I worked on a customer service request where SQL Server 2008 Enterprise edition installation was throwing error:
Wait on the Database Engine recovery handle failed.
After examining SQL Error log from the Setup logs folder, noted:
2010-08-27 17:15:04.51 spid7s Starting up database ‘mssqlsystemresource’.
2010-08-27 17:15:04.52 spid7s The resource database build version is 10.00.1600. This is an informational message only. No user action is required.
2010-08-27 17:15:04.65 spid7s Error: 15209, Severity: 16, State: 1.
2010-08-27 17:15:04.65 spid7s An error occurred during encryption.
If we see the step at which it is failing, we can make a guess that SQL Server is not able to load the self-signed certificate. We have seen similar issues with SQL Server 2005 Express installation as noted in KB 920114 but the service account used in my case was a domain account.
Still, the logic of KB article above applied here. SQL Server creates a self-signed certificate to encrypt all login credentials and it needs access to the PROTECT folder in the user profile to store it. In my case, Protect folder was missing in the location %USERPROFILE%\Application Data\Microsoft\
When I created the Protect folder and gave Full permission to the SQL Server service account, SQL Server started successfully.