locked
SQL 2005 / FallBack certificate initialization failed with error code: 1./ Conficker (?) RRS feed

  • Question

  • Hi all,

    Here is the problem, if anyone can help...

    Server was hit by well known Conficker, and after worm has been removed and server restarted, SQL server service cannot be stared anymore.

    Errors reported:

    Server Error: 17190, Severity: 16, State: 1.
    Server FallBack certificate initialization failed with error code: 1.

    Server Error: 17182, Severity: 16, State: 1.
    Server TDSSNIClient initialization failed with error 0x80092004, status code 0x80.

    Server Error: 17182, Severity: 16, State: 1.
    Server TDSSNIClient initialization failed with error 0x80092004, status code 0x1.

    Service has been set up to start under NETWORK SERVICE account, and I am able to change it to LocalSystem and start service (but this is not solution for me) and I am unable to get it back to Network Service account (without error being reported) and to get it back to running state.

    I checked couple of things on the Internet:

    • some suggesting usage of domain accounts (logging in localy in orded to create profile for certificate storage) - not the solution for me at this moment, would like to use Network Service for now
    • saw the thing about disabling VIA - haven't tried

    I suppose Conficker influenced ACL on God know what, and I suppose that might be the reason for these errors.

    Even when I run server under Local System reporting is not working but I guess this is at least second part of the problem, or might be much clearer for solution if I manage to handle server start issue.

    Thursday, March 12, 2009 11:16 PM

All replies

  • I did some digging internally and this error will occur if the service account that SQL is running under does not have permissions to access a pre-existing key container needed to create the self-signed certificate.

    From reading internal reports this can occur for example if you change the service account that SQL Server is running under using Services (modify account on service property page) rather than going through Sql Server Configuration Manager.

    So one thing you can try is starting Sql Server Configuration Manager, modify the service account to Local System, start and stop SQL, then go back to Sql Server Configuration Manager, configure the service to use Network Service, then start SQL (to force changing the account through Sql Server Configuration Manager.

    However in general when you have some virus hit the box the best practice is to flatten the box because you are never sure what the virus modified.
    Friday, March 13, 2009 7:41 PM