Sql-server – SQL Server service won’t start due to certificate issues

sql serversql server 2014

Problem

We are running a SQL Server 2014 SP3 CU1 on Win 2016. After a each reboot of the host the SQL Server service won't start automatically. It always results in the following error messages.

The service is configured to start automatically.

SQL Server log:

Error: 17190, Severity: 16, State: 1.
Initializing the FallBack certificate failed with error code: 1, state: 20, error number: 0.

Unable to initialize SSL encryption because a valid certificate could not be found, and it is not possible to create a self-signed certificate.

Error: 17182, Severity: 16, State: 1.
TDSSNIClient initialization failed with error 0x80092004, status code 0x80. Reason: Unable to initialize SSL support.

TDSSNIClient initialization failed with error 0x80092004, status code 0x1. Reason: Initialization failed with an infrastructure error. Check for previous errors.

Error: 17826, Severity: 18, State: 3.

Could not start the network library because of an internal error in the network library. To determine the cause, review the errors immediately preceding this one in the error log.

Error: 17120, Severity: 16, State: 1.

SQL Server could not spawn FRunCommunicationsManager thread. Check the SQL Server error log and the Windows event logs for information about possible related problems.

Workaround

I could solve the issue temporarily in the following way:

  1. connect via RDP to the host and login with the service account name
  2. open the SQL Server Configuration Manager
  3. start the SQL Server service

Unfortunately I can't start the service when I login with my personal login to the host. It results in the same error mentioned above.

Ideas

We already tried to delete the profile of the SQL service account. It doesn't solved the issue.

We also thought about space problems, but the host has more than 20% (> 50GB) free space available for each used drive.

What could be the issue with the certificate? How and what I have to check?

Best Answer

TDSSNIClient initialization failed with error 0x80092004, status code 0x1.

// MessageId: CRYPT_E_NOT_FOUND
//
// MessageText:
//
// Cannot find object or property.
//
#define CRYPT_E_NOT_FOUND                _HRESULT_TYPEDEF_(0x80092004L)

What could be the issue with the certificate?

The certificate is corrupt or otherwise unusable in its current state, or lacks a private key component (either corrupt or account isn't able to access).

How and what I have to check?

A quite easy and quick check is to open up the MMC Certificates Manager console (certmgr.msc) and right-click on the certificate, choose "all tasks", "Manage Private Key", which will most likely result in an error stating that the key doesn't exist or some other random error message.

If you don't receive an error, then make sure the SQL Server Service account has permissions to read the private key (also on the manage private keys screen).

If you get an error, then SQL Server can't read the private key which means it's going to fail to start up. Thus, either remove the SSL Certificate from use for SQL Server, restore it from a good backup, or generate and use a new one.

Related Question