DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 900497 - Last Review: September 22, 2006 - Revision: 3.1

SYMPTOMS

When you upgrade Microsoft SQL Server 2000 to Microsoft SQL Server 2005, SQL Server 2005 does not start. The following messages are logged in the Application log:

Message 1
Unable to load user-specified certificate. The server will not accept a connection. You should verify that the certificate is correctly installed. See "Configuring Certificate for Use by SSL" in Books Online.
For more information, see Help and Support Center at http://support.microsoft.com.
Message 2
TDSSNIClient initialization failed with error 0x80092004, status code 0x80.
For more information, see Help and Support Center at http://support.microsoft.com.
Message 3
TDSSNIClient initialization failed with error 0x80092004, status code 0x1.
For more information, see Help and Support Center at http://support.microsoft.com.
Message 4
Could not start the network library because of an internal error in the network library. To determine the cause, review the errors immediately preceding this one in the error log.
For more information, see Help and Support Center at http://support.microsoft.com.

CAUSE

This problem occurs because the value that is stored in the Certificate registry entry is not valid before the upgrade.

If the Certificate registry entry is set to a nonzero value before the upgrade, SQL Server 2005 will migrate the value and use the value. Therefore, if the value is not valid, SQL Server 2005 does not start because SQL Server 2005 cannot locate the corresponding certificate.

RESOLUTION

To resolve this problem, use one of the following methods:
  • Import a valid certificate by using SQL Server Configuration Manager.
  • Clear out the Certificate registry entry so that a value is not set. SQL Server 2005 will use a self-signed certificate.

MORE INFORMATION

SQL Server 2000 and SQL Server 2005 try to always encrypt the logon packet during a connection. Therefore, SQL Server 2000 and SQL Server 2005 try to load a Secure Sockets Layer (SSL) certificate whether data encryption is enabled or not.

When the Certificate registry entry is set to a value that is not valid, SQL Server 2000 starts without loading the certificate on the local computer. Therefore, SQL Server 2000 does not try to encrypt the logon packet. An example of a value that is not valid is 0. When the Certificate registry entry is set to a value that is valid, SQL Server 2000 tries to load a certificate and tries to encrypt the logon packet.

The following registry subkey is the Certificate registry entry for SQL Server 2000:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer\MSSQLServer\SuperSocketNetLib
Value name: Certificate
Type: REG_SZ
Unlike SQL Server 2000, SQL Server 2005 will not let you disable encryption by setting the Certificate registry entry to a value of 0. When you upgrade SQL Server 2000 to SQL Server 2005, SQL Server 2005 clears out the Certificate registry entry if the Certificate registry entry is set to a value of 0. In this situation, SQL Server 2005 generates a self-signed certificate when the instance starts.

The following registry subkey is the Certificate registry entry for SQL Server 2005:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1\MSSQLServer\SuperSocketNetLib
Value name: Certificate
Type: REG_SZ
If the value that is stored in the Certificate registry entry is not valid because of incorrect length, SQL Server 2005 does not start. The following messages are logged in the Application log:

Message 1
TDSSNIClient initialization failed with error 0xd, status code 0x38.
For more information, see Help and Support Center at http://support.microsoft.com.
Message 2
TDSSNIClient initialization failed with error 0xd, status code 0x1.
For more information, see Help and Support Center at http://support.microsoft.com.
Message 3
Could not start the network library because of an internal error in the network library. To determine the cause, review the errors immediately preceding this one in the error log.
For more information, see Help and Support Center at http://support.microsoft.com.
If the value that is stored in the Certificate registry entry is valid, SQL Server 2005 successfully starts, and the following message is logged in the Application log:
The certificate was successfully loaded for encryption.

APPLIES TO
  • Microsoft SQL Server 2005 Developer Edition
  • Microsoft SQL Server 2005 Enterprise Edition
  • Microsoft SQL Server 2005 Express Edition
  • Microsoft SQL Server 2005 Standard Edition
  • Microsoft SQL Server 2005 Workgroup Edition
Keywords: 
kbtshoot kbprb KB900497
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support