SQL Server might fail to start with below error
Server Error: 17190, Severity: 16, State: 1.
Server Initializing the FallBack certificate failed with error code: 1, state: 1, error number: -2146893802.
Server Unable to initialize SSL encryption because a valid certificate could not be found, and it is not possible to create a self-signed certificate
Error: 15466, Severity: 16, State: 1.
spid7s An error occurred during decryption.
Cause
CryptAcquireContext function is used by SQL Server to acquire a handle to key containers, create key containers and destroy key containers.
By default CryptAcuireContext function create key in “Roaming\Microsoft\Crypto\..” under path mentioned in below registry
HKEY_USERS\S-1-X-XXX\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
If the AppData Key is missing or if the user don’t have permission in path mentioned in above registry or if user profile is corrupted we might end up with above error.
To narrow down the issue outside SQL-Server run THIS executable which will Open or Create key container if it doesn’t exist. If the exe fails look at error code returned by exe and troubleshoot further.
To check if the problem is because of corrupted profile modify the path mentioned in HKEY_USERS\S-1-X-XXX\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData folder to a
different path and check if the exe is able to create the key container.
Source code for Exe is below
#include <windows.h> #include <string> #include <winbase.h> #include <iostream> using namespace std; #include <Wincrypt.h > void main() { LPCSTR rgwchKeyContName = "Test123456"; HCRYPTPROV m_hCryptoProviderFB; BOOL ret; BOOL ret2; ret=CryptAcquireContext(&m_hCryptoProviderFB, rgwchKeyContName, MS_ENHANCED_PROV, PROV_RSA_FULL, CRYPT_SILENT); if (!ret && GetLastError() == NTE_BAD_KEYSET) { printf("\nUnable to open Keyset.CryptAcquireContext failed with error: 0x%X . \nWe will try creating key",GetLastError()); ret2=CryptAcquireContext(&m_hCryptoProviderFB, rgwchKeyContName, MS_ENHANCED_PROV, PROV_RSA_FULL, CRYPT_NEWKEYSET | CRYPT_SILENT); if (!ret2) { printf("\nCryptAcquireContext failed creating key.Error: 0x%X",GetLastError()); } else { printf("\nKey created"); } exit; } else if (!ret && GetLastError() == NTE_BAD_KEYSET) { printf("CryptAcquireContext failed with error: 0x%X",GetLastError()); } else { printf("CryptAcquireContext opened key. Return value is 0x%X.",ret); } if (CryptReleaseContext(m_hCryptoProviderFB,0)) { printf("\nHandle is released.\n"); } else { printf("\nHandle could not be released.\n"); } }
Thanks
Karthick P.K