Solved

SQL Authentication/SSL Issue

Posted on 2010-08-27
12
567 Views
Last Modified: 2012-05-10
I am having a problem getting authenticated so that I can manage my databases in the Microsoft SQL Server manager. A while back (< 3 months)we had to setup a new password policy and change everyone's passwords and since then we haven't been able to access the account. We've tried taking the policy back and changing the administrator password back to what it was, but to no avail. To get the programs working temporarily I was able to changed the login setting of the SQL services in microsoft management console so they would run and that side is working fine. The databases are functioning correctly and everything is peachy there. The issue is, I need to login so that I can backup the database and I can authenticate. When the login screen pops up for the SQL Server Manager the authentication is set to SQL Server Authentication. SA is the username and the password is saved, we're not sure what it is. I can't find that account in active directory. I've also tried swtiching to Windows authentication, but that also fails. Here's the error message I recieve:

A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.) (Microsoft SQL Server, Error: -2146893019)

The System running the database is a Dell PoweEdge T110
Intel Xeon X3430 @2.4 GHz 2.39 GHz
4 GB of RAM
587 GB of free space
Running Microsoft Server 2003 Standard R2 SP2
Please advise, SQL is not one of my strong suits.
0
Comment
Question by:tylar5000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 4
12 Comments
 
LVL 8

Expert Comment

by:mustaccio
ID: 33543800
0
 
LVL 1

Author Comment

by:tylar5000
ID: 33572503
I will have to give this a shot. Thank you for your response, I will let you know how this goes.

0
 
LVL 1

Author Comment

by:tylar5000
ID: 34037222
Does this still apply on a network where another server is Enterprise CA? This file server states that Certificate Services isn't installed on this machine. The DC has a valid cert that expires in 2013 and everything was working fine until the domain administrator
0
Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

 
LVL 1

Author Comment

by:tylar5000
ID: 34037234
Does this still apply on a network where another server is Enterprise CA? This file server states that Certificate Services isn't installed on this machine. The DC has a valid cert that expires in 2013 and everything was working fine until the domain administrator password changed. OWA still works for the users so the SSL cert is still good right?
0
 
LVL 8

Accepted Solution

by:
mustaccio earned 500 total points
ID: 34037372
SQL Server needs its own certificate, and the fact that your DC has a valid certificate is neither here nor there.
0
 
LVL 1

Author Comment

by:tylar5000
ID: 34052523
Okay so I will need to get one specifically for SQL. Now why would that all of the sudden change when the domain admin password changed or is that a coincidence?
0
 
LVL 8

Expert Comment

by:mustaccio
ID: 34057327
It does look like a coincidence to me.

You can, in addition to fixing the certificate issue, try to reset the sa's password as described here:

http://www.mssqlcity.com/FAQ/Admin/forgot_sa_password.htm

Don't forget to change authentication back to Mixed once you are done.
0
 
LVL 1

Author Comment

by:tylar5000
ID: 34081281
Thank you mustaccio! I will hopefully be at that location this week to give this a shot. I will let you know the outcome.
0
 
LVL 1

Author Comment

by:tylar5000
ID: 34251891
While I'm getting approval to obtain a new cert, I started thinking about something: how did the SQL authenticate before? I searched the server for certificates and I found some in the mysql folder. I tried installing them to their default locations and I'm still getting the same error message.

I guess I'm just not understanding why all of the sudden I started having this problem. That server was just deployed in January, so it's not like the 1 year cert would have expired. It must have gotten lost or corrupted, would it be better to try to find/fix the old one or obtain a new one? All of this happened right at the time we changed the administrator password if that helps.....
0
 
LVL 8

Expert Comment

by:mustaccio
ID: 34252698
See if anything on this page helps: http://msdn.microsoft.com/en-us/library/ms191192.aspx

For example, you could try disabling the connection encryption, at least temporarily. I'm assuming that you are connecting to a remote SQL Server instance, not local.
0
 
LVL 1

Author Comment

by:tylar5000
ID: 34252824
actually I'm connecting to a local instance...that's why this whole thing doesn't make sense to me...but then again I'm no SQL guru.
0
 
LVL 1

Author Closing Comment

by:tylar5000
ID: 34402310
It was a great solution. I'm not sure why this lost its cert, but a new one fixed the issue, and it's running like it did originally. Thanks!
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

All XML, All the Time; More Fun MySQL Tidbits – Dynamically Generate XML via Stored Procedure in MySQL Extensible Markup Language (XML) and database systems, a marriage we are seeing more and more of.  So the topics of parsing and manipulating XM…
Foreword This article was written many years ago, in the days when PHP supported the MySQL extension (http://php.net/manual/en/function.mysql-connect.php).  Today (http://php.net/manual/en/migration70.removed-exts-sapis.php) you would not use MySQL…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question