SQL 2008–Service fails to come online with “a valid certificate could not be found, and it is not possible to create a self-signed certificate”


You might run into this situation where SQL Server fails to come online (either with a new install or an existing one). Looking at the application event logs, you see these messages:

Event Type: Error

Event Source: MSSQLSERVER

Event Category: Server

Event ID: 17182

Date:  05/08/2012

Time:  5:03:40 AM

User:  N/A

Computer: SQLTest1

Description:

TDSSNIClient initialization failed with error 0x80092004, status code 0x80. Reason: Unable to initialize SSL support. Cannot find object or property.

………………………

Event Type: Error

Event Source: MSSQLSERVER

Event Category: Server

Event ID: 17190

Date:  05/08/2012

Time:  5:03:40 AM

User:  N/A

Computer: FTRNSNA01VSQL11

Description:

FallBack certificate initialization failed with error code: 1.

As always, it’s a good idea to take a look at the SQL Errorlog. Looking in the errorlog, you might see these messages:

2012-05-08 05:10:13.14 Server      Error: 17190, Severity: 16, State: 1.

2012-05-08 05:10:13.14 Server      FallBack certificate initialization failed with error code: 1.

2012-05-08 05:10:13.14 Server      Unable to initialize SSL encryption because a valid certificate could not be found, and it is not possible to create a self-signed certificate.

2012-05-08 05:10:13.16 Server      Error: 17182, Severity: 16, State: 1.

2012-05-08 05:10:13.16 Server      TDSSNIClient initialization failed with error 0x80092004, status code 0x80. Reason: Unable to initialize SSL support. Cannot find object or property.

2012-05-08 05:10:13.16 Server      Error: 17182, Severity: 16, State: 1.

2012-05-08 05:10:13.16 Server      TDSSNIClient initialization failed with error 0x80092004, status code 0x1. Reason: Initialization failed with an infrastructure error. Check for previous errors. Cannot find object or property.

This is another error that does not exactly point towards the actual cause of the problem. One might think, why is it not possible to create a self-signed certificate? The answer is that the certificate cannot be created because the user profile is corrupted. Here’s what you can do:

Workaround : Change the service account. If the new account’s profile on the server is not corrupted, the services will come online.

Solution: Delete the profile and recreate it. For details, please refer to the KB here

Hope this helps.

Comments (9)

  1. درس.ارقص. says:

    درس

  2. christi says:

    Hello, i would like to ask that what is the benefits of sql training, what all topics should be covered and it is kinda bothering me … and has anyone studies from this course http://www.wiziq.com/…/125-comprehensive-introduction-to-sql of SQL tutorial online?? or tell me any other guidance…

    would really appreciate help… and Also i would like to thank for all the information you are providing on sql training.

  3. Hi Christi,

    Thanks for showing interest in the blog.

    It's good to know that you're interested in learning more about SQL Server. However, this is not the correct forum for asking such questions. I would request you to post your questions in a new thread here:

    social.msdn.microsoft.com/…/threads

    Thanks,

    Harsh

  4. chaminda says:

    thanks

  5. HarshDeep_Singh says:

    You're welcome Chaminda…!!! Thanks for appreciating.

  6. John says:

    Or just a reboot might do it. Did for me, but thanks for the article.

  7. Sajeesh says:

    Thank you Harsh for this article!  In my case as well simply a reboot helped, not sure what exactly happened in the background :)