FallBack certificate initialization failed with error code: 1

Author Johnny Josefsson on May 6, 2010 | Print | Bookmark
EVENT VIEWER ERRORS:
- FallBack certificate initialization failed with error code: 1

- TDSSNIClient initialization failed with error 0x80092004, status code 0x80

- TDSSNIClient initialization failed with error 0x80092004, status code 0x1
  (not usually) TDSSNIClient initialization failed with error 0x80092004, status code 0x38
  (no usually) TDSSNIClient initialization failed with error 0x80092004, status code 0x90

- Could not start the network library because of an internal error in the network library. To determine the 
  cause, review the errors immediately preceding this one in the error log.

- SQL Server could not spawn FRunCM thread. Check the SQL Server error log and the Windows event logs for
  information about possible related problems

- An error occurred during decryption

Here are some example of problems with this/these errors:
1. Make sure one of the communication protcol is enabled (recommendation is TCP, disable all others!)
2. Disable VIA protocol (server & client)
3. Make sure SQL server service is configured for: ListenALL: YES
4. Make sure IP1 is your servers IP. IP2 should be localhost ip, 127.0.0.1
5. 

WORKAROUND: Make the 'sql server user' Local Administrator on the server...........................

TRYING TO FIND A REAL SOLUTION:
Domain MS SQL Service account: svc-sql_[sqlserver1] - primary group and only membership: Domain Guests
This account only have the absolute minimum permissions and the local security is configured by the installation process
at this account is specified for both MSSQLSERVER and SQL Server Agent account in the setup process. The account is member
of the local group: SQLServer2005MSSQLUser$$MSSQLSERVER

When trying to restart the service and/or install a service pack the above errors occure in the event log.

This is due to some permissions missing:
 1. Add the Domain MS SQL Service account to local Administrators group (before this look below)
 2. Start all MS SQL Services
 3. Make sure the path + file below is created
 4. Stop all MS SQL Services
 5. Remove the Domain MS SQL Service account from the Administrators group
    (may need to repeat these steps 2 or 3 times)

(1) Also make sure the RSA\S-1-5-21 folder in both All Users and Default Users i "deleted" before trying to start/stop the service with the suggest solution above.

(3) Make sure this file is created: C:\Documents and Settings\\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3606175430-82277920-694787335-5928


But the exact permissions needed is for the moment unknown but it could also be due to All Users/Default Users profiles.


[AS OF NOW - THIS DOES NOT WORK]
If your admin users is not logged on/restart and the SQL users is not local admin this will still fail. This is due to the cause that it cannot create/keep the profile folder without admin privs.....



Was this article helpful?

Yes No

Category: Windows, MS SQL

Last updated on June 18, 2010 with 3653 views