Tuesday, September 18, 2007

SQL 2005 Won't Start / Upgrade / Install

I racked my brain for a few hours performing an MS SQL 2005 install on one server and an MS SQL 2005 SP2 upgrade on a second. For both I received errors that, after much Googling and trolling of MS's Technet site, I could find no relevant answer.

Basically, if you see the errors as described below while installing MS SQL 2005 or SP2, or suddenly MS SQL 2005 fails to start up on reboot / service restart, maybe this will help you out.

My issue:

  1. On a freshly installed Windows 2003 SP2 server, my installation of MS SQL 2005 would fail if I specified a domain account as the service account to use with the error below in the setup log (seen by canceling the operation and clicking the link provided at the end):


    2. PerfTime Start: Do_sqlScript : Tue Sep 18 11:31:08 2007

    Service MSSQLSERVER with parameters '-m SqlSetup -Q -qSQL_Latin1_General_CP1_CI_AS -T4022 -T3659 -T3610 -T4010' is being started at Tue Sep 18 11:31:08 2007

    Service failed unexpectedly (1067)

    Error Code: 0x8007042b (1067)
    Windows Error Text: The process terminated unexpectedly.

    Source File Name: sqlsetuplib\service.cpp
    Compiler Timestamp: Fri Sep 16 13:20:12 2005
    Function Name: sqls::Service::Start
    Source Line Number: 301

  2. If I installed MS SQL 2005 as LocalSystem then used the SQL Server Configuration Manager to change the service account (per MS KB 283811) the attempt would fail with "WMI Provider Error: Object not found (0x80092004)"

  3. If I used the Services control panel to change the service account, after following MS's KB 283811 on manually making the registry and filesystem changes) the service would fail to start with the following in the SQL ERRORLOG (by default "c:\program files\microsoft sql server\mssql.1\mssql\log\errorlog"):


    4. 2007-09-18 09:16:24.06 spid9s Starting up database 'model'.
    2007-09-18 09:16:24.06 Server Error: 17190, Severity: 16, State: 1.
    2007-09-18 09:16:24.06 Server FallBack certificate initialization failed with error code: 1.
    2007-09-18 09:16:24.06 Server Unable to initialize SSL encryption because a valid certificate could not be found, and it is not possible to create a self-signed certificate.
    2007-09-18 09:16:24.06 Server Error: 17182, Severity: 16, State: 1.
    2007-09-18 09:16:24.06 Server TDSSNIClient initialization failed with error 0x80092004, status code 0x80.
    2007-09-18 09:16:24.06 Server Error: 17182, Severity: 16, State: 1.
    2007-09-18 09:16:24.06 Server TDSSNIClient initialization failed with error 0x80092004, status code 0x1.
    2007-09-18 09:16:24.06 Server Error: 17826, Severity: 18, State: 3.
    2007-09-18 09:16:24.06 Server Could not start the network library because of an internal error in the network library. To determine the cause, review the errors immediately preceding this one in the error log.
    2007-09-18 09:16:24.06 Server Error: 17120, Severity: 16, State: 1.
    2007-09-18 09:16:24.06 Server SQL Server could not spawn FRunCM thread. Check the SQL Server error log and the Windows event logs for information about possible related problems.

    And the following events would appear in the Event Viewer, Application log:

    Event Type: Error
    Event Source: MSSQLSERVER
    Event Category: (2)
    Event ID: 17120
    Date: 9/18/2007
    Time: 4:44:18 PM
    User: N/A
    Computer: XXXXXXXXXX
    Description:
    SQL Server could not spawn FRunCM thread. Check the SQL Server error log and the Windows event logs for information about possible related problems.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Data:




    Event Type: Error
    Event Source: MSSQLSERVER
    Event Category: (2)
    Event ID: 17826
    Date: 9/18/2007
    Time: 4:44:18 PM
    User: N/A
    Computer: XXXXXXXXXXXX
    Description:
    Could not start the network library because of an internal error in the network library. To determine the cause, review the errors immediately preceding this one in the error log.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Data:




    Event Type: Error
    Event Source: MSSQLSERVER
    Event Category: (2)
    Event ID: 17182
    Date: 9/18/2007
    Time: 4:44:18 PM
    User: N/A
    Computer: XXXXXXXXXXX
    Description:
    TDSSNIClient initialization failed with error 0x80092004, status code 0x1.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Data:




    Event Type: Error
    Event Source: MSSQLSERVER
    Event Category: (2)
    Event ID: 17182
    Date: 9/18/2007
    Time: 4:44:18 PM
    User: N/A
    Computer: XXXXXXXXXXX
    Description:
    TDSSNIClient initialization failed with error 0x80092004, status code 0x80.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Data:



    Event Type: Error
    Event Source: MSSQLSERVER
    Event Category: (2)
    Event ID: 17190
    Date: 9/18/2007
    Time: 4:44:18 PM
    User: N/A
    Computer: XXXXXXXXXXX
    Description:
    FallBack certificate initialization failed with error code: 1.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Data:



    Event Type: Error
    Event Source: MSSQLSERVER
    Event Category: (2)
    Event ID: 15466
    Date: 9/18/2007
    Time: 4:44:18 PM
    User: N/A
    Computer: XXXXXXXXXXXX
    Description:
    An error occurred during decryption.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Data:

  4. Even more perplexing was if I used LocalSystem or the local administrator's account, or my own domain account, the installation would proceed fine or the SSCM would properly change the account.



For me the problem was that we were deploying a custom "default user" profile to these servers. The error resulted because when our service account logged in, it's profile was created in "C:\Documents and Settings" for the first time as a copy of the "Default User" profile stored there. There were actually two issues with the "Default User" profile we created:

  1. On one of the servers, the permissions were wrong for "C:\Documents and Settings\[service account]Application Data\Microsoft\Crypto\RSA" (the Server\Administrators group had no access).

  2. On a second server, the "Default User" profile didn't contain an "NTUSER.DAT" file (apparently it was in use during the deployment of the profile and wasn't copied in



When we used my domain account or the local administrator account, since we had already logged in we had a previously-existing profile with the correct rights and, obviously, with an NTUSER.DAT file.

My resolution:

  • On the server with incorrect permissions: grant local Administrators group full access to C:\Documents and Settings\[service account]\Application Data\Microsoft\Crypto

  • On the server with a missing NTUSER.DAT file: I also copied in the original (backed up) "Default User\NTUSER.DAT" file to the service account's profile folder.



Additional issues:
I've seen this Default User fiasco also affect SSL certificate assignments in IIS if the service account the application pools are running under suffer from the same issues as listed above.
Posted by Aaron Dodd at 1:58 PM
Labels: ,

2 comments:

Anonymous said...

See http://www.jowie.com/blog/post/2008/05/13/SQL-Server-2005-fails-to-start-when-trying-to-use-a-self-signed-certificate.aspx for another good discussion of this problem.

May 13, 2009 10:41 AM
Anonymous said...

Good Day! Margaret Brown . payday loans

June 9, 2010 1:14 PM

Post a Comment

Subscribe to: Post Comments (Atom)