Article ID: 928779
Article Last Modified on 11/20/2007
APPLIES TO
- Microsoft SQL Server 2005 Developer Edition
- Microsoft SQL Server 2005 Enterprise Edition
- Microsoft SQL Server 2005 Enterprise Edition for Itanium-based Systems
- Microsoft SQL Server 2005 Enterprise X64 Edition
- Microsoft SQL Server 2005 Standard Edition
- Microsoft SQL Server 2005 Standard X64 Edition
Bug #: 486526 (SQLBUDT)
SYMPTOMS
Consider the following scenario. You configure an instance of Microsoft SQL Server 2005 to use a Secure Sockets Layer (SSL) certificate. The SSL certificate uses the Microsoft Enhanced Cryptographic Provider 1.0. In this scenario, the SQL Server service cannot start. Additionally, when you try to start the SQL Server service, the following error messages are written to the SQL Server Errorlog file:
Error message 1
Error message 2
Error message 3
Error message 4
Error message 5
Error message 6
CAUSE
This problem occurs because you cannot use a certificate that has the cryptographic service provider "Microsoft Enhanced Cryptographic Provider version 1.0" as a server certificate.
RESOLUTION
To work around this problem, use any of the following methods:
- Do not specify any certificate. Therefore, SQL Server generates a self-signed certificate. To do this, leave the Certificate box blank in SQL Server Configuration Manager.
For more information, visit the following Microsoft Developer Network (MSDN) Web sites:Configuring server network protocols and net-libraries
http://msdn2.microsoft.com/en-us/library/ms177485.aspx
Encrypting connections to SQL Server
http://msdn2.microsoft.com/en-us/library/ms189067.aspx - Use a certificate that uses the "Microsoft RSA Channel Cryptographic Provider" cryptographic service provider for the SQL Server certificate.
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
MORE INFORMATION
SSL certificates that use the Microsoft Enhanced Cryptographic Provider 1.0 can be used for client certificates. However, the certificates are unsuitable as server certificates. To determine the provider of a certificate, run the following command at a command prompt:
certutil -v -store my
The following error message is mentioned in the "Symptoms" section:
In this error message, "error state 0x80" indicates that a problem is in the SSL certificate. Additionally, "0x80092004" is a Security Support Provider Interface (SSPI) error code that translates to "CRYPT_E_NOT_FOUND".
Additional query words: MSSQLServer
Keywords: kbtshoot kbprb kbsql2005connect KB928779