SQL 2008–Service fails to come online with “a valid certificate could not be found, and it is not possible to create a self-signed certificate”

You might run into this situation where SQL Server fails to come online (either with a new install or an existing one). Looking at the application event logs, you see these messages:

Event Type: Error

Event Source: MSSQLSERVER

Event Category: Server

Event ID: 17182

Date:  05/08/2012

Time:  5:03:40 AM

User:  N/A

Computer: SQLTest1

Description:

TDSSNIClient initialization failed with error 0x80092004, status code 0x80. Reason: Unable to initialize SSL support. Cannot find object or property.

………………………

Event Type: Error

Event Source: MSSQLSERVER

Event Category: Server

Event ID: 17190

Date:  05/08/2012

Time:  5:03:40 AM

User:  N/A

Computer: FTRNSNA01VSQL11

Description:

FallBack certificate initialization failed with error code: 1.

As always, it’s a good idea to take a look at the SQL Errorlog. Looking in the errorlog, you might see these messages:

2012-05-08 05:10:13.14 Server      Error: 17190, Severity: 16, State: 1.

2012-05-08 05:10:13.14 Server      FallBack certificate initialization failed with error code: 1.

2012-05-08 05:10:13.14 Server      Unable to initialize SSL encryption because a valid certificate could not be found, and it is not possible to create a self-signed certificate.

2012-05-08 05:10:13.16 Server      Error: 17182, Severity: 16, State: 1.

2012-05-08 05:10:13.16 Server      TDSSNIClient initialization failed with error 0x80092004, status code 0x80. Reason: Unable to initialize SSL support. Cannot find object or property.

2012-05-08 05:10:13.16 Server      Error: 17182, Severity: 16, State: 1.

2012-05-08 05:10:13.16 Server      TDSSNIClient initialization failed with error 0x80092004, status code 0x1. Reason: Initialization failed with an infrastructure error. Check for previous errors. Cannot find object or property.

This is another error that does not exactly point towards the actual cause of the problem. One might think, why is it not possible to create a self-signed certificate? The answer is that the certificate cannot be created because the user profile is corrupted. Here’s what you can do:

Workaround : Change the service account. If the new account’s profile on the server is not corrupted, the services will come online.

Solution: Delete the profile and recreate it. For details, please refer to the KB here

Hope this helps.