL;DR

    • SQL Server 2016 SP3 extended support ends on 14 July 2026.
    • Extended Security Updates (ESU) become available from 15 July 2026, covering Year 1 through to 13 July 2027.
    • Do not upgrade a production SQL Server instance without first auditing what depends on it.
    • ERP, reporting, SQL Agent jobs, SSIS packages, linked servers, and service accounts may all share the same instance.
    • Hollinford can help you choose between upgrade, ESU, isolation, migration, or ERP replacement. Book a Legacy Health Check.

    Why SQL Server 2016 End of Support Matters

    Microsoft SQL Server 2016 Service Pack 3 reaches the end of extended support on 14 July 2026. After that date, organisations should not expect standard security updates or standard support for SQL Server 2016. Eligible organisations may use Extended Security Updates as a temporary measure while they upgrade, migrate, or contain the affected environment.

    This is a lifecycle event, not an automatic compliance failure. What it means in practice depends on the organisation, its sector, its security and audit requirements, its ERP certification status, and the applications that run on the SQL Server instance in question.

    The risk exposure varies considerably. A business running a well-documented, standalone SQL Server database with a confirmed upgrade path is in a different position from one where a legacy ERP, several SQL Agent jobs, SSIS packages, linked servers, and custom reporting all share the same 2016 instance. Both need to act before the deadline. They should not take the same action.

    The Hidden Risk: What Else Runs on the SQL Server 2016 Instance?

    The most common mistake in SQL Server 2016 migration planning is treating the database as a standalone object. It rarely is.

    A SQL Server 2016 instance in an SME might be supporting all of the following, often without anyone having written it down:

    • the main ERP database
    • a separate reporting or data warehouse database
    • SQL Agent jobs running overnight imports, exports, reconciliations, or month-end processes
    • SSIS packages processing EDI feeds, payroll files, or third-party integrations
    • linked servers connecting to other databases or systems
    • service accounts that no one actively manages
    • cross-database queries between systems that share the instance
    • SSRS report subscriptions and data sources
    • nightly data syncs with third-party tools
    • legacy applications still certified only for SQL Server 2016
    • old vendor-supplied stored procedures that predate any current documentation

    A database backup is not an application migration plan.

    Moving the ERP database to a new SQL Server instance does not automatically migrate the SQL Agent jobs. It does not transfer linked server definitions. It does not resolve credential and permission mappings. It does not test whether SSIS packages referencing environment variables will run against the new instance.

    Before any production upgrade, the question to answer is: what else depends on this instance, and in what state is it?

    Business Risks

    Proceeding without a dependency audit creates several distinct business risks. The cost of discovering these issues in production is consistently higher than the cost of auditing them in advance.

    ERP downtime during or after migration

    Caused by dependencies that were not moved alongside the database.

    Month-end reporting disruption

    When SQL Agent jobs or SSIS processes are tied to the old instance.

    Integration failure

    Third-party systems or imports rely on linked servers or credentials that were not recreated on the new instance.

    Loss of ERP vendor support

    If the ERP is not certified for the newer SQL Server version and a blind upgrade breaks the certification.

    Security and audit exposure

    Running an unsupported SQL Server version without ESU in place.

    Emergency remediation costs

    When a production issue surfaces after go-live because of an undocumented dependency.

    Technical Risks

    A SQL Server 2016 dependency audit should cover the following technical areas.

    SQL Agent jobs outside the main ERP database

    Including job history, schedules, operators, and alert configurations.

    SSISDB packages and environment variables

    That reference connection strings, file paths, or credentials on the old instance.

    Linked server definitions

    Including the permissions, credentials, and queries that use them.

    Logins, credentials, and permission sets

    That may differ between instances or were never scripted during the original build.

    Database compatibility levels

    Some databases may run at SQL Server 2012 or 2014 compatibility on a 2016 instance; a higher version may surface syntax or behaviour differences.

    Deprecated SQL features

    Certain JOIN syntax or incompatible data types will fail at higher compatibility levels.

    ERP and legacy application certification constraints

    Vendors sometimes certify for a specific SQL Server version and do not guarantee behaviour on higher versions without a formal upgrade engagement.

    Backup and restore assumptions

    Some backup routines assume a specific SQL Server version and may behave differently when applied to a different version.

    Cross-database queries

    Between databases that share the same instance.

    SSRS report subscriptions and data sources

    Report server configuration if Reporting Services is running on the same server.

    Decision Matrix

    SituationSafer first step
    ERP is certified for SQL Server 2019, 2022, or newerTest the upgrade in a non-production environment before touching production
    ERP is only certified for SQL Server 2016Do not upgrade blindly; check the vendor's roadmap and certification timeline
    SQL Server also runs jobs, SSIS, linked servers, or reportsRun a dependency audit before any migration work
    Upgrade cannot be completed before 14 July 2026Assess ESU availability and containment options
    ERP has no clear vendor roadmapBegin a wider legacy application assessment
    Business wants to replace the ERPMap data, reporting, and integrations before selecting a target system
    No one owns the SQL jobs, service accounts, or SSIS packagesTreat the instance as a legacy dependency risk; run a read-only assessment before planning any upgrade

    Dependency Checklist

    Before agreeing any SQL Server 2016 upgrade or migration, work through these questions:

    • Which applications currently connect to this SQL Server instance?
    • Which ERP modules depend on it, and on which databases?
    • Are there SQL Agent jobs? Who owns them, and when did they last run successfully?
    • Are there SSIS packages, and where are they stored and scheduled from?
    • Are there linked server definitions, and do they point to other systems still in use?
    • Are there service accounts where the password owner or responsible team is unknown?
    • Are there old SSRS reports or subscriptions still sending to inboxes?
    • What compatibility levels are the databases currently running at?
    • Is the ERP certified for SQL Server 2019, 2022, or newer?
    • Has a successful restore test been completed recently, and was it tested against the application, not just the data file?
    • What would fail first if this SQL Server instance were turned off tonight?

    If any of those questions produce an uncertain answer, the production environment is not ready for a blind upgrade.

    Recommended First Step

    The safest first step is not a production upgrade. It is a read-only dependency assessment.

    A proper assessment of a SQL Server 2016 environment will typically produce:

    • an application inventory listing everything that connects to the instance
    • a database inventory including compatibility levels and estimated size
    • a SQL Agent job inventory with schedules, ownership, and business process mapping
    • an SSIS and linked server review
    • a service account review
    • an ERP certification check against the SQL Server versions the vendor currently supports
    • a support-status map covering SQL Server, ERP, and dependent applications
    • a risk register covering business, technical, and schedule risks
    • an options paper setting out the case for upgrade, ESU, isolation, migration, or ERP replacement

    From that point, the business can make a controlled decision. Without that assessment, upgrade decisions are made on incomplete information about a live production system.

    To understand how our discovery process works, or to review pricing for a Legacy Health Check, follow those links directly.

    Technical Note

    In SQL Server 2016 audits, the most significant dependencies are often outside the main ERP database. SQL Agent jobs, SSIS packages, linked servers, credentials, service accounts, and report subscriptions can keep business processes running quietly in the background for years without appearing in any documentation. Moving the database without mapping those dependencies first can break a process even when the data itself has been restored successfully.

    Book a Legacy Health Check

    If your ERP or legacy application still depends on SQL Server 2016, Hollinford can help you map the dependencies before you choose between upgrade, ESU, isolation, migration, or replacement.

    Book a Legacy Health CheckTake the Legacy Systems Self-Check

    Not ready to talk yet? Use the self-check to identify your highest-risk systems before the deadline.

    See also: legacy system modernisation · manufacturing legacy systems · wholesale and distribution systems · construction software dependencies · legacy systems.

    Frequently Asked Questions

    When does SQL Server 2016 support end?+

    Microsoft SQL Server 2016 Service Pack 3 reaches the end of extended support on 14 July 2026. After that date, organisations should not expect standard security updates or standard support for SQL Server 2016 unless they are eligible for and have arranged Extended Security Updates.

    What happens after SQL Server 2016 support ends?+

    Standard security updates and patches cease on 14 July 2026. Eligible organisations can purchase Extended Security Updates (ESU) as a temporary measure, covering Year 1 from 15 July 2026 to 13 July 2027. ESU does not restore ERP vendor certification or address legacy dependency risk; it extends security patching while an organisation prepares a controlled upgrade or migration.

    Is ESU enough for SQL Server 2016?+

    ESU buys time. It does not resolve application certification constraints, address undocumented SQL jobs or SSIS packages, or constitute a modernisation path. Whether it is the right short-term measure depends on the organisation's upgrade timeline and risk appetite.

    Can we upgrade SQL Server if our ERP is only certified for SQL Server 2016?+

    This depends on the ERP vendor. Some vendors have certified their products for SQL Server 2019 or 2022 and have tested upgrade paths. Others have not. Upgrading SQL Server without confirming ERP certification can result in an unsupported configuration, which may affect vendor support and introduce untested behaviour in production. Confirm with your ERP vendor before making any changes to the production instance.

    What should we check before upgrading SQL Server 2016?+

    The most important checks are: ERP certification status for the target SQL Server version; SQL Agent job inventory and ownership; SSIS package inventory and environment variable dependencies; linked server definitions; service account ownership and documentation; database compatibility levels; and whether any applications outside the ERP also connect to the same instance.

    What is the safest first step if our business still depends on SQL Server 2016?+

    A read-only dependency assessment. Before changing anything in production, map every application, database, SQL Agent job, SSIS package, linked server, service account, and integration that depends on the SQL Server 2016 instance. That assessment determines whether the right path is upgrade, ESU, isolation, application migration, or ERP replacement. Talk to Hollinford about a Legacy Health Check.