SQL Server cannot start: TDSSNIClient initialization failed

While I am on vacation I saw a SQL Server which was not able to start. It reminded me to my last year vacation where I needed to fix a cashier machine with SQL Server Express Edition for a price of a pizza :-). This is not my rate anyway ;-).

Symptom

SQL Server cannot start and you see the following errors:

  • Eventlog errors:
    • EventID: 17190 Description: Initializing the FallBack certificate failed with error code: 1, state: 20, error number: 0.
    • EventID: 17182 Description: TDSSNIClient initialization failed with error 0x80092004, status code 0x80. Reason: Unable to initialize SSL support. Cannot find object or property.
  • SQL Server Error log:
    • Initializing the FallBack certificate failed with error code: 1, state: 20, error number: 0.
    • Unable to initialize SSL encryption because a valid certificate could not be found, and it is not possible to create a self-signed certificate.
    • TDSSNIClient initialization failed with error 0x80092004, status code 0x80. Reason: Unable to initialize SSL support. Cannot find object or property. Error: 17182, Severity: 16, State: 1.

Looks interesting ;-)

Solution

SQL Server generates a self-signed certificate – if it is not available – during the startup process. It is saved in the service account application data folder – for example network service account: %userprofile%\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-xxxxx where xxxxx is specific to your environment.

Somehow the folder lost its default permission: FULL CONTROL to the service account, in this case Network Service.

I added FULL CONTROL to the service account and restarte the SQL Server service w/o any problem.

I hope it helps to others as well and may get a pizza too ;-)

Comments (1) -

So I looked into this and I had the proper permissions.  I was able to create a local account to get the service started back.  I'm thinking I just need to have the entire profile re-created.

Add comment