MSSQLWIKI

Karthick P.K on SQL Server

(SQLServer) Initializing the FallBack certificate failed with error code: 1, state: 1, error number: -2146893802.

Posted by Karthick P.K on April 19, 2012

SQL Server might fail to start with below error

Server Error: 17190, Severity: 16, State: 1.

Server Initializing the FallBack certificate failed with error code: 1, state: 1, error number: -2146893802.

Server Unable to initialize SSL encryption because a valid certificate could not be found, and it is not possible to create a self-signed certificate

Error: 15466, Severity: 16, State: 1.

spid7s An error occurred during decryption.

Cause

CryptAcquireContext function is used by SQL Server to acquire a handle to key containers, create key containers and destroy key containers.

By default CryptAcuireContext function create key in “Roaming\Microsoft\Crypto\..” under path mentioned in below registry

HKEY_USERS\S-1-X-XXX\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData

If the AppData Key is missing or if the user don’t have permission in path mentioned in above registry or if user profile is corrupted we might end up with above error.

To narrow down the issue outside SQL-Server run THIS executable which will Open or Create key container if it doesn’t exist. If the exe fails look at error code returned by exe and troubleshoot further.

To check if the problem is because of corrupted profile modify the path mentioned in HKEY_USERS\S-1-X-XXX\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData folder to a

different path and check if the exe is able to create the key container.

 

Source  code for Exe is below

#include <windows.h> 
#include <string> 
#include <winbase.h> 
#include <iostream> 
using namespace std;
#include <Wincrypt.h >
 
                                      
void main()
{
LPCSTR rgwchKeyContName = "Test123456";  
HCRYPTPROV m_hCryptoProviderFB;
BOOL ret;
BOOL ret2;

ret=CryptAcquireContext(&m_hCryptoProviderFB, rgwchKeyContName, MS_ENHANCED_PROV, PROV_RSA_FULL, CRYPT_SILENT);
    
if (!ret && GetLastError() == NTE_BAD_KEYSET)

{
    
    printf("\nUnable to open Keyset.CryptAcquireContext failed with error: 0x%X . \nWe will try creating key",GetLastError());

    ret2=CryptAcquireContext(&m_hCryptoProviderFB, rgwchKeyContName, MS_ENHANCED_PROV, PROV_RSA_FULL, CRYPT_NEWKEYSET | CRYPT_SILENT);
        if (!ret2)
        {
        printf("\nCryptAcquireContext failed creating key.Error: 0x%X",GetLastError());
        }
        else
        {
        printf("\nKey created");
        }
    exit;
}


else if (!ret && GetLastError() == NTE_BAD_KEYSET)
{
printf("CryptAcquireContext failed with error: 0x%X",GetLastError());
}

else
{

    printf("CryptAcquireContext opened key. Return value is 0x%X.",ret);
}

    if (CryptReleaseContext(m_hCryptoProviderFB,0))
    {
    printf("\nHandle is released.\n");
    }
    else
    {
    printf("\nHandle could not be released.\n");
    }

}

 

 

Thanks

Karthick P.K

About these ads

16 Responses to “(SQLServer) Initializing the FallBack certificate failed with error code: 1, state: 1, error number: -2146893802.”

  1. Dave said

    How can I compile that code in VS 2012? I never programmed in C or C++.

    thank you.

  2. Dave said

    Downloaded the exe and ran it. Following message is returned:

    CryptAcquireContext opened key. Return value is 0x1.

    I have reviewed additional postings related to the same error. I created a test certificate and insured it is added to the trusted certificate store.

    Still no resolution. At this point, install continues to fail.

  3. Dave said

    2013-03-26 20:14:49.11 Server Microsoft SQL Server 2012 – 11.0.2100.60 (X64)
    Feb 10 2012 19:39:15
    Copyright (c) Microsoft Corporation
    Enterprise Evaluation Edition (64-bit) on Windows NT 6.1 (Build 7601: Service Pack 1)

    2013-03-26 20:14:49.11 Server (c) Microsoft Corporation.
    2013-03-26 20:14:49.11 Server All rights reserved.
    2013-03-26 20:14:49.11 Server Server process ID is 1300.
    2013-03-26 20:14:49.11 Server System Manufacturer: ‘Hewlett-Packard’, System Model: ‘HP EliteBook 2570p’.
    2013-03-26 20:14:49.11 Server Authentication mode is WINDOWS-ONLY.
    2013-03-26 20:14:49.11 Server Logging SQL Server messages in file ‘C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Log\ERRORLOG’.
    2013-03-26 20:14:49.11 Server The service account is ‘NT Service\MSSQLSERVER’. This is an informational message; no user action is required.
    2013-03-26 20:14:49.11 Server Registry startup parameters:
    -d C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\DATA\master.mdf
    -e C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Log\ERRORLOG
    -l C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\DATA\mastlog.ldf
    2013-03-26 20:14:49.11 Server Command Line Startup Parameters:
    -s “MSSQLSERVER”
    2013-03-26 20:14:49.29 Server SQL Server detected 1 sockets with 2 cores per socket and 4 logical processors per socket, 4 total logical processors; using 4 logical processors based on SQL Server licensing. This is an informational message; no user action is required.
    2013-03-26 20:14:49.29 Server SQL Server is starting at normal priority base (=7). This is an informational message only. No user action is required.
    2013-03-26 20:14:49.29 Server Detected 3961 MB of RAM. This is an informational message; no user action is required.
    2013-03-26 20:14:49.29 Server Using conventional memory in the memory manager.
    2013-03-26 20:14:49.46 Server This instance of SQL Server last reported using a process ID of 2580 at 3/26/2013 8:12:46 PM (local) 3/27/2013 12:12:46 AM (UTC). This is an informational message only; no user action is required.
    2013-03-26 20:14:49.46 Server Node configuration: node 0: CPU mask: 0x000000000000000f:0 Active CPU mask: 0x000000000000000f:0. This message provides a description of the NUMA configuration for this computer. This is an informational message only. No user action is required.
    2013-03-26 20:14:49.46 Server Using dynamic lock allocation. Initial allocation of 2500 Lock blocks and 5000 Lock Owner blocks per node. This is an informational message only. No user action is required.
    2013-03-26 20:14:49.50 Server Software Usage Metrics is disabled.
    2013-03-26 20:14:49.50 spid3s Starting up database ‘master’.
    2013-03-26 20:14:49.51 spid3s 12 transactions rolled forward in database ‘master’ (1:0). This is an informational message only. No user action is required.
    2013-03-26 20:14:49.52 spid3s 0 transactions rolled back in database ‘master’ (1:0). This is an informational message only. No user action is required.
    2013-03-26 20:14:49.65 Server CLR version v4.0.30319 loaded.
    2013-03-26 20:14:49.81 spid3s Resource governor reconfiguration succeeded.
    2013-03-26 20:14:49.81 spid3s SQL Server Audit is starting the audits. This is an informational message. No user action is required.
    2013-03-26 20:14:49.81 spid3s SQL Server Audit has started the audits. This is an informational message. No user action is required.
    2013-03-26 20:14:49.82 Server Common language runtime (CLR) functionality initialized using CLR version v4.0.30319 from C:\Windows\Microsoft.NET\Framework64\v4.0.30319\.
    2013-03-26 20:14:49.82 spid3s SQL Trace ID 1 was started by login “sa”.
    2013-03-26 20:14:49.82 spid3s Server name is ‘TAMIAM-WYSOCDA’. This is an informational message only. No user action is required.
    2013-03-26 20:14:49.83 spid13s The server could not load the certificate it needs to initiate an SSL connection. It returned the following error: 0x8009030d. Check certificates to make sure they are valid.
    2013-03-26 20:14:49.83 spid13s Error: 26014, Severity: 16, State: 1.
    2013-03-26 20:14:49.83 spid13s Unable to load user-specified certificate [Cert Hash(sha1) "13F7EB4B77CF3FA38BF6F618E22D60F79B06DB6A"]. The server will not accept a connection. You should verify that the certificate is correctly installed. See “Configuring Certificate for Use by SSL” in Books Online.
    2013-03-26 20:14:49.83 spid3s Failed to verify Authenticode signature on DLL ‘C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\ftimport.dll’.
    2013-03-26 20:14:49.83 spid3s Starting up database ‘msdb’.
    2013-03-26 20:14:49.83 spid13s Error: 17182, Severity: 16, State: 1.
    2013-03-26 20:14:49.83 spid13s TDSSNIClient initialization failed with error 0x80092004, status code 0x80. Reason: Unable to initialize SSL support. Cannot find object or property.
    2013-03-26 20:14:49.83 spid9s Starting up database ‘mssqlsystemresource’.
    2013-03-26 20:14:49.83 spid13s Error: 17182, Severity: 16, State: 1.
    2013-03-26 20:14:49.83 spid13s TDSSNIClient initialization failed with error 0x80092004, status code 0x1. Reason: Initialization failed with an infrastructure error. Check for previous errors. Cannot find object or property.
    2013-03-26 20:14:49.83 spid13s Error: 17826, Severity: 18, State: 3.
    2013-03-26 20:14:49.83 spid13s Could not start the network library because of an internal error in the network library. To determine the cause, review the errors immediately preceding this one in the error log.
    2013-03-26 20:14:49.83 spid13s Error: 17120, Severity: 16, State: 1.
    2013-03-26 20:14:49.83 spid13s SQL Server could not spawn FRunCommunicationsManager thread. Check the SQL Server error log and the Windows event logs for information about possible related problems.

    • 1. Do you have any certificates loaded for startup account of SQLServer? 2. Are you installing SQLServer on domain controller?

      • Dave said

        1. Yes, created test certificate according to documentation found on MSDN and added to trusted certificate store.
        2. No, stand alone lap top.

        I found a comment where someone worked around the problem by using a different name for the instance instead of the default. Decided to try this and the install completed and services now start.

        I have created a empty test database and then tried to create the first table within the database using MS SQL Management Studio GUI tools.

        I now get the following error:

        ==================================

        Exception has been thrown by the target of an invocation. (SQLEditors)

        ——————————
        Program Location:

        at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandleInternal& ctor, Boolean& bNeedSecurityCheck)
        at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean skipCheckThis, Boolean fillCache, StackCrawlMark& stackMark)
        at System.RuntimeType.CreateInstanceDefaultCtor(Boolean publicOnly, Boolean skipCheckThis, Boolean fillCache, StackCrawlMark& stackMark)
        at System.Activator.CreateInstance[T]()
        at Microsoft.SqlServer.Management.DataTools.Providers.Common.CommonConnectionProperties`1..ctor()
        at Microsoft.SqlServer.Management.DataTools.Providers.Common.CommonProviderObjectFactory`3.CreateObject(Type objType)
        at Microsoft.SqlServer.Management.DataTools.Providers.SqlServer.SqlProviderObjectFactory.CreateObject(Type objType)
        at Microsoft.SqlServer.Management.DataTools.DataServices.DataProvider.CreateObject(Guid dataSource, Type objType)
        at Microsoft.SqlServer.Management.DataTools.DataServices.DataProvider.CreateConnectionProperties(Guid dataSource)
        at Microsoft.SqlServer.Management.DataTools.DataServices.DataProviderManager.CreateConnectionProperties(Guid provider)
        at Microsoft.SqlServer.Management.DataTools.Providers.SqlServer.SqlDataSourceSpecializer.DeriveDataSource(String connectionString)
        at Microsoft.SqlServer.Management.DataTools.DataServices.DataProvider.DeriveDataSource(String connectionString)
        at Microsoft.SqlServer.Management.DataTools.DataServices.DataConnection.SetConnectionStrings(String connectionString)
        at Microsoft.SqlServer.Management.DataTools.DataServices.DataConnection..ctor(DataProvider provider, String connectionString, Boolean encryptedString)
        at Microsoft.SqlServer.Management.DataTools.DataServices.DataConnectionFactory.CreateDataConnectionImpl(Guid provider, String connectionString, Boolean encryptedString)
        at Microsoft.SqlServer.Management.Data.DataConnectionFactory.CreateDataConnection(Guid provider, String connectionString, Boolean encryptedString)
        at Microsoft.SqlServer.Management.DataTools.DataServices.DataConnectionManager.CreateDataConnection(Guid provider, String connectionString, Boolean encryptedString)
        at Microsoft.SqlServer.Management.Data.DataConnectionManager.GetDataConnection(Guid provider, String connectionString, Boolean encryptedString, Boolean update)
        at Microsoft.SqlServer.Management.DataTools.DataServices.DataConnectionManager.Microsoft.SqlServer.Management.Data.Interop.IVsDataConnectionManager.GetDataConnection(Guid& guidProvider, String bstrConnectionString, Boolean fEncryptedString)
        at Microsoft.SqlServer.Management.UI.VSIntegration.Editors.VsDataDesignerNode.CreateDesigner()
        at Microsoft.SqlServer.Management.UI.VSIntegration.Editors.VsDataDesignerNode.Open()
        at Microsoft.SqlServer.Management.UI.VSIntegration.Editors.VirtualProject.CreateDesigner(Urn origUrn, DocumentType editorType, DocumentOptions aeOptions, IManagedConnection con, String fileName)
        at Microsoft.SqlServer.Management.UI.VSIntegration.Editors.VirtualProject.Microsoft.SqlServer.Management.UI.VSIntegration.Editors.ISqlVirtualProject.CreateDesigner(Urn origUrn, DocumentType editorType, DocumentOptions aeOptions, IManagedConnection con, String fileName)
        at Microsoft.SqlServer.Management.UI.VSIntegration.Editors.ISqlVirtualProject.CreateDesigner(Urn origUrn, DocumentType editorType, DocumentOptions aeOptions, IManagedConnection con, String fileName)
        at Microsoft.SqlServer.Management.UI.VSIntegration.Editors.VsDocumentMenuItem.CreateDesignerWindow(IManagedConnection mc, DocumentOptions options)

        ===================================

        The ‘DbProviderFactories’ section can only appear once per config file. (System.Configuration)

        ——————————
        Program Location:

        at System.Configuration.BaseConfigurationRecord.EvaluateOne(String[] keys, SectionInput input, Boolean isTrusted, FactoryRecord factoryRecord, SectionRecord sectionRecord, Object parentResult)
        at System.Configuration.BaseConfigurationRecord.Evaluate(FactoryRecord factoryRecord, SectionRecord sectionRecord, Object parentResult, Boolean getLkg, Boolean getRuntimeObject, Object& result, Object& resultRuntimeObject)
        at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(String configKey, Boolean getLkg, Boolean checkPermission, Boolean getRuntimeObject, Boolean requestIsHere, Object& result, Object& resultRuntimeObject)
        at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(String configKey, Boolean getLkg, Boolean checkPermission, Boolean getRuntimeObject, Boolean requestIsHere, Object& result, Object& resultRuntimeObject)
        at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(String configKey, Boolean getLkg, Boolean checkPermission, Boolean getRuntimeObject, Boolean requestIsHere, Object& result, Object& resultRuntimeObject)
        at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(String configKey, Boolean getLkg, Boolean checkPermission, Boolean getRuntimeObject, Boolean requestIsHere, Object& result, Object& resultRuntimeObject)
        at System.Configuration.BaseConfigurationRecord.GetSection(String configKey)
        at System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(String sectionName)
        at System.Configuration.ConfigurationManager.GetSection(String sectionName)
        at System.Configuration.PrivilegedConfigurationManager.GetSection(String sectionName)
        at System.Data.Common.DbProviderFactories.Initialize()
        at System.Data.Common.DbProviderFactories.GetFactory(String providerInvariantName)
        at Microsoft.SqlServer.Management.ConnectionUI.AdoDotNetConnectionProperties..ctor(String providerName)
        at Microsoft.SqlServer.Management.ConnectionUI.SqlConnectionProperties..ctor()

  4. […] 1. If your issue is more complicated then there is slight different approach to fix on Karthick blog: http://mssqlwiki.com/2012/04/19/sqlserver-initializing-the-fallback-certificate-failed-with-error-co&#8230; […]

  5. […] (SQLServer) Initializing the FallBack certificate failed with error code: 1, state: 1, error number:… […]

  6. wooleestylist.com

    (SQLServer) Initializing the FallBack certificate failed with error code: 1, state: 1, error number: -2146893802. « MSSQLWIKI

  7. Oh my goodness! Incredible article dude! Thanks, However I am having problems with your RSS.

    I don’t know why I cannot subscribe to it.
    Is there anyone else having similar RSS issues? Anybody who knows the answer will you kindly respond?
    Thanx!!

  8. Martin said

    I ran this program and I get this message

    Unable to open Keyset.CryptAcquireContext Failed with error: 0x80090016.
    Will try creating key
    CryptAcquireContext failed creating key.Error: 0x8009000F
    Handle could not be released.

    Any ideas?

  9. Summoners War Sky Arena hack download

    (SQLServer) Initializing the FallBack certificate failed with error code: 1, state: 1, error number: -2146893802. « MSSQLWIKI

  10. Read More said

    Read More

    (SQLServer) Initializing the FallBack certificate failed with error code: 1, state: 1, error number: -2146893802. « MSSQLWIKI

  11. fantastic publish, very informative. I’m wondering why the opposite experts of this sector don’t
    notice this. You should proceed your writing. I am
    confident, you have a great readers’ base already!

  12. throne rush cheats no surveys

    (SQLServer) Initializing the FallBack certificate failed with error code: 1, state: 1, error number: -2146893802. « MSSQLWIKI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
Follow

Get every new post delivered to your Inbox.

Join 2,135 other followers

%d bloggers like this: