BUG: Turning on the "Force Protocol Encryption" option is irreversible if there is no certificate

This article has been archived. It is offered "as is" and will no longer be updated.
BUG #: 356504 (SHILOH_BUGS)
Symptoms
You cannot bring a SQL Server 2000 cluster online if all of the following conditions apply:
  • You have turned on the Force Protocol Encryption option in Server Network Utility.
  • You use the Cluster Administrator tool to bring the cluster server offline and then to request to bring the cluster server back online.
  • Each node of the SQL Server cluster does not have a valid certificate or has no certificate.
The following error messages are written to the Microsoft Windows NT event log and the Microsoft SQL Server error log:
  • Encryption requested but no valid certificate was found.17826 Could not set up Net-Library 'SSNETLIB'SQL Server could not spawn FRunCM thread
Additionally, you cannot use Server Network Utility or the registry to remove the Force Protocol Encryption option.
Cause
Server Network Utility needs a connection to the virtual server to remove the Force Protocol Encryption option. Because the virtual server that is running SQL Server cannot come online, you cannot use Server Network Utility to remove the Force Protocol Encryption option. Although the encryption option is stored in the registry, you cannot clear it manually because the cluster's checkpoint file automatically restores the setting.
Workaround
To work around this problem, install a Certificate Server in the same domain as the SQL Server cluster, and request and install a valid certificate on each node of the SQL Server cluster.
Status
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

REFERENCES

For additional information about how to install certificates on a computer that is running SQL Server in a cluster, click the article number below to view the article in the Microsoft Knowledge Base:
276553 HOW TO: Enable SSL Encryption for SQL Server 2000 with Certificate Server
SSL Verisign encryption cluster MSCS
Properties

Article ID: 319349 - Last Review: 01/17/2015 05:26:35 - Revision: 4.0

  • Microsoft SQL Server 2000 Standard Edition
  • kbnosurvey kbarchive kbtshoot kbbug kbpending KB319349
Feedback