Solved

Upgrading SQL Express to SQL Enterprise = Error " The certificate cannot be dropped..."

Posted on 2008-06-20
4
1,463 Views
Last Modified: 2008-09-02
Hi all,

I'm upgrading a server from SQL Express to SQL Enterprise 2005.  
I initiated the upgrade from command line using the SKUUPGRADE=1 switch and all was going well until it reached the database services module when an error appeared:

"SQL Server Setup has encountered the following problem: [Microsoft][SQL Native Client][SQL Server]The certificate cannot be dropped because one or more entities are either signed or encrypted using it.. To continue, correct the problem, and then run SQL Server Setup again."

Now if I go control panel>add remove apps> SQL server 2005>CHANGE  I have an option to "Complete the suspended installation" which, of course, merely recreates the same error...

I have googled the error message and I have not found much in the way of answers,...
These two links deal with the subject:
http://forums.microsoft.com/msdn/ShowPost.aspx?PostID=2150978&SiteID=1
http://blogs.microsoft.co.il/blogs/applisec/archive/2008/06/15/microsoft-sql-server-2005-database-encryption-step-by-step.aspx

I am aware I have the certificates installed and that I need to "drop" them,..  the question is how?

from T-SQL i ran the following:
SELECT * FROM sys.symmetric_keys
SELECT * FROM sys.certificates
and got this:

##MS_ServiceMasterKey##
(1 row(s) affected)

##MS_SQLResourceSigningCertificate##
##MS_SQLReplicationSigningCertificate##
##MS_SQLAuthenticatorCertificate##
##MS_AgentSigningCertificate##  
##MS_SchemaSigningCertificateB4948FB72D6F99455674FD9457408881BD720CEF##
(5 row(s) affected)

Can someone help me with what to do next?  I gather I need to drop the certificate(s)'' before the upgrade will complete,..

I tried a DROP CERTIFICATE ##MS_AgentSigningCertificate##  
and got: Msg 15559, Level 16, State 1, Line 1
Cannot drop certificate '##MS_AgentSigningCertificate##' because there is a login mapped to it.

Anyway, perhaps also I should mention the server details,..  Its a backup DC running Win2003R2 x32 - the two apps that integrate with SQL are: Symantec BEWS 11d and ScriptLogic Destop Authority - they both have databases originally installed in SQL express that I now

BTW --------------  IF I HIT 'RETRY' AFTER THE INITIAL ERROR MESSAGE THESE ERRORS THEN APPEAR:

"SQL Server Setup has encountered the following problem: [Microsoft][SQL Native Client]Shared Memory Provider: No process is on the other end of the pipe.
. To continue, correct the problem, and then run SQL Server Setup again."

"SQL Server Setup has encountered the following problem: [Microsoft][SQL Native Client]Communication link failure. To continue, correct the problem, and then run SQL Server Setup again."
-----------------

The server runs two apps that run databases in SQL, Symantec BEWS 11d & ScriptLogic desktop Authority, I would imagine one of them has created certificates etc,..

I just don't know where to look or how to affect these required changes so the upgrade can complete.  Any advise or help GREATLY appreciated!  
0
Comment
Question by:Will-Way
  • 3
4 Comments
 
LVL 4

Expert Comment

by:zx10r
ID: 21833084
see if this helps for dropping encryption keys http://technet.microsoft.com/en-us/library/bb630256(SQL.100).aspx
0
 

Author Comment

by:Will-Way
ID: 21833301
OK,... I'll give that a go...
Just gonna back-up the server first ;) - about an hour or so..

I'll let you know what happens
0
 

Author Comment

by:Will-Way
ID: 21837000
Unfortunately I don't seem to be making any progress using the DROP DATABASE ENCRYPTION KEY approach.  I have 2 instances each with 4 databsaes and as far as I can tell they're not encrypted...

Not sure about all the SQL default databases (i.e. master etc..)  - most won't let me perform the operation on...

Tried the upgrade again and same result....

I get the feeling it must be a certificate based thing... I just have no clue how to manipulate these items properly.  Perhaps its either the BEWS install or the Desktop Authority install thats at the root ...? They both created 2 databases each and have logins & services...

My main concern is that while 90% of the upgrade succeeded I still have 2 instances of databases that are in "suspension" and will not allow for SQL SP2 install.... so its all a bit precarious.

Is there any more data I can provide that will help?
0
 

Accepted Solution

by:
Will-Way earned 0 total points
ID: 21846909
Ahhhh, finally,.. the fix.

An undocumenetd T-SQL command:

DROP BUGGERED BITS



:)

Just kidding....  After 10 days of looking for resolution I spent 2 hours uninstalling and reinstalling apps & SQL Server...
Lesson learned: If you use certs/encryption in SQL Express and are thinking upgrade...  DO NOT!  Uninstall SQL Express and install SQL Server from scratch.... much easier.

Case closed
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, when I was asked to create a new SQL 2005 cluster, Microsoft released a new service pack for MS SQL 2005 what is Service Pack 3. When I finished the installation of MS SQL 2005 I found myself troubled why the installation of SP3 failed …
In this article I will describe the Copy Database Wizard method as one possible migration process and I will add the extra tasks needed for an upgrade when and where is applied so it will cover all.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question