FIX: The SQL Server Integration Services (SSIS) service does not start when you install SQL Server 2005 SP1 on a computer that is already running the SSIS service

Article ID: 918644
Bug #: 694 (SQL Hotfix)
Microsoft distributes Microsoft SQL Server 2005 fixes as one downloadable file. Because the fixes are cumulative, each new release contains all the hotfixes and all the security fixes that were included with the previous SQL Server 2005 fix release.
Expand all | Collapse all

On This Page

SYMPTOMS

When you install Microsoft SQL Server 2005 Service Pack 1 (SP1) on a computer that is already running SQL Server Integration Services (SSIS), the SSIS service will not start, and the following error message is logged in the system event log:
The service did not respond to the start or control request in a timely fashion
Note This issue may also occur with the Notification Services (NS) service.
Back to the top | Give Feedback

CAUSE

This issue occurs because the affected computer cannot reach the http://crl.microsoft.com website. This issue occurs because the following behavior occurs:
  • When the Microsoft .NET Framework starts the SSIS service, the .NET Framework calls the CryptoAPI function to verify the certificates that are assigned to the SQL Server assembly files.
  • The CryptoAPI function checks a Certificate Revocation List (CRL) that is available at the http://crl.microsoft.com website. This action requires an Internet connection.
  • If the Internet connection is blocked, the outgoing HTTP requests may be dropped. Therefore, an error message is not returned. Additionally, the long delay causes the CRL check to time out.
  • The Service Control Manager (SCM) determines that the SSIS service is taking too long to start. Therefore, the SCM reports the error message, and the SSIS service is not started.
Back to the top | Give Feedback

RESOLUTION

To resolve this issue, install the cumulative hotfix package (build 2153) for Microsoft SQL Server 2005. For more information about how to obtain the cumulative hotfix package (build 2153) for SQL Server 2005, click the following article number to view the article in the Microsoft Knowledge Base:
918222
(http://support.microsoft.com/kb/918222/ )
Cumulative hotfix package (build 2153) for SQL Server 2005 is available
Note If you apply the hotfix that is described in Microsoft Knowledge Base article 918222, the problem is resolved. However, the startup of the service is slow.

You must install all component packages in the order in which they are listed in this article. If you do not install the component packages in the correct order, you may receive an error message. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
919224
(http://support.microsoft.com/kb/919224/ )
FIX: You may receive an error message when you install the cumulative hotfix package (build 2153) for SQL Server 2005
Back to the top | Give Feedback

WORKAROUND

To work around this issue, use one of the following methods.

Method 1: Add a new XML tag


If your system has the Microsoft .NET Framework update whose version is either equal to or a later version than the version that is discussed in Microsoft Knowledge Base article 936707
(http://support.microsoft.com/kb/936707)
, you can work around this issue by adding a new XML tag to disable generatePublisherEvidence. To do this, you must edit the *.exe.config file for the SSIS Services (MsDtsSrvr.exe.config) and the *.exe.config file for any of the SSIS runtimes. This feature disables the CRL check and is included in all hotfixes for the Microsoft .NET Framework starting with the fix described in Microsoft Knowledge Base article 936707. To check whether this update is installed for the version of the .NET Framework 2.0 that is running on your system, you can check the properties of the following file to make sure that it is version 876 or a later revision. (The version number should be 2.0.50727.876 or a later version.)
C:\Windows\Microsoft.NET\Framework\v2.0.50727\MsCorWks.dll
  • SSIS 2005 Service configuration file
    • C:\Program Files\Microsoft SQL Server\90\DTS\Binn\msdtssrvr.exe.config

  • SSIS 2005 runtime configuration files on 32-bit or 64-bit:
    • C:\Program Files\Microsoft SQL Server\90\DTS\Binn\
      • DTExec.exe.config (command line tool for running SSIS Packages and SSIS Packages from SQL Server Agent jobs)
      • Dtshost.exe.config (for child packages by Execute Package Task)
      • DtsDebugHost.exe.config (for running packages in the BIDS debugger)
      • DTUtil.exe.config
  • Equivalent WOW64 SSIS 2005 runtime configuration files for running 32-bit SSIS packages on a 64-bit computer:
    • C:\Program Files (x86)\Microsoft SQL Server\90\DTS\Binn\DTExec.exe.config
      • DTExec.exe.config (command line tool for running SSIS Packages and SSIS Packages from SQL Server Agent jobs)
      • Dtshost.exe.config (for child SSIS packages from the Execute Package Task)
      • DtsDebugHost.exe.config (for running SSIS packages in the BIDS debugger)
      • DTUtil.exe.config
      • DTSWizard.exe.config (for the Import Export Wizard which uses SSIS packages internally)


  • For SSIS 2005 if you have a custom executable that loads SSIS runtimes programmatically, you may to edit custom application’s config file.

    Note Your Program Files folder location may vary based on customizations made during your SQL Server 2005 installation. If unsure where SSIS is installed, check the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\90\DTS\Setup\ for the string value of SQLPath.

If you have SSIS 2008 or a later version, the generatePublisherEvidence tag is already included in the config files for all SSIS executables. You do not have to take further action for SQL Server 2008 Integration Services runtimes to avoid the certificate check.

In SQL Server 2005 Integration Services, to avoid the CRL certificate check, this new option can be added in the application configuration file:
<generatePublisherEvidence enabled="false"/>

This tag goes between the <runtime> </runtime> tag in the config file. You may have to manually add the runtime tags and the generatePublisherEvidence tag if they do not already exist in the *.config file.

Here is an example DTExec.exe.config file for SSIS 2005:

<configuration>

    <startup>

        <requiredRuntime version="v2.0.50727"/>

    </startup>

    <runtime>

        <generatePublisherEvidence enabled="false"/>

    </runtime>

</configuration>

Here is an example of the DTExec.exe.config from SSIS 2008:

<configuration>
    <startup>
        <requiredRuntime version="v2.0.50727"/>
    </startup>
    <runtime>
        <gcServer enabled="true"/>
        <disableCommitThreadStack enabled="true"/>
        <generatePublisherEvidence enabled="false"/>
    </runtime>
</configuration>

Method 2: Configure proxy settings

Make sure that the proxy settings are configured correctly for the service account to access the Internet. For more information about how to use the Proxycfg.exe tool to modify your WinHTTP proxy settings, click the following article number to view the article in the Microsoft Knowledge Base:
841641
(http://support.microsoft.com/kb/841641/ )
IIS returns a "403.13 Client Certificate Revoked" error message after you install MS04-011 because of Wininet proxy settings
Microsoft Knowledge Base article 841641 also helps you configure a specific proxy setting if you are running services as a noninteractive account.

Method 3: Configure the firewall

Configure your firewall to return a failure status to the application quickly if the firewall blocks access to the http://crl.microsoft.com website.

Note: For more information, see your firewall documentation or contact your firewall provider.
Back to the top | Give Feedback

STATUS

Microsoft has confirmed that this is a bug in the Microsoft products that are listed in the "Applies to" section.
Back to the top | Give Feedback

MORE INFORMATION

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684
(http://support.microsoft.com/kb/824684/ )
Description of the standard terminology that is used to describe Microsoft software updates
Back to the top | Give Feedback

REFERENCES

For more information about Certificate Revocation Lists, click the following article number to view the article in the Microsoft Knowledge Base:
289749
(http://support.microsoft.com/kb/289749/ )
Certificate Revocation Lists (CRLs) and IIS 5.0 frequently asked questions
Back to the top | Give Feedback

Properties

Article ID: 918644 - Last Review: December 30, 2010 - Revision: 3.0
Keywords: 
kbfix kbsql2005setup kbexpertiseinter kbexpertiseadvanced kbtshoot KB918644
Back to the top | Give Feedback

Give Feedback

 
Back to the topBack to the top