none
Install Failure - Certificate Chain Trust? RRS feed

  • Question

  • UPDATED AT END:

    Hello Community,

    I'm trying to do a basic install of SQL Server Express 2008 on an XP SP3 machine.  It had been working prior to an install of Visual Studio 2008 (with SQL).  I had to uninstall and reinstall for testing purposes.  Now I can't get an install to complete.  After days of uninstalling and reinstalling, including blowing out all Visual Studio stuff, all .net stuff, and reinstalling .net 3.5 SP1 (no Visual Studio), I still can't get SQL Server Express 2008 installed (and running, that is...the management studio and config manger get installed).  Here is the error on install:

    "A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.)"

    I have no idea why certificates are even looked at.  I've verified in the Configuration Manager that Encryption is set to "No".  I have full admin rights on the machine.

    Trying to stop and start the SQL server in the config manager now yields a new clue in the error log:

    "Server      A self-generated certificate was successfully loaded for encryption"

    OK, that's good.  However, now I see this after a timeout error on attempt to startup:

    "FCB::Open failed: Could not open file e:\sql10_main_t\sql\mkmastr\databases\objfre\i386\model.mdf for file number 1.  OS error: 21(The device is not ready.)." followed by several similar entries.

    I've never used e: for the install (used c:\ and the download from microsoft) and e:\ is my empty DVD drive.  I found a thread referencing this, and attempted the following string:

    setup.exe /ACTION=REBUILDDATABASE /INSTANCENAME=MSSQLSERVER /SQLSYSADMINACCOUNTS=VLT

    To which things go kablooey and I'm supposed to send information to Microsoft:  main point in the error log is:

    "Microsoft.SqlServer.Configuration.SqlEngine.ValidationException: Missing sa account password. The sa account password is required for SQL Authentication Mode."

    How can I pass this information along in the command line?  Am I on the right track here in solving this?  Any thoughts from you experts for my poor dumb head?

    Thanks,

    Vince

    UPDATED:

    Got the command line stuff figured out and tried to rebuild database.  Alas I'm back to where I started from during the install:

    Microsoft.SqlServer.Configuration.Sco.ScoException: A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.) ---> System.Data.SqlClient.SqlException: A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.)

    Can anybody help with this?

    Thanks.

    • Edited by vincetic Tuesday, March 30, 2010 3:27 PM update
    Tuesday, March 30, 2010 3:13 PM

Answers

  • Hi vincetic,

    This certificate is used as a mechanism to protect SQL Server's login information(including password) when using SQL authentication.

    By default this self-signed certificate should only affect the login information and only when using SQl authentication.

    Based on my research, please export the certificate and delete it by using "certmgr.msc". Then run "setup.exe" to install SQL Server 2008 again.
    You also can add this certificate to the Trusted Root Certification Authorities store to solve this issue.
    In order to do this, please execute:
    Certutil -Addstore -f Root <File.Cer>

    Another possible reason is that you have checked "Force protocol encryption".
    Please run "cliconfg.exe" from windows run dialog to detemine that you didn't check.

    If you have any further question, please let me know.

    Regards,
    Tom Li - MSFT
    Thursday, April 1, 2010 11:03 AM
    Moderator

All replies

  • Brief update:

    I figured out the command line stuff and tried to rebuild the database.  Alas I'm back to where I started:

    Microsoft.SqlServer.Configuration.Sco.ScoException: A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.) ---> System.Data.SqlClient.SqlException: A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.)

     

    Can anybody help with this?

    Thanks,

    Vince

    Tuesday, March 30, 2010 3:29 PM
  • Hi vincetic,

    This certificate is used as a mechanism to protect SQL Server's login information(including password) when using SQL authentication.

    By default this self-signed certificate should only affect the login information and only when using SQl authentication.

    Based on my research, please export the certificate and delete it by using "certmgr.msc". Then run "setup.exe" to install SQL Server 2008 again.
    You also can add this certificate to the Trusted Root Certification Authorities store to solve this issue.
    In order to do this, please execute:
    Certutil -Addstore -f Root <File.Cer>

    Another possible reason is that you have checked "Force protocol encryption".
    Please run "cliconfg.exe" from windows run dialog to detemine that you didn't check.

    If you have any further question, please let me know.

    Regards,
    Tom Li - MSFT
    Thursday, April 1, 2010 11:03 AM
    Moderator
  • thanx

    Thursday, November 11, 2010 3:26 PM
  • This helped! Thanks =)
    Monday, April 8, 2013 4:00 PM