I'm running SQL 2000 Server with Windows service account with a normal user
privileges.
However, whenever I turn on Force Protocol Encryption (the cert is already
installed), the server does not start.
I suspect that it's to do with the service account which does not have
rights to the cert. How do I grant the service account with sufficient
privilege to read the cert so that Force Protocol Encryption can be enabled?
Thanks.How SQL Server uses a certificate when the Force Protocol Encryption option
is set on http://support.microsoft.com/default.aspx?scid=kb;en-us;318605
How SQL Server verifies that a certificate is valid
â?¢ The certificate's Enhanced Key Usage property has to be turned on for
Server Authentication. To verify that the certificate is used for server
authentication, use the Microsoft Management Console (MMC) Certificate
snap-in. Double-click the certificate name, and then select Details. Click
the Enhanced Key Usage property, and then verify that the value is: Server
Authentication(1.3.6.1.5.5.7.3.1).
â?¢ Make sure that the certificate name is the same as the SQL Server FQDN or
the value configured in the registry (as described earlier).
â?¢ You must install the certificate to the Certificates\Current User Personal
Certificates folder while you are logged on as the SQL Server startup
account. This will make sure that the certificate will be put in the Personal
Certificates folder of the SQL Server startup account. If you have logged on
with a user account that is different from the SQL Server startup account,
put the certificate in the Certificates\Local Computer Personal Certificates
folder. This action solves the problem of having certificates stored under
the wrong user account.
To view the Current User folder, follow these steps:1. Logon as the SQL
Server startup account.
2. Use the MMC Certificates snap-in to verify the location of the
certificate.
FIX: Cannot Use Non-Administrator Account to Start SQL Server and Force
Encryption http://support.microsoft.com/default.aspx?scid=kb;en-us;314636
"James" wrote:
> I'm running SQL 2000 Server with Windows service account with a normal user
> privileges.
> However, whenever I turn on Force Protocol Encryption (the cert is already
> installed), the server does not start.
> I suspect that it's to do with the service account which does not have
> rights to the cert. How do I grant the service account with sufficient
> privilege to read the cert so that Force Protocol Encryption can be enabled?
> Thanks.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment