Hello Kevin,
I've have installed an Enterprise Root CA on the domain, and I went through
the web form to request and install a new certificate. I installed both an
Administrator certificate and a Web Server certificate, but when I choose
to Force Encryption from the Server Network Utility, I get an error message
when I try restarting SQL Server.
The message says something to the effect that encryption is being
requested, but a valid certificate does not exist. I can see the
certificate in the Personal folder, so I'm not sure why I'm getting the
error message.
Can you help?
Thanks,
Jason
--
We use exactly the same certificate that IIS would use to setup a SSL
session. The new error message above indicates that the SQL Server service
account is not finding the certificate. So, look at the account that is
starting the MSSQLServer service. If the service is started using a domain
user account, and the certificate was requested by a local admin, then the
service will not be able to find the certificate.
Thanks,
Kevin McDonnell
Microsoft Corporation
This posting is provided AS IS with no warranties, and confers no rights.Kevin,
The MSSQLServer service is running under a domain user
account. The account that I used to request the
certificate was a domain admin account. Do I need to
therefore request another certificate while I'm logged in
as the user running the MSSQLServer service? Also, which
template should I use when requesting the certificate,
Administrator or Web Server?
Thanks,
Jason
quote:
>--Original Message--
>previous Message:
>Hello Kevin,
>I've have installed an Enterprise Root CA on the domain,
and I went through
quote:
>the web form to request and install a new certificate. I
installed both an
quote:
>Administrator certificate and a Web Server certificate,
but when I choose
quote:
>to Force Encryption from the Server Network Utility, I
get an error message
quote:
>when I try restarting SQL Server.
>The message says something to the effect that encryption
is being
quote:
>requested, but a valid certificate does not exist. I can
see the
quote:
>certificate in the Personal folder, so I'm not sure why
I'm getting the
quote:
>error message.
>Can you help?
>Thanks,
>Jason
>--
>We use exactly the same certificate that IIS would use
to setup a SSL
quote:
>session. The new error message above indicates that the
SQL Server service
quote:
>account is not finding the certificate. So, look at the
account that is
quote:
>starting the MSSQLServer service. If the service is
started using a domain
quote:
>user account, and the certificate was requested by a
local admin, then the
quote:
>service will not be able to find the certificate.
>
>Thanks,
>Kevin McDonnell
>Microsoft Corporation
>This posting is provided AS IS with no warranties, and
confers no rights.
quote:|||Kevin,
>
>.
>
I removed the original certificates that I created as the
domain admin account, and went back and logged in as the
account that's running SQL Server. I then requested a new
Web Server certificate, installed it, and selected the
option to Force Protocol Encryption. When I stopped and
restarted SQL Server, everything appears to be running
smoothly.
Thanks for your help in getting me going in the right
direction!
Jason
quote:
>--Original Message--
>Kevin,
>The MSSQLServer service is running under a domain user
>account. The account that I used to request the
>certificate was a domain admin account. Do I need to
>therefore request another certificate while I'm logged
in
quote:|||You're welcome!
>as the user running the MSSQLServer service? Also, which
>template should I use when requesting the certificate,
>Administrator or Web Server?
>Thanks,
>Jason
>
domain,[QUOTE]
>and I went through
I[QUOTE]
>installed both an
>but when I choose
>get an error message
encryption[QUOTE]
>is being
can[QUOTE]
>see the
>I'm getting the
>to setup a SSL
the[QUOTE]
>SQL Server service
the[QUOTE]
>account that is
>started using a domain
>local admin, then the
>confers no rights.
>.
>
Thanks,
Kevin McDonnell
Microsoft Corporation
This posting is provided AS IS with no warranties, and confers no rights.|||Hi Kevin,
I have the same problem with Jason, but I have
follow through all the steps and is my SQL server is still
not able to start up after I force protocol encryption.
Have read and follow through this article but still it
couldn't be start.
http://support.microsoft.com/default.aspx?scid=kb;en-
us;318605
Event log under system log shows this error when I try to
start the service.
A fatal error occurred when attempting to access the SSL
server credential private key. The error code returned
from the cryptographic module is 0x80090016.
The CA is a stand alone PC that is not in any domain. My
SQL server is also another standalone PC not in any domain.
Regards,
Chan
quote:
>--Original Message--
>You're welcome!
>Thanks,
>Kevin McDonnell
>Microsoft Corporation
>This posting is provided AS IS with no warranties, and
confers no rights.
quote:|||Hi Chan,
>
>.
>
This error indicates the following.
- NTE_BAD_KEYSET (0x80090016)
- Key container does not exist.
- You do not have access to the key container.
- The Protected Storage Service is not running.
Since you're attempting to set this up in a workgroup, you'll need to have
http access to a Standalone CA.
You'll need to follow the steps in this kb article:
276553 HOW TO: Enable SSL Encryption for SQL Server 2000 with Certificate
Server
http://support.microsoft.com/?id=276553
After installing the certificate on the server you should be able to view
the certificate by using MMC snapin for certificates or by looking at the
properties of IE, under Content, Certificates. From here, you should be
able to verify that your certificate is valid.
Thanks,
Kevin McDonnell
Microsoft Corporation
This posting is provided AS IS with no warranties, and confers no rights.
No comments:
Post a Comment