I have been working on this problem for a little while now and I think I have finally figured it out. I am using SQL 2005 Express Edition, and now on 2 seperate occasions, I have had the problem where the SQL Server service will fail to start with the following events in the Windows Application log:
Event Type: Error
Event Source: MSSQL$SQLEXPRESS
Event Category: (2)
Event ID: 17190
Date: 5/13/2008
Time: 1:48:57 AM
User: N/A
Computer: xxx
Description:
FallBack certificate initialization failed with error code: 15.
Followed by:
Event Type: Information
Event Source: MSSQL$SQLEXPRESS
Event Category: (2)
Event ID: 26017
Date: 5/13/2008
Time: 1:48:57 AM
User: N/A
Computer: xxx
Description:
Unable to initialize SSL encryption because a valid certificate could not be found, and it is not possible to create a self-signed certificate.
Then the following 4 errors:
Event Type: Error
Event Source: MSSQL$SQLEXPRESS
Event Category: (2)
Event ID: 17182
Date: 5/13/2008
Time: 1:48:57 AM
User: N/A
Computer: xxx
Description:
TDSSNIClient initialization failed with error 0x80092004, status code 0x80.
Event Type: Error
Event Source: MSSQL$SQLEXPRESS
Event Category: (2)
Event ID: 17182
Date: 5/13/2008
Time: 1:48:57 AM
User: N/A
Computer: xxx
Description:
TDSSNIClient initialization failed with error 0x80092004, status code 0x1.
Event Type: Error
Event Source: MSSQL$SQLEXPRESS
Event Category: (2)
Event ID: 17826
Date: 5/13/2008
Time: 1:48:57 AM
User: N/A
Computer: xxx
Description:
Could not start the network library because of an internal error in the network library. To determine the cause, review the errors immediately preceding this one in the error log.
Event Type: Error
Event Source: MSSQL$SQLEXPRESS
Event Category: (2)
Event ID: 17120
Date: 5/13/2008
Time: 1:48:57 AM
User: N/A
Computer: xxx
Description:
SQL Server could not spawn FRunCM thread. Check the SQL Server error log and the Windows event logs for information about possible related problems.
In both cases where I had this problem, SQL 2005 Express setup was ran with all the default options. Uninstalling and reinstalling did not help. Further digging I found that changing the SQL Server service to start using a different account(such as Local System or the Administrator account) via SQL Server Configuration Manager enabled the service to start succesfully. Seeing as it appears SQL was unable to create a self signed certificate, I started investigating where these certificates were saved by starting SQL under a different account. I found they were created at the following location:
%APPDATA%\Microsoft\Crypto\RSA
On my Win2k3 system the full path is C:\Documents and Settings\%USERNAME%\Application Data\Microsoft\Crypto\RSA. In this directory was a directory called S-1-5-20, however I am unsure if this varies from system to system. In this directory was a system file with a long cryptic name, opening in wordpad I found the following in the first line:
Microsoft SQL Server$SQLEXPRESS$FallBackCert
So that confirmed I found where it was trying to save the certificate. When checking:
C:\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA\S-1-5-20
I did indeed see the file, but noticed that the NT AUTHORITY\NetworkService account had no permissions on the file. All I had to do was delete the entire S-1-5-20 directory and attempted to restart the service under the NT AUTHORITY\NetworkService account, and SQL Server started succesfully, recreating the directory and certificate file.
Subscribe