Microsoft KB Archive/928779

= The SQL Server service cannot start after you configure an instance of SQL Server 2005 to use a Secure Sockets Layer (SSL) certificate using the Microsoft Enhanced Cryptographic Provider 1.0 =

Article ID: 928779

Article Last Modified on 11/20/2007

-

APPLIES TO


 * Microsoft SQL Server 2005 Developer Edition
 * Microsoft SQL Server 2005 Enterprise Edition
 * Microsoft SQL Server 2005 Enterprise Edition for Itanium-based Systems
 * Microsoft SQL Server 2005 Enterprise X64 Edition
 * Microsoft SQL Server 2005 Standard Edition
 * Microsoft SQL Server 2005 Standard X64 Edition

-



Bug #: 486526 (SQLBUDT)



SYMPTOMS
Consider the following scenario. You configure an instance of Microsoft SQL Server 2005 to use a Secure Sockets Layer (SSL) certificate. The SSL certificate uses the Microsoft Enhanced Cryptographic Provider 1.0. In this scenario, the SQL Server service cannot start. Additionally, when you try to start the SQL Server service, the following error messages are written to the SQL Server Errorlog file:

Error message 1

Server Unable to load user-specified certificate. The server will not accept a connection. You should verify that the certificate is correctly installed. See &quot;Configuring Certificate for Use by SSL&quot; in Books Online.

Error message 2

Server Error: 17182, Severity: 16, State: 1.

Error message 3

Server TDSSNIClient initialization failed with error 0x80092004, status code 0x80.

Error message 4

Server Error: 17182, Severity: 16, State: 1.

Error message 5

Server TDSSNIClient initialization failed with error 0x80092004, status code 0x1.

Error message 6

Server Error: 17826, Severity: 18, State: 3.



CAUSE
This problem occurs because you cannot use a certificate that has the cryptographic service provider &quot;Microsoft Enhanced Cryptographic Provider version 1.0&quot; as a server certificate.



RESOLUTION
To work around this problem, use any of the following methods:  Do not specify any certificate. Therefore, SQL Server generates a self-signed certificate. To do this, leave the Certificate box blank in SQL Server Configuration Manager.

For more information, visit the following Microsoft Developer Network (MSDN) Web sites:

Configuring server network protocols and net-libraries

http://msdn2.microsoft.com/en-us/library/ms177485.aspx

Encrypting connections to SQL Server

http://msdn2.microsoft.com/en-us/library/ms189067.aspx

 Use a certificate that uses the &quot;Microsoft RSA Channel Cryptographic Provider&quot; cryptographic service provider for the SQL Server certificate.



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.



MORE INFORMATION
SSL certificates that use the Microsoft Enhanced Cryptographic Provider 1.0 can be used for client certificates. However, the certificates are unsuitable as server certificates. To determine the provider of a certificate, run the following command at a command prompt:

certutil -v -store my

The following error message is mentioned in the &quot;Symptoms&quot; section:

Server TDSSNIClient initialization failed with error 0x80092004, status code 0x80.

In this error message, &quot;error state 0x80&quot; indicates that a problem is in the SSL certificate. Additionally, &quot;0x80092004&quot; is a Security Support Provider Interface (SSPI) error code that translates to &quot;CRYPT_E_NOT_FOUND&quot;.

Additional query words: MSSQLServer

Keywords: kbtshoot kbprb kbsql2005connect KB928779

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.