SQL 2008–Service fails to come online with “a valid certificate could not be found, and it is not possible to create a self-signed certificate”
You might run into this situation where SQL Server fails to come online (either with a new install or an existing one). Looking at the application event logs, you see these messages:
Event Type: Error
Event Source: MSSQLSERVER
Event Category: Server
Event ID: 17182
Date: 05/08/2012
Time: 5:03:40 AM
User: N/A
Computer: SQLTest1
Description:
TDSSNIClient initialization failed with error 0x80092004, status code 0x80. Reason: Unable to initialize SSL support. Cannot find object or property.
………………………
Event Type: Error
Event Source: MSSQLSERVER
Event Category: Server
Event ID: 17190
Date: 05/08/2012
Time: 5:03:40 AM
User: N/A
Computer: FTRNSNA01VSQL11
Description:
FallBack certificate initialization failed with error code: 1.
As always, it’s a good idea to take a look at the SQL Errorlog. Looking in the errorlog, you might see these messages:
2012-05-08 05:10:13.14 Server Error: 17190, Severity: 16, State: 1.
2012-05-08 05:10:13.14 Server FallBack certificate initialization failed with error code: 1.
2012-05-08 05:10:13.14 Server Unable to initialize SSL encryption because a valid certificate could not be found, and it is not possible to create a self-signed certificate.
2012-05-08 05:10:13.16 Server Error: 17182, Severity: 16, State: 1.
2012-05-08 05:10:13.16 Server TDSSNIClient initialization failed with error 0x80092004, status code 0x80. Reason: Unable to initialize SSL support. Cannot find object or property.
2012-05-08 05:10:13.16 Server Error: 17182, Severity: 16, State: 1.
2012-05-08 05:10:13.16 Server TDSSNIClient initialization failed with error 0x80092004, status code 0x1. Reason: Initialization failed with an infrastructure error. Check for previous errors. Cannot find object or property.
This is another error that does not exactly point towards the actual cause of the problem. One might think, why is it not possible to create a self-signed certificate? The answer is that the certificate cannot be created because the user profile is corrupted. Here’s what you can do:
Workaround : Change the service account. If the new account’s profile on the server is not corrupted, the services will come online.
Solution: Delete the profile and recreate it. For details, please refer to the KB here
Hope this helps.