Microsoft distributes Microsoft SQL Server 2005 fixes as one downloadable file. Because the fixes are cumulative, each new release contains all the hotfixes and all the security fixes that were included with the previous SQL Server 2005 fix release.
When you install Microsoft SQL Server 2005 Service Pack 1 (SP1) on a computer that is already running SQL Server Integration Services (SSIS), the SSIS service will not start, and the following error message is logged in the system event log:
The service did not respond to the start or control request in a timely fashion
Note This issue may also occur with the Notification Services (NS) service.
This issue occurs because the affected computer cannot reach the http://crl.microsoft.com website. This issue occurs because the following behavior occurs:
When the Microsoft .NET Framework starts the SSIS service, the .NET Framework calls the CryptoAPI function to verify the certificates that are assigned to the SQL Server assembly files.
The CryptoAPI function checks a Certificate Revocation List (CRL) that is available at the http://crl.microsoft.com website. This action requires an Internet connection.
If the Internet connection is blocked, the outgoing HTTP requests may be dropped. Therefore, an error message is not returned. Additionally, the long delay causes the CRL check to time out.
The Service Control Manager (SCM) determines that the SSIS service is taking too long to start. Therefore, the SCM reports the error message, and the SSIS service is not started.
To resolve this issue, install the cumulative hotfix package (build 2153) for Microsoft SQL Server 2005. For more information about how to obtain the cumulative hotfix package (build 2153) for SQL Server 2005, click the following article number to view the article in the Microsoft Knowledge Base:
918222 Cumulative hotfix package (build 2153) for SQL Server 2005 is available
Note If you apply the hotfix that is described in Microsoft Knowledge Base article 918222, the problem is resolved. However, the startup of the service is slow.
You must install all component packages in the order in which they are listed in this article. If you do not install the component packages in the correct order, you may receive an error message.For more information, click the following article number to view the article in the Microsoft Knowledge Base:
919224 FIX: You may receive an error message when you install the cumulative hotfix package (build 2153) for SQL Server 2005
To work around this issue, use one of the following methods.
Method 1: Add a new XML tag
If your system has the Microsoft .NET Framework update whose version is either equal to or a later version than the version that is discussed in Microsoft Knowledge Base article 936707, you can work around this issue by adding a new XML tag to disable generatePublisherEvidence. To do this, you must edit the *.exe.config file for the SSIS Services (MsDtsSrvr.exe.config) and the *.exe.config file for any of the SSIS runtimes. This feature disables the CRL check and is included in all hotfixes for the Microsoft .NET Framework starting with the fix described in Microsoft Knowledge Base article 936707. To check whether this update is installed for the version of the .NET Framework 2.0 that is running on your system, you can check the properties of the following file to make sure that it is version 876 or a later revision. (The version number should be 2.0.50727.876 or a later version.)
DTExec.exe.config (command line tool for running SSIS Packages and SSIS Packages from SQL Server Agent jobs)
Dtshost.exe.config (for child SSIS packages from the Execute Package Task)
DtsDebugHost.exe.config (for running SSIS packages in the BIDS debugger)
DTSWizard.exe.config (for the Import Export Wizard which uses SSIS packages internally)
For SSIS 2005 if you have a custom executable that loads SSIS runtimes programmatically, you may to edit custom application’s config file.
Note Your Program Files folder location may vary based on customizations made during your SQL Server 2005 installation. If unsure where SSIS is installed, check the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\90\DTS\Setup\ for the string value of SQLPath.
If you have SSIS 2008 or a later version, the generatePublisherEvidence tag is already included in the config files for all SSIS executables. You do not have to take further action for SQL Server 2008 Integration Services runtimes to avoid the certificate check.
In SQL Server 2005 Integration Services, to avoid the CRL certificate check, this new option can be added in the application configuration file:
This tag goes between the <runtime> </runtime> tag in the config file. You may have to manually add the runtime tags and the generatePublisherEvidence tag if they do not already exist in the *.config file.
Here is an example DTExec.exe.config file for SSIS 2005:
Make sure that the proxy settings are configured correctly for the service account to access the Internet. For more information about how to use the Proxycfg.exe tool to modify your WinHTTP proxy settings, click the following article number to view the article in the Microsoft Knowledge Base:
841641 IIS returns a "403.13 Client Certificate Revoked" error message after you install MS04-011 because of Wininet proxy settings
Microsoft Knowledge Base article 841641 also helps you configure a specific proxy setting if you are running services as a noninteractive account.
Method 3: Configure the firewall
Configure your firewall to return a failure status to the application quickly if the firewall blocks access to the http://crl.microsoft.com website.
Note: For more information, see your firewall documentation or contact your firewall provider.
Microsoft has confirmed that this is a bug in the Microsoft products that are listed in the "Applies to" section.
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates
For more information about Certificate Revocation Lists, click the following article number to view the article in the Microsoft Knowledge Base: