FIX: Error message when you try to install SQL Server 2005: "[Microsoft][SQL Native Client][SQL Server]The certificate cannot be dropped because one or more entities are either signed or encrypted using it"

Article translations Article translations
Article ID: 955920 - View products that this article applies to.
Bug #: 50003040 (SQL Hotfix)
Microsoft distributes Microsoft SQL Server 2005 fixes as one downloadable file. Because the fixes are cumulative, each new release contains all the hotfixes and all the security fixes that were included with the previous SQL Server 2005 fix release.
Expand all | Collapse all

On This Page

SYMPTOMS

When you try to install Microsoft SQL Server 2005, you receive the following error message:
SQL Server Setup has encountered the following problem: [Microsoft][SQL Native Client][SQL Server]The certificate cannot be dropped because one or more entities are either signed or encrypted using it. To continue, correct the problem, and then run SQL Server Setup again.
Additionally, the following error message is logged in the SQL Server 2005 Errorlog file:
SQL_ERROR (-1) in OdbcStatement::execute_batch
sqlstate=01000, level=0, state=1, native_error=0, msg=[Microsoft][SQL Native Client][SQL Server]Signing sps ...
sqlstate=42000, level=16, state=1, native_error=15352, msg=[Microsoft][SQL Native Client][SQL Server]The certificate cannot be dropped because one or more entities are either signed or encrypted using it.
sqlstate=42000, level=16, state=1, native_error=15232, msg=[Microsoft][SQL Native Client][SQL Server]A certificate with name '##MS_AgentSigningCertificate##' already exists or this certificate already has been added to the database.
sqlstate=HY000, level=0, state=0, native_error=0, msg=[Microsoft][SQL Native Client]Unspecified error occurred on SQL Server. Connection may have been terminated by the server.
sqlstate=42000, level=16, state=2, native_error=2745, msg=[Microsoft][SQL Native Client][SQL Server]Process ID 51 has raised user error 50000, severity 20. SQL Server is terminating this process.
sqlstate=HY000, level=20, state=127, native_error=50000, msg=[Microsoft][SQL Native Client][SQL Server]Cannot create ##MS_AgentSigningCertificate## in msdb. INSTMSDB.SQL terminating.
PRINT 'Signing sps ...'
if exists (select * from sys.certificates where name = '##MS_AgentSigningCertificate##')
drop certificate [##MS_AgentSigningCertificate##]
create certificate [##MS_AgentSigningCertificate##]
encryption by password = 'Yukon90_'
with subject = 'MS_AgentSigningCertificate'
IF (@@error <> 0)
RAISERROR('Cannot create ##MS_AgentSigningCertificate## in msdb. INSTMSDB.SQL terminating.', 20, 127) WITH LOG
This problem occurs when build 3156 or a later build of SQL Server 2005 is installed, and one of the following conditions is true:
  • You try to upgrade SQL Server 2005 to a newer version.
  • You use the USESYSDB option to install SQL Server 2005. This option uses the system databases of the existing installation.

RESOLUTION

Cumulative update information

SQL Server 2005 Service Pack 2

Important You must use this fix if you are running SQL Server 2005 Service Pack 2.

The fix for this issue was first released in Cumulative Update 10 for SQL Server 2005 Service Pack 2. For more information about this cumulative update package, click the following article number to view the article in the Microsoft Knowledge Base:
956854 Cumulative update package 10 for SQL Server 2005 Service Pack 2
Note Because the builds are cumulative, each new fix release contains all the hotfixes and all the security fixes that were included with the previous SQL Server 2005 fix release. Microsoft recommends that you consider applying the most recent fix release that contains this hotfix. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
937137 The SQL Server 2005 builds that were released after SQL Server 2005 Service Pack 2 was released
Microsoft SQL Server 2005 hotfixes are created for specific SQL Server service packs. You must apply a SQL Server 2005 Service Pack 2 hotfix to an installation of SQL Server 2005 Service Pack 2. By default, any hotfix that is provided in a SQL Server service pack is included in the next SQL Server service pack.

SQL Server 2005 Service Pack 3

Important You must use this fix if you are running SQL Server 2005 Service Pack 3.

The fix for this issue was also later released in Cumulative Update 1 for SQL Server 2005 Service Pack 3. For more information about this cumulative update package, click the following article number to view the article in the Microsoft Knowledge Base:
959195 Cumulative update package 1 for SQL Server 2005 Service Pack 3
Note Because the builds are cumulative, each new fix release contains all the hotfixes and all the security fixes that were included with the previous SQL Server 2005 fix release. Microsoft recommends that you consider applying the most recent fix release that contains this hotfix. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
960598 The SQL Server 2005 builds that were released after SQL Server 2005 Service Pack 3 was released
Microsoft SQL Server 2005 hotfixes are created for specific SQL Server service packs. You must apply a SQL Server 2005 Service Pack 3 hotfix to an installation of SQL Server 2005 Service Pack 3. By default, any hotfix that is provided in a SQL Server service pack is included in the next SQL Server service pack.

Notes
  • If this problem occurs when you use the USESYSDB option to install SQL Server 2005, apply this hotfix to the source server. After you apply the hotfix, make a copy of the system database files. Use this newer set of system database files when you use the USESYSDB option to install SQL Server 2005.
  • If this problem occurs when you try to upgrade SQL Server 2005 to a newer version, apply this hotfix, and then perform the upgrade.

WORKAROUND

To work around this problem, use one of the following methods.

Method 1

If this problem occurs when you use the USESYSDB option to install SQL Server 2005, follow these steps:
  1. Run the following statements on the existing installation of SQL Server. This operation removes the dependency between the certificate and the sp_validate_user stored procedure.
    USE msdb
    GO
    
    IF (EXISTS (SELECT * FROM msdb.dbo.sysobjects WHERE (name = N'sp_validate_user')))
    DROP PROCEDURE sp_validate_user
    GO
    
  2. Make a copy of the system databases.

    Note To re-create the sp_validate_user stored procedure after you make a copy of the system databases, execute the sysdbupg.sql script that is located in the following folder:
    C:\Program Files\Microsoft SQL Server\MSSQL.x\MSSQL\Install
    Then, run the following statements to make sure that the sp_validate_user stored procedure is in the list of results.
    USE msdb
    GO
    
    SELECT object_name(crypts.major_id) 
    FROM sys.crypt_properties crypts, sys.certificates as certs 
    WHERE crypts.thumbprint = certs.thumbprint and crypts.class = 1 and certs.name = '##MS_AgentSigningCertificate##'
    GO
    
  3. Use the system databases that you copied in step 2 when you install SQL Server 2005 by using the USESYSDB option.
  4. Install SQL Server 2005 Service Pack 2 and the latest cumulative update for SQL Server 2005.

    Note You do not have to manually re-create the sp_validate_user stored procedure. This stored procedure will be created and signed by the certificate when you install the cumulative update.
If this problem occurs when you try to upgrade SQL Server 2005 to a newer version, follow these steps:
  1. Run the following statements on the existing installation of SQL Server. This operation removes the dependency between the certificate and the sp_validate_user stored procedure.
    USE msdb
    GO
    
    IF (EXISTS (SELECT * FROM msdb.dbo.sysobjects WHERE (name = N'sp_validate_user')))
    DROP PROCEDURE sp_validate_user
    GO
    
  2. Run the Setup program to upgrade SQL Server 2005.
  3. Run the following statements to make sure that the sp_validate_user stored procedure is in the list of results.
    USE msdb
    GO
    
    SELECT object_name(crypts.major_id) 
    FROM sys.crypt_properties crypts, sys.certificates as certs 
    WHERE crypts.thumbprint = certs.thumbprint and crypts.class = 1 and certs.name = '##MS_AgentSigningCertificate##'
    GO
    

Method 2

  1. Set a system environment variable that is named SqlStop. Set its value to ComponentUpgrade.

    To do this on a computer that is running Windows XP, follow these steps:
    1. Right-click My Computer, and then click Properties.
    2. Click the Advanced tab.
    3. Click Environment variables.
    4. Under System variables, click New, and then add a new variable that is named SqlStop.
    To do this on a computer that is running Windows Vista, follow these steps:
    1. Right-click Computer , and then click Properties .
    2. In the navigation pane, click Advanced system settings.
    3. Click the Advanced tab.
    4. Click Environment variables.
    5. Under System variables, click New, and then add a new variable that is named SqlStop.
  2. Use the USESYSDB option to upgrade or to install SQL Server 2005. Setup stops, and a debug dialog box appears before Setup runs the upgrade scripts. Leave this dialog box open until step 4.
  3. When Setup stops, open the Sqlagent90_msdb_upgrade.sql script file that is located in the following folder:
    <SQL Server Installation Directory>\MSSQL.x\MSSQL\Upgrade
    Add the following lines to the script file in the section of interest with additions:
    --- section of interest with additions
    IF (EXISTS (SELECT *
                FROM msdb.dbo.sysobjects
                WHERE (name = N'sp_validate_user')))
      DROP PROCEDURE sp_validate_user
    go
    
    if exists (select * from sys.certificates where name = '##MS_AgentSigningCertificate##')
       drop certificate [##MS_AgentSigningCertificate##]
    
  4. Resume Setup by clicking OK in the debug dialog box.
  5. Install SQL Server 2005 Service Pack 2 and the latest cumulative update for SQL Server 2005.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

MORE INFORMATION

For more information about what files are changed, and for information about any prerequisites to apply the cumulative update package that contains the hotfix that is described in this Microsoft Knowledge Base article, click the following article number to view the article in the Microsoft Knowledge Base:
956854 Cumulative update package 10 for SQL Server 2005 Service Pack 2

REFERENCES

For more information about the list of builds that are available after SQL Server Service Pack 2, click the following article number to view the article in the Microsoft Knowledge Base:
937137 List of the builds that are available after SQL Server 2005 Service Pack 2 was released
For more information about the Incremental Servicing Model for SQL Server, click the following article number to view the article in the Microsoft Knowledge Base:
935897 An Incremental Servicing Model is available from the SQL Server team to deliver hotfixes for reported problems
For more information about how to obtain SQL Server 2005 Service Pack 2, click the following article number to view the article in the Microsoft Knowledge Base:
913089 How to obtain the latest service pack for SQL Server 2005
For more information about the new features and the improvements in SQL Server 2005 Service Pack 2, visit the following Microsoft Web site:
http://go.microsoft.com/fwlink/?LinkId=71711
For more information about the naming schema for SQL Server updates, click the following article number to view the article in the Microsoft Knowledge Base:
822499 New naming schema for Microsoft SQL Server software update packages
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

Properties

Article ID: 955920 - Last Review: December 20, 2008 - Revision: 4.0
APPLIES TO
  • Microsoft SQL Server 2005 Standard Edition
  • Microsoft SQL Server 2005 Developer Edition
  • Microsoft SQL Server 2005 Enterprise Edition
  • Microsoft SQL Server 2005 Standard X64 Edition
  • Microsoft SQL Server 2005 Standard Edition for Itanium-based Systems
  • Microsoft SQL Server 2005 Enterprise X64 Edition
  • Microsoft SQL Server 2005 Enterprise Edition for Itanium-based Systems
  • Microsoft SQL Server 2005 Workgroup Edition
Keywords: 
kbhotfixrollup kbfix kbpubtypekc kbqfe kbexpertiseadvanced KB955920

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com