Recently I was consulting a customer and they had plans to change certificate used by SQL Server. After making changes to certificate, we found that we were not able to start the SQL Server Service. Let us learn about how to fix error 26014 about unable to load User Specified Certificate.
Below were the errors in the SQL Server ERRORLOG. SQL SERVER – Where is ERRORLOG? Various Ways to Find ERRORLOG Location
2016-06-29 01:59:48.07 Server Error: 26014, Severity: 16, State: 1.
2016-06-29 01:59:48.07 Server Unable to load user-specified certificate [Cert Hash(sha1) “692169CAAE3FA02AB216876A6CC468B60BB4C153”]. The server will not accept a connection. You should verify that the certificate is correctly installed. See “Configuring Certificate for Use by SSL” in Books Online.
2016-06-29 01:59:48.07 Server Error: 17182, Severity: 16, State: 1.
2016-06-29 01:59:48.07 Server TDSSNIClient initialization failed with error 0x80092004, status code 0x80. Reason: Unable to initialize SSL support. Cannot find object or property.
I looked into certificate and found that 692169CAAE3FA02AB216876A6CC468B60BB4C153 was a valid thumbprint in properties of certificate. Tried various options and searched on internet.
We also verified that below key has correct thumbprint value. HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\<instance>\MSSQLServer\SuperSocketNetLib
Solution / Workaround:
Finally, we changed the service account from NT SERVICE\MSSQLSERVER to LocalSystem and we were able to start SQL server service.
Let me know if you have faced this error on your production server.
Reference: Pinal Dave (https://blog.sqlauthority.com)