Solved

Change from built in account to domain user for sql services causes SSl cert error

Posted on 2010-11-28
5
473 Views
Last Modified: 2012-06-27
All,

Have recently run through a program of creating defined SQL domain accounts to stop using the built in ones.

All has gone fine, except in multiple machines i get the below error

A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x80090016.

Im guessing this is due to the new domain user account not having access to the old SSL certs, I have linked them through SQL config manager>> protocols but the error still occurs.

is there any way i can give the new domain user rights to these certs, or if not are we ok to use the self generated certificates?

All help appreciated
0
Comment
Question by:slam69
  • 3
  • 2
5 Comments
 
LVL 12

Expert Comment

by:ill
ID: 34228397
try
1. logon on to desktop as sql service domain user
2. insert certificate as logged-in user
0
 
LVL 25

Author Comment

by:slam69
ID: 34229043
Ok,

im stuck at home with a bug now today so will try this when im back in teh office and let you know
0
 
LVL 25

Author Comment

by:slam69
ID: 34231760
hi ill, ok logged in as service user account and unless i give it local admin rights it wont find the cert, this is against what i want to do.

the cert says it comes with a private key so how best to give it teh certificacte without giving it local admin rights?

Many Thanks
0
 
LVL 12

Expert Comment

by:ill
ID: 34236547
I thought once you have the cert key cached for the account , you can remove the admin rights.
If the cert is downloaded each time you may try to:
1. use SQL proxy account or
2. set security on a box to allow non-admin user to write to directory where cert are stored
0
 
LVL 25

Accepted Solution

by:
slam69 earned 0 total points
ID: 34266181
Hi I had to use part of the 2003 tool kit which has an app that allows you to permission individual certificates in teh machine store for non -admin users. you do this through the command line and worked like a charm
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SEO, SSL, and Canonical URL Tags 5 95
Can Unique column have more than one Null? 8 53
Domain Controller FSMO 7 36
Review of a VPN cert policy 4 27
In this article we will get to know that how can we recover deleted data if it happens accidently. We really can recover deleted rows if we know the time when data is deleted by using the transaction log.
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question