Problems Using Certificate with Virtual Name in Clustered SQL Servers (283794)


The information in this article applies to:

  • Microsoft Windows 2000 Server SP1
  • Microsoft Windows 2000 Advanced Server SP1
This article was previously published under Q283794

SYMPTOMS

In a Windows 2000-based cluster, Microsoft SQL Server may not start from Cluster Administrator if a certificate with the virtual server name is installed.

RESOLUTION

To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to Obtain the Latest Windows 2000 Service Pack

The English version of this fix should have the following file attributes or later: 
   Date        Time    Version        Size     File name
   --------------------------------------------------------
   09/18/2000  11:10a  5.0.2195.2228  144,144  Dssbase.dll
   09/18/2000  11:10a  5.0.2195.2228  146,192  Dssenh.dll
   01/10/2001  10:15p  5.0.2195.2228  164,112  Instdss5.dll
   09/18/2000  11:10a  5.0.2195.2228  131,344  Rsabase.dll
   09/18/2000  11:10a  5.0.2195.2228  133,904  Rsaenh.dll

WORKAROUND

If you do not want to use SQL Server encryption, but you need a certificate for another program, use a Server certificate for that program and register it in a User Account store. (In the Certificate snap-in in MMC, click My user account and put it in personal.) You can then use this account to run your program and start SQL Server with another account so that it does not recognize this certificate.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Windows 2000 Service Pack 2.

MORE INFORMATION

This problem can occur immediately after installing SQL Server 2000, upgrading to SQL Server 2000 on the cluster, or adding a certificate with the virtual server name. SQL Server 2000 recognizes this certificate name when it is started and applies SSL security, so that Cluster Manager cannot connect to it and places SQL Server offline.

When this occurs, the following error messages that are related to SSL security are logged in the Cluster log:
00000584.00000630::2000/12/18-14:08:09.126 SQL Server SQL Server (FEMS): [sqsrvres] checkODBCConnectError: sqlstate = 01000; native error = 308; message = [Microsoft][ODBC SQL Server Driver][DBNETLIB]ConnectionOpen (SECDoClientHandshake()).

00000584.00000630::2000/12/18-14:08:29.376 SQL Server SQL Server (FEMS): [sqsrvres] ODBC sqldriverconnect failed

00000584.00000630::2000/12/18-14:08:29.376 SQL Server SQL Server (FEMS): [sqsrvres] checkODBCConnectError: sqlstate = 08001; native error = 12; message = [Microsoft][ODBC SQL Server Driver][DBNETLIB]SSL Security error
If you start SQL Server without Cluster Manager, client programs cannot connect to SQL Server for the same SSL security reasons.
Modification Type:MinorLast Reviewed:9/26/2005
Keywords:kbHotfixServer kbQFE kbbug kbfix kbQFE kbWin2000PreSP2Fix KB283794
©2004 Microsoft Corporation. All rights reserved.