SQL Server 2000 installation or local connections fail with "SSL Security error :ConnectionOpen (SECDoClientHandshake())" error message


When you try to install Microsoft SQL Server 2000 on a computer that has certificates, installation can fail and you may receive the following error message:
[Microsoft][ODBC SQL Server Driver][Shared Memory]SSL Security error [Microsoft][ODBC SQL Server Driver][Shared Memory]ConnectionOpen (SECDoClientHandshake()).
SQL Server configuration failed.
When you add certificates to a server that already has SQL Server installed, local connections fail.


Certificates that exist on the server.

Certificates install for various reasons. The most common are:
  • Certificates you use to sign e-mail digitally.
  • Certificates you use on a wireless network for security reasons.

More Information

SQL Server 2000 introduces Secure Sockets Layer (SSL) encryption through the use of certificates. If SQL Server finds certificates on the local computer, SQL Server attempts to use the certificates. If the certificate is not issued to the fully qualified domain name of the computer, SQL Server considers the certificate invalid. If there are multiple certificates on the computer, there is no way to pick which certificate SQL Server must use.

You must identify the source of the certificates on the computer before you proceed. For the SQL Server 2000 installation to be successful, you must use the Microsoft Management Console (MMC) snap-in to view the certificates on your computer.

How to Use the MMC Snap-in to View Certificates

To use the MMC snap-in to view certificates, use these steps:
  1. Click Start, and then click Run. In the Run dialog box, type the following then click OK:
    At a command prompt, type the following, and then press ENTER:
  2. On the Console menu, click Add/Remove Snap-in. (From the File Menu if you're using Windows XP).
  3. Click the Standalone tab.
  4. Click Add.
  5. On the Add Standalone Snap-ins: under Dialog, select Certificates, and then click Add.
  6. Select My User Account.
  7. Click Finish.
  8. Select Certificates, and then click Add.
  9. Click to select Computer Account.
  10. Click Next.
  11. Click to select Local Computer.
  12. Click Finish.
  13. On the Add Standalone Snap-ins: under Dialog, click Close.
  14. In the Add/Remove Snap-In dialog box, click OK.
You can use the MMC console to identify the certificates at these locations:

Certificates (local computer)

Certificates-Current User

To install SQL Server 2000 successfully, export the certificates to a file, and then delete the certificates from the Certificate MMC snap-in. After you successfully install SQL Server 2000:

  1. Stop the SQL Server service.
  2. Reinstall your certificates.
  3. Start the SQL Server service.

Article ID: 309398 - Last Review: Jul 10, 2008 - Revision: 1