Article ID: 918644
Bug #: 694 (SQL Hotfix)
Microsoft distributes Microsoft SQL Server 2005 fixes as one downloadable file. Because the fixes are cumulative, each new release contains all the hotfixes and all the security fixes that were included with the previous SQL Server 2005 fix release.
When you install Microsoft SQL Server 2005 Service Pack 1 (SP1) on a computer that is already running SQL Server Integration Services (SSIS), the SSIS service will not start, and the following error message is logged in the system event log:
Note This issue may also occur with the Notification Services (NS) service.
The service did not respond to the start or control request in a timely fashion
This issue occurs because the affected computer cannot reach the http://crl.microsoft.com website. This issue occurs because the following behavior occurs:
To resolve this issue, install the cumulative hotfix package (build 2153) for Microsoft SQL Server 2005. For more information about how to obtain the cumulative hotfix package (build 2153) for SQL Server 2005, click the following article number to view the article in the Microsoft Knowledge Base:
918222Note If you apply the hotfix that is described in Microsoft Knowledge Base article 918222, the problem is resolved. However, the startup of the service is slow.
(http://support.microsoft.com/kb/918222/ )Cumulative hotfix package (build 2153) for SQL Server 2005 is available
You must install all component packages in the order in which they are listed in this article. If you do not install the component packages in the correct order, you may receive an error message. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/919224/ )FIX: You may receive an error message when you install the cumulative hotfix package (build 2153) for SQL Server 2005
To work around this issue, use one of the following methods.
Method 1: Add a new XML tag
If your system has the Microsoft .NET Framework update whose version is either equal to or a later version than the version that is discussed in Microsoft Knowledge Base article 936707
(http://support.microsoft.com/kb/936707), you can work around this issue by adding a new XML tag to disable generatePublisherEvidence. To do this, you must edit the *.exe.config file for the SSIS Services (MsDtsSrvr.exe.config) and the *.exe.config file for any of the SSIS runtimes. This feature disables the CRL check and is included in all hotfixes for the Microsoft .NET Framework starting with the fix described in Microsoft Knowledge Base article 936707. To check whether this update is installed for the version of the .NET Framework 2.0 that is running on your system, you can check the properties of the following file to make sure that it is version 876 or a later revision. (The version number should be 2.0.50727.876 or a later version.)
If you have SSIS 2008 or a later version, the generatePublisherEvidence tag is already included in the config files for all SSIS executables. You do not have to take further action for SQL Server 2008 Integration Services runtimes to avoid the certificate check.
In SQL Server 2005 Integration Services, to avoid the CRL certificate check, this new option can be added in the application configuration file:
This tag goes between the <runtime> </runtime> tag in the config file. You may have to manually add the runtime tags and the generatePublisherEvidence tag if they do not already exist in the *.config file.
Here is an example DTExec.exe.config file for SSIS 2005:
Here is an example of the DTExec.exe.config from SSIS 2008:
Method 2: Configure proxy settingsMake sure that the proxy settings are configured correctly for the service account to access the Internet. For more information about how to use the Proxycfg.exe tool to modify your WinHTTP proxy settings, click the following article number to view the article in the Microsoft Knowledge Base:
841641Microsoft Knowledge Base article 841641 also helps you configure a specific proxy setting if you are running services as a noninteractive account.
(http://support.microsoft.com/kb/841641/ )IIS returns a "403.13 Client Certificate Revoked" error message after you install MS04-011 because of Wininet proxy settings
Method 3: Configure the firewallConfigure your firewall to return a failure status to the application quickly if the firewall blocks access to the http://crl.microsoft.com website.
Note: For more information, see your firewall documentation or contact your firewall provider.
Microsoft has confirmed that this is a bug in the Microsoft products that are listed in the "Applies to" section.
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/824684/ )Description of the standard terminology that is used to describe Microsoft software updates
For more information about Certificate Revocation Lists, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/289749/ )Certificate Revocation Lists (CRLs) and IIS 5.0 frequently asked questions