SQL SERVER – Error: 26014 – Unable to Load User-Specified Certificate

After seeing various issues with SQL Server startup problem, I felt that I know almost most of the errors, but I was wrong till someone contacted me with a new error. But I learned that Errorlog is always a good place to start with. SQL SERVER – Where is ERRORLOG? Various Ways to Find ERRORLOG LocationLet us learn in this blog post we are going to learn how to fix unable to load user-specified certificate. Here is what I saw in my client’s machine.

2016-11-03 08:55:09.64 spid9s Server name is ‘SQLSAPPROD\BILLING’. This is an informational message only. No user action is required.
2016-11-03 08:55:09.64 spid9s The NETBIOS name of the local node that is running the server is ‘SQLSAPNODE1’. This is an informational message only. No user action is required.
2016-11-03 08:55:09.64 Server Error: 26014, Severity: 16, State: 1.
2016-11-03 08:55:09.64 Server Unable to load user-specified certificate [Cert Hash(sha1) “FD757A4A777966D5EEB2BD5445D151528E47A62E”]. The server will not accept a connection. You should verify that the certificate is correctly installed. See “Configuring Certificate for Use by SSL” in Books Online.
2016-11-03 08:55:09.64 Server Error: 17182, Severity: 16, State: 1.
2016-11-03 08:55:09.64 Server TDSSNIClient initialization failed with error 0x80092004, status code 0x80. Reason: Unable to initialize SSL support. Cannot find object or property.

Above snippet of ERRORLOG has interesting message “Unable to load user-specified certificate [Cert Hash(sha1) “FD757A4A777966D5EEB2BD5445D151528E47A62E”]. The server will not accept a connection. You should verify that the certificate is correctly installed. See “Configuring Certificate for Use by SSL” in Books Online”

The certificate hash value if picked via “Certificate” registry key and once value is picked, certificate store is checked for the certificate (type, subject, thumbprint etc. would be checked)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL<Version>.<InstanceID>\MSSQLServer\SuperSocketNetLib

Below is the registry key on my client’s computer.

SQL SERVER - Error: 26014 - Unable to Load User-Specified Certificate sql-cert-800x242

The value of <Version> would be dependent on SQL Server version:

MSSQL10SQL Server 2008
MSSQL10_50SQL Server 2008 R2
MSSQL11SQL Server 2012
MSSQL12SQL Server 2014
MSSQL13SQL Server 2016

When I asked my client, they said there is no certificate they are using.

WORKAROUND

If you are not using a certificate, then you can go ahead and clean up the value in the registry. If you are using the certificate, then make sure it is installed correctly and it is having right thumbprint, subject etc.

Reference: Pinal Dave (https://blog.sqlauthority.com)

SQL Certifications, SQL Error Messages, SQL Server, SQL Server Security
Previous Post
SQL SERVER – FIX – Error: 26023 – TCP Port is Already in Use
Next Post
SQL SERVER – Clustered Instance Online Error – SQL Server Network Interfaces: Error Locating Server/Instance Specified [xFFFFFFFF]

Related Posts

2 Comments. Leave new

  • The other possible reason is SQl Server Service account doesn’t have full permission on Certificate private key.
    need to right click on certificate and in manage private key, grant full permission to SQL Server service account.

    Reply
  • kuldeep chanchal
    February 25, 2022 7:26 pm

    we are using the certificate and getting same error: but not sure how we can fix this issue. we are using GMSA as service account

    Reply

Leave a Reply