none
Error: 15116, Password validation failed in SQL 2008

    Question

  • I am upgrading from SQL 2000 to SQL 2008 the default instance on a Server 2003. 
    In addition, I have a named instance for both 2000 and 2008 on the same server. 
    I am getting the following error (found in the ERRORLOG file):
      Signing sps ...
      Error: 15116, Severity:21 Stat: 2
      Password validation failed. The password does not meet windows policy requirements because it is too short.
    Per the post 'SP1 install problem with password' , the problem is that Microsoft is trying to create a cert as follows:
      create certificate [##MS_AgentSigningCertificate##]
       encryption by password = 'Yukon90_'
       with subject = 'MS_AgentSigningCertificate'
    My domain policy is minimum of 12 characters.  I have tried the reg hack, but after the failed install the -T4606 reg entry was deleted.  I have tried the the quickly copy, but that did not work.  What is the SQL 2008 solution?
    Phil
    PHuhn
    Monday, August 03, 2009 11:04 PM

All replies

  • Hi Phuhn

    This is Mark Han, Microsoft SQL Support Engineer. I'm glad to assist you with the issue.

    According to your description, I know that in the error log, you found the following error. Once the error fixed, I appreciate your confirmation.

    Error
    =========
    Error: 15116, Severity:21 Stat: 2
    Password validation failed. The password does not meet windows policy requirements because it is too short.

    in order to better understand problem, i would like to verify the following
    1 the error happens when we upgrade the sql 2000 instance to sql 2008. if not, please tell me what action is done, when the issue happens.

    2 if the error happens when we upgrade the sql 2000 instance to sql 2008, we also need to analysis the setup log. By default, they are located at: %ProgramFiles%\Microsoft SQL Server\100\Setup Bootstrap\Log\ -- Send all the files in this folder with zip format to me

    if you have any questions on the above, please let me know. Thanks.

    Regards.
    Mark Han
    Wednesday, August 05, 2009 9:13 AM
  • Hi Mark:
    I am currently working in vm environment and I will have to work on a means to exchange info with the real world.
    I think you want the latest time-stamp directory.
    Phil
    PHuhn
    Saturday, August 08, 2009 3:48 AM
  • Hi Phuhn

    Thank you for the update.

    According to your description, I understand that you have a busy schedule to handle other problem.

    in order to better assist you with the issue, they are 2 options for you.
    1 leave the issue and when you have time, you could post the question here again.
    2 upload sql setup files in you skydrive space (www.skydrive.live.com) and only shared it with us (support-sqlforum@live.com). after that, please post the status of the issue here and then I will download the requested files and do further research to post an appropriate action plan for you.

    if you have any questions on the above, please let me know. Thanks

    Regards
    Mark Han
    Monday, August 10, 2009 3:24 AM
  • Hi Mark,

    This same issue had been seen in Sql Server 2005 when upgrading from ealier version or service packs while the security policy requires password length greater than 8. It had been beaten to death in the following thread. It is so surprising that the very defect is seen in Sql Server 2008 again. Would it be so simple to update the mentioned upgrade script to include a strong password and be more than 15 chars (minimal requirement by the Department of Defence DIACAP)?

    http://social.msdn.microsoft.com/Forums/en-US/sqlsetupandupgrade/thread/5ce5ef27-7311-4477-9b48-5f3553fa3c9c


    While at it, can you tell us exactly why this password used for encryption got validated against password policy (I had a theory but...)? Also, what is the MS Sql server team doing about this or what the MS suggested workaround would be (disable the password policy when upgrading? No, my DoD customer might not like it. Modifying the extracted upgrade script while my unattended install/upgrade is going on?).

    Thanks,

    Ming Qin
    Wednesday, August 12, 2009 5:57 PM
  • Yeah Microsoft fixed the all of the solution for 2005,  they delete the hive before installing the service, so the extra parameter is deleted.  I was unable to copy in an edited copy of the SQL script.  But they still have a password of Yukon90_.
    Phil

    PHuhn
    Tuesday, September 01, 2009 12:44 AM
  • Start

    Run

    secedit /export /cfg C:\new.cfg write this command.

    And open this file of new.cfg with notepad.

    “PasswordComplexity is 1 and change this   as “PasswordComplexity = 0¨

    and more

    MinimumPasswordLength = 4 (or if you want an other number you can use)

    and finaly

    you will run this command

    secedit /configure /db %windir%\security\new.sdb /cfg C:\new.cfg /areas SECURITYPOLICY

    Local computer policy\computer configuration\windows settings\security settings\password policy\

    Thursday, June 23, 2011 6:59 AM