Solved

Upgrading SQL Express to SQL Enterprise = Error " The certificate cannot be dropped..."

Posted on 2008-06-20
4
1,451 Views
Last Modified: 2008-09-02
Hi all,

I'm upgrading a server from SQL Express to SQL Enterprise 2005.  
I initiated the upgrade from command line using the SKUUPGRADE=1 switch and all was going well until it reached the database services module when an error appeared:

"SQL Server Setup has encountered the following problem: [Microsoft][SQL Native Client][SQL Server]The certificate cannot be dropped because one or more entities are either signed or encrypted using it.. To continue, correct the problem, and then run SQL Server Setup again."

Now if I go control panel>add remove apps> SQL server 2005>CHANGE  I have an option to "Complete the suspended installation" which, of course, merely recreates the same error...

I have googled the error message and I have not found much in the way of answers,...
These two links deal with the subject:
http://forums.microsoft.com/msdn/ShowPost.aspx?PostID=2150978&SiteID=1
http://blogs.microsoft.co.il/blogs/applisec/archive/2008/06/15/microsoft-sql-server-2005-database-encryption-step-by-step.aspx

I am aware I have the certificates installed and that I need to "drop" them,..  the question is how?

from T-SQL i ran the following:
SELECT * FROM sys.symmetric_keys
SELECT * FROM sys.certificates
and got this:

##MS_ServiceMasterKey##
(1 row(s) affected)

##MS_SQLResourceSigningCertificate##
##MS_SQLReplicationSigningCertificate##
##MS_SQLAuthenticatorCertificate##
##MS_AgentSigningCertificate##  
##MS_SchemaSigningCertificateB4948FB72D6F99455674FD9457408881BD720CEF##
(5 row(s) affected)

Can someone help me with what to do next?  I gather I need to drop the certificate(s)'' before the upgrade will complete,..

I tried a DROP CERTIFICATE ##MS_AgentSigningCertificate##  
and got: Msg 15559, Level 16, State 1, Line 1
Cannot drop certificate '##MS_AgentSigningCertificate##' because there is a login mapped to it.

Anyway, perhaps also I should mention the server details,..  Its a backup DC running Win2003R2 x32 - the two apps that integrate with SQL are: Symantec BEWS 11d and ScriptLogic Destop Authority - they both have databases originally installed in SQL express that I now

BTW --------------  IF I HIT 'RETRY' AFTER THE INITIAL ERROR MESSAGE THESE ERRORS THEN APPEAR:

"SQL Server Setup has encountered the following problem: [Microsoft][SQL Native Client]Shared Memory Provider: No process is on the other end of the pipe.
. To continue, correct the problem, and then run SQL Server Setup again."

"SQL Server Setup has encountered the following problem: [Microsoft][SQL Native Client]Communication link failure. To continue, correct the problem, and then run SQL Server Setup again."
-----------------

The server runs two apps that run databases in SQL, Symantec BEWS 11d & ScriptLogic desktop Authority, I would imagine one of them has created certificates etc,..

I just don't know where to look or how to affect these required changes so the upgrade can complete.  Any advise or help GREATLY appreciated!  
0
Comment
Question by:Will-Way
  • 3
4 Comments
 
LVL 4

Expert Comment

by:zx10r
ID: 21833084
see if this helps for dropping encryption keys http://technet.microsoft.com/en-us/library/bb630256(SQL.100).aspx
0
 

Author Comment

by:Will-Way
ID: 21833301
OK,... I'll give that a go...
Just gonna back-up the server first ;) - about an hour or so..

I'll let you know what happens
0
 

Author Comment

by:Will-Way
ID: 21837000
Unfortunately I don't seem to be making any progress using the DROP DATABASE ENCRYPTION KEY approach.  I have 2 instances each with 4 databsaes and as far as I can tell they're not encrypted...

Not sure about all the SQL default databases (i.e. master etc..)  - most won't let me perform the operation on...

Tried the upgrade again and same result....

I get the feeling it must be a certificate based thing... I just have no clue how to manipulate these items properly.  Perhaps its either the BEWS install or the Desktop Authority install thats at the root ...? They both created 2 databases each and have logins & services...

My main concern is that while 90% of the upgrade succeeded I still have 2 instances of databases that are in "suspension" and will not allow for SQL SP2 install.... so its all a bit precarious.

Is there any more data I can provide that will help?
0
 

Accepted Solution

by:
Will-Way earned 0 total points
ID: 21846909
Ahhhh, finally,.. the fix.

An undocumenetd T-SQL command:

DROP BUGGERED BITS



:)

Just kidding....  After 10 days of looking for resolution I spent 2 hours uninstalling and reinstalling apps & SQL Server...
Lesson learned: If you use certs/encryption in SQL Express and are thinking upgrade...  DO NOT!  Uninstall SQL Express and install SQL Server from scratch.... much easier.

Case closed
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Data architecture is an important aspect in Software as a Service (SaaS) delivery model. This article is a study on the database of a single-tenant application that could be extended to support multiple tenants. The application is web-based develope…
In this article I will describe the Copy Database Wizard method as one possible migration process and I will add the extra tasks needed for an upgrade when and where is applied so it will cover all.
In a recent question (https://www.experts-exchange.com/questions/28997919/Pagination-in-Adobe-Acrobat.html) here at Experts Exchange, a member asked how to add page numbers to a PDF file using Adobe Acrobat XI Pro. This short video Micro Tutorial sh…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question