diff --git a/plugins/dbms/mssqlserver/enumeration.py b/plugins/dbms/mssqlserver/enumeration.py
index 922119d61..650e6baa3 100644
--- a/plugins/dbms/mssqlserver/enumeration.py
+++ b/plugins/dbms/mssqlserver/enumeration.py
@@ -93,8 +93,11 @@ class Enumeration(GenericEnumeration):
 
                     continue
 
-                query = rootQuery.inband.query.replace("%s", db)
-                value = inject.getValue(query, blind=False)
+                for query in (rootQuery.inband.query, rootQuery.inband.query2):
+                    query = query.replace("%s", db)
+                    value = inject.getValue(query, blind=False)
+                    if not isNoneValue(value):
+                        break
 
                 if not isNoneValue(value):
                     kb.data.cachedTables[db] = arrayizeValue(value)
diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py
index c826bf32a..5ea0d4d31 100644
--- a/plugins/generic/enumeration.py
+++ b/plugins/generic/enumeration.py
@@ -887,9 +887,6 @@ class Enumeration:
                 if len(dbs) < 2 and ("%s," % condition) in query:
                     query = query.replace("%s," % condition, "", 1)
 
-            if Backend.isDbms(DBMS.MSSQL):
-                query = safeStringFormat(query, conf.db)
-
             value = inject.getValue(query, blind=False)
 
             if not isNoneValue(value):
diff --git a/xml/queries.xml b/xml/queries.xml
index 878a984dd..deb84feef 100644
--- a/xml/queries.xml
+++ b/xml/queries.xml
@@ -184,7 +184,7 @@
             <blind query="SELECT TOP 1 name FROM master..sysdatabases WHERE name NOT IN (SELECT TOP %d name FROM master..sysdatabases ORDER BY name) ORDER BY name" count="SELECT LTRIM(STR(COUNT(name))) FROM master..sysdatabases"/>
         </dbs>
         <tables>
-            <inband query="SELECT %s..sysusers.name+'.'+%s..sysobjects.name FROM %s..sysobjects INNER JOIN %s..sysusers ON %s..sysobjects.uid = %s..sysusers.uid WHERE xtype IN ('u', 'v')"/>
+            <inband query="SELECT %s..sysusers.name+'.'+%s..sysobjects.name FROM %s..sysobjects INNER JOIN %s..sysusers ON %s..sysobjects.uid = %s..sysusers.uid WHERE xtype IN ('u', 'v')" query2="SELECT table_schema+'.'+table_name FROM information_schema.tables WHERE table_catalog='%s'"/>
             <blind query="SELECT TOP 1 %s..sysusers.name+'.'+%s..sysobjects.name FROM %s..sysobjects INNER JOIN %s..sysusers ON %s..sysobjects.uid = %s..sysusers.uid WHERE xtype IN ('u', 'v') AND %s..sysusers.name+'.'+%s..sysobjects.name NOT IN (SELECT TOP %d %s..sysusers.name+'.'+%s..sysobjects.name FROM %s..sysobjects INNER JOIN %s..sysusers ON %s..sysobjects.uid = %s..sysusers.uid WHERE xtype IN ('u', 'v') ORDER BY %s..sysusers.name+'.'+%s..sysobjects.name) ORDER BY %s..sysusers.name+'.'+%s..sysobjects.name" count="SELECT LTRIM(STR(COUNT(name))) FROM %s..sysobjects WHERE xtype IN ('u','v')"/>
         </tables>
         <columns>