Error (From Event logs for SQL Servert):
A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030D. The internal error state is 10001.
Solution:
Go to command prompt from run (run --> cmd) and follow the below steps:
1. Find out the "Unique container name" of your certificate using the command (if you ahve visual studio installed you can use Visual Studio Command Prompt from Tools):
certutil –store my > cert.txt
The command shows all the certs in your machine in a note pad file (cert.txt). Find out the certificate you were looking for and grab the Unique container name and paste it in seperate notepad file for further use
2. Go to the below path from command promot:
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys
3. Make the command with Unique container name grabbed from step 1 and the final command look like below:
icacls
ex:
icacls a53a0c44069b09b6d570109bca6aeb70_eb8b03f7-932b-419b-97a2-06edc57bcde6 /grant "NT Service\MSSQLSERVER":(R)
4. Run this command in the below path using command prompt:
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys>icacls a53a0c44069b09b6d570109bca6aeb70_eb8b03f7-932b-419b-97a2-06edc57bcde6 /grant "NT Service\MSSQLSERVER":(R)
This shows a success count 1 and failed process count 0. That means the permissions are granted for the network service account on the certificate.
5. Restart the SQL Service
Note: This is just from my experience with issues while "Forcing encryption" on SQL Server instance and restarting the SQL service (got the fatal error).
No comments:
Post a Comment