02-21-11, 01:08 #1Registered User
- Join Date
- Feb 2011
Unanswered: Server 2008 R2 with SQL 2008 SP2 Encryption
I really appreciate all that I have read here. I am not a DBA, though am trying to learn - the hard way. I state this because I work with a vendor that has had issues setting up Encryption. I will list all I know in hopes that someone has seen this before.
Windows Server 2008 R2 with SQL 2008 SP2
SQL instances across servers
Servers are clustered - no issues with Validation
SQL works fine - failover verified
Servers are on same subnet
It is requested to Encrypt the Databases.
A CSR was created and submitted to the customer who created the Certificates against the FQDN of the servers and the Cluster FQDN and the certificates can be imported into SQL with no issues.
SQL Services do not start - rebooted several times.
What can cause the SQL services to not start?
Does there have to be a connection to the customer Certificate Servers? The reason I ask is the Application Cluster has some access - for the application only. The DB servers, for the most part, do NOT have visibility into the customer network where the Certificates were created
If there is more that I can provide, please tell me. I am quite perplexed as I have spent many an hour looking through MSDN articles, to no avail.
Thank you for your time.
Last edited by scottvp; 02-21-11 at 01:09. Reason: Spelling
02-21-11, 12:12 #2Resident Curmudgeon
Provided Answers: 54
- Join Date
- Feb 2004
- In front of the computer
The SQL Server error log is the first place that I'd check. You can open SQL Server's ERRORLOG file even if the server itself won't start to see what it might be complaining about.
Also look in the Windows Event Log of the cluster nodes, and if your Windows Edition keeps a separate Event Log for the Cluster check there too. Your primary interest should be the SQL Service from a timespan of about 90 seconds before you attempt to srart the SQL Service until about 180 seconds after you start it, but there might be other items of note in the vicinity so doin't be too picky at first.
Somewhere in that area will be one or more messages that tell you why SQL Server either didn't start at all or failed to come completely online. Once you find that tidbit of information, you can remove or triage whatever is causing the problem, then you should be "good to go" to try to get SQL Server started again.
-PatPIn theory, theory and practice are identical. In practice, theory and practice are unrelated.
02-27-11, 22:13 #3Registered User
- Join Date
- Dec 2002
I'm struggling to understand two parts to this question:
1. The thread title, maybe I just got thrown, but did you mean Windows Server 2008 with SQL 2008 Encryption?
The first time I read it, I thought you were trying to do SQL 2008 R2 and SQL 2008 SP2.
2. The second thing that threw me was this statement:
It is requested to Encrypt the Databases
I am also inferring from your statements that you have set up a 2-node active/passive cluster. Correct?
Here are some things that I learned recently regarding SSL certificates and SQL Server. I do NOT claim to be an expert in this area.
1. We had to use a Computer cert; not a regular SSL cert.
2. The cert had to be located in the "Personal" key store for the local computer account.
3. The cert had to have the FQDN of the SQL instance. In this case, since it's a cluster, you only need one cert, but it must have the FQDN of the virtual SQL Server (the Network Name for the SQL Server resource in Failover Cluster Manager).
4. IF the service won't start, verify that the NT AUTHORITY\NETWORK SERVICE account has permissions to read the certificate that was created.
I'm actually going to be doing some more testing for this next week.
hmscottHave you hugged your backup today?