Results 1 to 3 of 3
  1. #1
    Join Date
    Feb 2011

    Unanswered: Server 2008 R2 with SQL 2008 SP2 Encryption

    I really appreciate all that I have read here. I am not a DBA, though am trying to learn - the hard way. I state this because I work with a vendor that has had issues setting up Encryption. I will list all I know in hopes that someone has seen this before.

    Active Directory

    Windows Server 2008 R2 with SQL 2008 SP2
    SQL instances across servers
    Servers are clustered - no issues with Validation
    SQL works fine - failover verified
    Servers are on same subnet

    It is requested to Encrypt the Databases.

    A CSR was created and submitted to the customer who created the Certificates against the FQDN of the servers and the Cluster FQDN and the certificates can be imported into SQL with no issues.

    SQL Services do not start - rebooted several times.

    What can cause the SQL services to not start?

    Does there have to be a connection to the customer Certificate Servers? The reason I ask is the Application Cluster has some access - for the application only. The DB servers, for the most part, do NOT have visibility into the customer network where the Certificates were created

    If there is more that I can provide, please tell me. I am quite perplexed as I have spent many an hour looking through MSDN articles, to no avail.

    Thank you for your time.
    Last edited by scottvp; 02-21-11 at 01:09. Reason: Spelling

  2. #2
    Join Date
    Feb 2004
    In front of the computer
    Provided Answers: 54
    The SQL Server error log is the first place that I'd check. You can open SQL Server's ERRORLOG file even if the server itself won't start to see what it might be complaining about.

    Also look in the Windows Event Log of the cluster nodes, and if your Windows Edition keeps a separate Event Log for the Cluster check there too. Your primary interest should be the SQL Service from a timespan of about 90 seconds before you attempt to srart the SQL Service until about 180 seconds after you start it, but there might be other items of note in the vicinity so doin't be too picky at first.

    Somewhere in that area will be one or more messages that tell you why SQL Server either didn't start at all or failed to come completely online. Once you find that tidbit of information, you can remove or triage whatever is causing the problem, then you should be "good to go" to try to get SQL Server started again.

    In theory, theory and practice are identical. In practice, theory and practice are unrelated.

  3. #3
    Join Date
    Dec 2002
    I'm struggling to understand two parts to this question:

    1. The thread title, maybe I just got thrown, but did you mean Windows Server 2008 with SQL 2008 Encryption?

    The first time I read it, I thought you were trying to do SQL 2008 R2 and SQL 2008 SP2.

    2. The second thing that threw me was this statement:
    It is requested to Encrypt the Databases
    What kind of encryption are we talking about? I am guessing that it is SSL encryption of the incoming connections using a certificate, correct?

    I am also inferring from your statements that you have set up a 2-node active/passive cluster. Correct?

    Here are some things that I learned recently regarding SSL certificates and SQL Server. I do NOT claim to be an expert in this area.

    1. We had to use a Computer cert; not a regular SSL cert.

    2. The cert had to be located in the "Personal" key store for the local computer account.

    3. The cert had to have the FQDN of the SQL instance. In this case, since it's a cluster, you only need one cert, but it must have the FQDN of the virtual SQL Server (the Network Name for the SQL Server resource in Failover Cluster Manager).

    4. IF the service won't start, verify that the NT AUTHORITY\NETWORK SERVICE account has permissions to read the certificate that was created.

    I'm actually going to be doing some more testing for this next week.


    Have you hugged your backup today?

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts