Microsoft KB Archive/928779

From BetaArchive Wiki
Knowledge Base


The SQL Server service cannot start after you configure an instance of SQL Server 2005 to use a Secure Sockets Layer (SSL) certificate using the Microsoft Enhanced Cryptographic Provider 1.0

Article ID: 928779

Article Last Modified on 11/20/2007


APPLIES TO

  • Microsoft SQL Server 2005 Developer Edition
  • Microsoft SQL Server 2005 Enterprise Edition
  • Microsoft SQL Server 2005 Enterprise Edition for Itanium-based Systems
  • Microsoft SQL Server 2005 Enterprise X64 Edition
  • Microsoft SQL Server 2005 Standard Edition
  • Microsoft SQL Server 2005 Standard X64 Edition


Bug #: 486526 (SQLBUDT)


SYMPTOMS

Consider the following scenario. You configure an instance of Microsoft SQL Server 2005 to use a Secure Sockets Layer (SSL) certificate. The SSL certificate uses the Microsoft Enhanced Cryptographic Provider 1.0. In this scenario, the SQL Server service cannot start. Additionally, when you try to start the SQL Server service, the following error messages are written to the SQL Server Errorlog file:

Error message 1


DateTime Server Unable to load user-specified certificate. The server will not accept a connection. You should verify that the certificate is correctly installed. See "Configuring Certificate for Use by SSL" in Books Online.

Error message 2


DateTime Server Error: 17182, Severity: 16, State: 1.

Error message 3


DateTime Server TDSSNIClient initialization failed with error 0x80092004, status code 0x80.

Error message 4


DateTime Server Error: 17182, Severity: 16, State: 1.

Error message 5


DateTime Server TDSSNIClient initialization failed with error 0x80092004, status code 0x1.

Error message 6


DateTime Server Error: 17826, Severity: 18, State: 3.

CAUSE

This problem occurs because you cannot use a certificate that has the cryptographic service provider "Microsoft Enhanced Cryptographic Provider version 1.0" as a server certificate.

RESOLUTION

To work around this problem, use any of the following methods:

  • Do not specify any certificate. Therefore, SQL Server generates a self-signed certificate. To do this, leave the Certificate box blank in SQL Server Configuration Manager.

    For more information, visit the following Microsoft Developer Network (MSDN) Web sites:

    Configuring server network protocols and net-libraries
    http://msdn2.microsoft.com/en-us/library/ms177485.aspx

    Encrypting connections to SQL Server
    http://msdn2.microsoft.com/en-us/library/ms189067.aspx

  • Use a certificate that uses the "Microsoft RSA Channel Cryptographic Provider" cryptographic service provider for the SQL Server certificate.


STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

MORE INFORMATION

SSL certificates that use the Microsoft Enhanced Cryptographic Provider 1.0 can be used for client certificates. However, the certificates are unsuitable as server certificates. To determine the provider of a certificate, run the following command at a command prompt:

certutil -v -store my


The following error message is mentioned in the "Symptoms" section:

DateTime Server TDSSNIClient initialization failed with error 0x80092004, status code 0x80.

In this error message, "error state 0x80" indicates that a problem is in the SSL certificate. Additionally, "0x80092004" is a Security Support Provider Interface (SSPI) error code that translates to "CRYPT_E_NOT_FOUND".


Additional query words: MSSQLServer

Keywords: kbtshoot kbprb kbsql2005connect KB928779



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/928779&oldid=225897
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki