SQL Server Configuration Manager: SSL and Multiple Instances Problem RRS feed

  • Question

  • Hi

    We are trying to setup a number of SQL Server 2005 database instances on a single server. The server has multiple IP addresses bound to its network interface (card). Each instance is configured to listen on a specific (unique) port on and port 1433 on a specific (unique) IP address configured on the network interface. Finally, there is another instance of SQL Server (which also has the Reporting Services, Analysis Services and Integration Services installed) that does not allow remote connections and has TCP/IP disabled.

    SSL is configured for all instances, apart from the non-remote connections instance, as follows: The same self-signed certificate is specified for every instance. This certificate has been configured for all ports and port 1433 on all IPs in use for any of the instances using httpcfg as documented. The Force Encryption option is enabled and the Hide Instance option is disabled.

    All appears to work correctly, and the "The certificate was successfully loaded for encryption" message appears when sp_readerrorlog is run, for the instances it is supposed to. However, at some point a problem occurs. The Force Encryption and Hide Instance labels _disappear_ (leaving blank spaces in the grid) from the interface, with the drop-down settings still visible. This seems to happen after installing an additional instance, although on one occasion it was after the 3rd was installed and on another occasion the 4th. Uninstalling the instances (even all of them) does not seem to help - only removing SQL Server 2005 completely and re-installing allowed the labels to re-appear.

    Another concern is that after problem occurs, it appears that the settings are not being interpreted correctly. Even if the certificate is disabled for an instance, the message "The certificate was successfully loaded for encryption" appears, instead of the instance using a self-signed certificate. Additionally, on some occasions, the values for the Force Encryption and Hide Instance are swapped (or at least the values in the positions that used to be inline with the labels for these options).

    As an additional note, various IIS Web Sites are configured on each of the IPs on the network interface. These are also using the same self-signed certification for SSL and are all using port 443, which none of the SQL server instances are configured to use.

    Any feedback or suggestions on this would be appreciated. Thanks.
    Monday, March 31, 2008 8:26 AM


  • Hi

    It looks as though the problem was that SP2 had not yet been installed for a new instance and installing it for that instance resulted in the labels re-appearing and the settings appearing in the correct order once again. I'll start a new thread if this issue occurs again with SP2 installed on all instances.
    Wednesday, April 2, 2008 9:54 AM