Recently, one of my client was trying to troubleshoot the below error which they were getting while trying to start the SQL Server service under the domain account. The interesting thing which they told me was that they are using Read Only Domain Controller (RODC) which I have heard earlier as well. Initially they told that they had an issue with installation when service account was used so they used LocalSystem account and installed SQL Server. But now, as per company standards, they need to use a domain account as the service account.
I asked them to share ERRORLOG with me. Here is the link how you can find the error log location: SQL SERVER – Where is ERRORLOG? Various Ways to Find ERRORLOG Location
Here are the errors which I found in Error Log.
2017-06-12 11:55:21.46 spid10s Unable to initialize SSL encryption because a valid certificate could not be found, and it is not possible to create a self-signed certificate.
2017-06-12 11:55:21.46 spid10s Error: 17182, Severity: 16, State: 1.
2017-06-12 11:55:21.46 spid10s TDSSNIClient initialization failed with error 0x80092004, status code 0x80. Reason: Unable to initialize SSL support. Cannot find object or property.
2017-06-12 11:55:21.46 spid10s Error: 17182, Severity: 16, State: 1.
2017-06-12 11:55:21.46 spid10s TDSSNIClient initialization failed with error 0x80092004, status code 0x1. Reason: Initialization failed with an infrastructure error. Check for previous errors. Cannot find object or property.
2017-06-12 11:55:21.46 spid10s Error: 17826, Severity: 18, State: 3.
2017-06-12 11:55:21.46 spid10s Could not start the network library because of an internal error in the network library. To determine the cause, review the errors immediately preceding this one in the error log.
2017-06-12 11:55:21.46 spid10s Error: 17120, Severity: 16, State: 1.
2017-06-12 11:55:21.46 spid10s SQL Server could not spawn FRunCommunicationsManager thread. Check the SQL Server error log and the Windows event logs for information about possible related problems.
WORKAROUND/SOLUTION – Domain Controller
Based on my research with SQL Server, RODC and encryption, I found that this is reported by many clients on various forums and as per them it started after installation of KB 2992611 or KB 3000850. To work around this issue, you will need to perform the following registry key changes.
We need to create the following key:
- Path : HKLM\Software\Microsoft\Cryptography\Protect\Providers\df9d8cd0-1501-11d1-8c7a-00c04fc297eb
- Name: [ProtectionPolicy] (without square brackets !)
- Value : 1 (DWORD)
When I searched my own blog history, I found that I another blog which talks about the setup issue SQL SERVER – System. Security. Cryptography. CryptographicException – There Was an Error Generating the XML Document
The solution in that blog is also same.
Have you encountered same error on RODC? Please comment and let me know.
Reference: Pinal Dave (https://blog.sqlauthority.com), LinkedIn
4 Comments. Leave new
Hello Pinal
I have also encountered the error you specify above I will test the solution and get back to you with result
Hello Pinal I tried the reghack but I still got the same result, get the XML error when trying to install, if I use local windows accounts this does happen so there is something between RODC and SQL installation
Old post I know, but just wanted to add that I have a domain with no RODC, and was getting the above errors when starting services with a domain account.
Tried the above, and its fixed it! 48 hours of work and that 1 reg key was the fix.
Glad to know that it worked out.