SQL Server cannot Find SSL Certificate

Similar Messages

• "The Server cannot find the document corresponding to the document id"

  Periodically when we schedule a Discoverer Report (Apps EUL) we get the following error:
  "The Server cannot find the document corresponding to the document id sent for open"
  Months back Oracle told us to do the following as a workaround:
  Log into Oracle Desktop, schedule something, then go back to OracleBI Discoverer Plus.
  The error goes away.
  This is an insane workaround. Has anyone seen this error and found a patch or a realistic workaround.
  Thanks,
  Bob

  Bob.
  I haven't seen this problem, but sure makes me wonder what Oracle is up to, when they essentially tell you to "give the scheduler a good slap via Disco Desktop" every now and then.
  Maybe is you created an SR in Metalink you could slap them back on this one!
  Russ

• Why ? installing SolMan 7.0 MS SQL server cannot get info about acct sidadm

  While installing SolMan on Windows 2003 SQL 2005  64bit OS the install stops and will not continue
  with the following error
  NOTE: I am installing on 64bit OS as we already have on 32bit OS and need to migrate it over to 64bit
  MS SQL server cannot get informatin about account cityacct\sidadm 
  the log recommends to execute the following command in SQL
  master..xp_logininfo 'CITYACCT\sidadm'
  I get the error
  Could not obtain information about Windows NT group/user ''CITYACCT\sidadm' error code 0x5
  I am soooo stuck , I have been researching and researching even with SAP and no answer yet, has anyone had this issue and how can I get past it?
  Thank You in Advance
  Maria
  I

  Maria,
  Were you able to resolve this issue? I'm getting the same error.
  -wael

• ORA-20000: env:Server - Cannot find child element: Calling Webservice

  Hi,
  I am using SOAP_API to call a webservice
  I have a wsdl looks like:
  - <xs:element name="InputParameter">
  - <xs:complexType>
  - <xs:sequence>
  <xs:element name="input" type="xs:string" />
  </xs:sequence>
  </xs:complexType>
  </xs:element>
  But when I am calling the function its throwing Error:
  ORA-20000: env:Server - Cannot find child element: {http://www.example.org/testwsdl/}InputParameter
  Any help will be needful for me
  Thanks and Regards

  Hi,
  I am using SOAP_API to call a webservice
  I have a wsdl looks like:
  - <xs:element name="InputParameter">
  - <xs:complexType>
  - <xs:sequence>
  <xs:element name="input" type="xs:string" />
  </xs:sequence>
  </xs:complexType>
  </xs:element>
  But when I am calling the function its throwing Error:
  ORA-20000: env:Server - Cannot find child element: {http://www.example.org/testwsdl/}InputParameter
  Any help will be needful for me
  Thanks and Regards

• SQL Server cannot authenticate using Kerberos because the Service Principal Name (SPN) is missing, misplaced, or duplicated

  We are getting this below alert message, while using SCOM 2012 R2.  Anybody have any idea how to resolve this on the SQL box ?
  Thx...
  SQL Server cannot authenticate using Kerberos because the Service Principal Name (SPN) is missing, misplaced, or duplicated.
  Service Account: NT Service\MSSQL$SQLEXPRESS
  Missing SPNs:
  Misplaced SPNs: MSSQLSvc/mysqlbox.com:SQLEXPRESS - sqldbadmin
  Duplicate SPNs:

  To Fix this issue, You can check below links
  http://support.microsoft.com/kb/2443457/EN-US
  http://www.scomgod.com/?p=155
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"Mai Ali | My blog:
  Technical | Twitter:
  Mai Ali

• Can't find SSL certificate in SQL server configuration manager?

  Hi 
  It's been 2 days and I need a help. I have visited a number of sites and I still can't make it work
  Two severs I have: Windows 2012 Standard with SQL 2008 R2 and SQL 2012 
  I am trying to set it up on SQL 2008 R2 right now. 
  I have a certificate from a CA and did the followings.
  1. Open MMC
  2. Add Certificates Snap-in as a computer account (In fact, I tried all the three accounts)
  3. Right click-on Personal folder and All taks and Import 
  4. Installed the certificate with Certificate import Wizard
  5. The certificate shows up under Personal/Certificates and Trusted Root Certification Authorities/Certificates
  I did this with a local administrator account as well as MSSQL account(SQL Server service account I created). Even though the server is part of domain, SQL server is set up with local accounts. 
  This is a simply summary. I tried everything in the article such as 'Create Custom Request'. 
  I am not sure what I am missing. Why can't I see the certificate in SQL Server configuration manager? 
  I even made MSSQL (service account) as administrator. Not working.  
  as I am not using the domain service account, I believe below is not relevant. 
  Missing detail on "Install a certificate in the Windows certificate store..."
  When following recommended security procedures and running SQL server under a domain service account, the service will fail to start after assigning a certificate to the protocols.  This is because the service account does not have permissions to read
  the private key.  Fix this in the Certificates MMC snap-in (preferably right after installing the certificate.)  Select the certificate you just imported, then in the Action menu select "Manage private keys."  Grant the domain service
  account read access to the private key of the server certificate.
  Below is the few of reference I looked at.. 
  https://support.microsoft.com/en-us/kb/316898/
  https://msdn.microsoft.com/en-us/library/ms191192(d=printer).aspx
  https://technet.microsoft.com/en-us/library/ms189067(v=sql.105).aspx
  http://www.mssqltips.com/sqlservertip/3299/how-to-configure-ssl-encryption-in-sql-
  http://blogs.msdn.com/b/sqlserverfaq/archive/2010/05/28/inf-permissions-required-for-sql-server-service-account-to-use-ssl-certificate.aspx

  Hi Dinesh 
  Thanks for the reply. 
  I did looked into the both sites as well. but it did not work. 
  Below is the step to install SQLs server certificate. and I was stuck with Step 9. when click 'next' in the wizard, I am not getting into a place to select 'computer' as certificate type. 
  Do you know what is wrong please? 
  Open the Microsoft Management Console (MMC): click Start, then click Run and in the Run dialog box type: MMC
  On the File menu, click Add/Remove Snap-in...
  Select Certificates, click Add.
  You are prompted to open the snap-in for your user account, the service account, or the computer account. Select the Computer Account.
  Select Local computer, and then click Finish.
  Click OK in the Add/Remove Snap-in dialog box.
  Click to select the Personal folder in the left-hand pane.
  Right-click in the right-hand pane, point to All Tasks, and then click Request New Certificate...
  Click Next in the Certificate Request Wizard dialog box. Select certificate type 'Computer'.
  You can enter a friendly name in text box if you want or leave it blank, then complete the wizard.
  Now you should see the certificate in the folder with the fully qualified computer domain name

• SQL Server not starting - FallBack certificate initialization failed

  I can not start my SqlServer 2008 Express. The problem seemed to start when I changed my "Built In account, Log in as" from Local Service to Local System. If I try to change back to Local Service I get the messagebox with WMI Provider Error, "Cannot find object or property. [0x80092004]".
  Getting a bit confused, but read http://support.microsoft.com/kb/900497    mentioned about 
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1\MSSQLServer\SuperSocketNetLib, Value name: Certificate, Type: REG_SZ not having a valid value then 2005 would not starte - my value is blank. Changing it to 0 did not work.
  How can I import a valid certificate using SQL Server Configuration Manager. And how do you turn off Forced Encryption? Not sure if this would fix it, but couldn't hurt.
  ======================================
  2009-03-08 01:39:06.01 Server      Error: 17190, Severity: 16, State: 1.
  2009-03-08 01:39:06.01 Server      FallBack certificate initialization failed with error code: 1.
  2009-03-08 01:39:06.01 Server      Unable to initialize SSL encryption because a valid certificate could not be found, and it is not possible to create a self-signed certificate.
  2009-03-08 01:39:06.01 Server      Error: 17182, Severity: 16, State: 1.
  2009-03-08 01:39:06.01 Server      TDSSNIClient initialization failed with error 0x80092004, status code 0x80. Reason: Unable to initialize SSL support. Cannot find object or property.
  2009-03-08 01:39:06.01 Server      Error: 17182, Severity: 16, State: 1.
  2009-03-08 01:39:06.01 Server      TDSSNIClient initialization failed with error 0x80092004, status code 0x1. Reason: Initialization failed with an infrastructure error. Check for previous errors. Cannot find object or property.
  2009-03-08 01:39:06.01 Server      Error: 17826, Severity: 18, State: 3.
  2009-03-08 01:39:06.01 Server      Could not start the network library because of an internal error in the network library. To determine the cause, review the errors immediately preceding this one in the error log.
  2009-03-08 01:39:06.01 Server      Error: 17120, Severity: 16, State: 1.
  2009-03-08 01:39:06.01 Server      SQL Server could not spawn FRunCM thread. Check the SQL Server error log and the Windows event logs for information about possible related problems.
  2009-03-08 01:39:06.07 spid14s     Clearing tempdb database.
  =====================================
  Any help would be appreciated.
  TheBrenda

  I know it's probably too late to help with the original poster, but we had this same issue and nothing we tried resolved the problem. Finally, we opened a technical incident with Microsoft and this is the solution that we were provided:
  Take backup of below registry key.
  HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid This key should ideally have the GUID of the machine without curly braces, so {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} becomes xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
  Then delete the braces.
  Try to reboot and start the SQL service . If service don’t start then Uninstall and reinstall SQL.
  The above solution worked on two separate machines exhibiting this problem.

• APEX Oracle 11g HTTP Server - Cannot get SSL working

  I have installed APEX on Oracle 11g with the Oracle HTTP Server on MS Windows server.
  Data base up and running, APEX up an running.
  All works as expected on port 7777
  When I try 4443 I get error message re self signed certificate by Oracle, but if I click through error message I get an https connection.
  I want to replace default cert with a locally signed cert, and get SSL working on 4443, then switch to port 443.
  I have used the Oracle Wallet manager, generated a CSR, had this signed by my corproate CA, and installed the corporate CA cert and the newly signed server cert into the wallet (with Auto Login Set) and saved it in:
  D:\orahttp\Oracle_WT1\instances\apex\config\OHS\ohs1\keystores\infosec2wallet
  This creates two files: ewallet.p12 and cwallet.sso
  I then manually add the group/users "SYSTEM" and "Administrators" to these two files to match the security tab on the default wallet.
  I T then go to the ssl.conf file located at:
  D:\orahttp\Oracle_WT\instances\apex\config\OHS\ohs1\ssl.conf
  and changed the entry:
  #SSLWallet "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/keystores/default"
  SSLWallet "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/keystores/infosec2wallet"
  I then stop and start the Oracle HTTP Server - ohs1 from the start menu.
  Then I try to connect from my desk top machine using the following URL:
  https://us-pghinfosec2.ariba.com:4443/pls/apex/f?p=101:1:
  I get the clasic MS IE Message:
  ==========
  Internet Explorer cannot display the webpage
  Most likely causes:
  You are not connected to the Internet.
  The website is encountering problems.
  There might be a typing error in the address.
  What you can try:
  Diagnose Connection Problems
  More information
  This problem can be caused by a variety of issues, including:
  Internet connectivity has been lost.
  The website is temporarily unavailable.
  The Domain Name Server (DNS) is not reachable.
  The Domain Name Server (DNS) does not have a listing for the website's domain.
  If this is an HTTPS (secure) address, click Tools, click Internet Options, click Advanced, and check to be sure the SSL and TLS protocols are enabled under the security section.
  For offline users
  You can still view subscribed feeds and some recently viewed webpages.
  To view subscribed feeds
  Click the Favorites Center button , click Feeds, and then click the feed you want to view.
  To view recently visited webpages (might not work on all pages)
  Click Tools , and then click Work Offline.
  Click the Favorites Center button , click History, and then click the page you want to view.
  ==========
  I am at a loss as to what to do. It acts like Oracle HTTP can not open my wallet.
  I suspect it needs the password to the wallet but I cannot find any place to specify the password, and Auto Login should have addressed that issue.
  Any insights welcome.
  Thanks - Elton Hay

  Hello Lakshmi,
  >
  I got your point but in our case HTTP Server and Oracle Database (APEX) running on different machines.
  Oracle HTTP Server running on a Windows 2003 server and Oracle Database running on Sun Solaris machine.
  So do i need to change Oracle 10g HTTP Server? do i need to install Oracle 11g HTTP SErver?
  Please let me know if my question is not clear.
  >
  <ul><li>
  I got your point but in our case HTTP Server and Oracle Database (APEX) running on different machines.Did I missed something?
  You should have mentioned this additional information in the original question itself.
  </li>
  <li>Oracle HTTP Server running on a Windows 2003 server and Oracle Database running on Sun Solaris machine.As long as [url http://docs.oracle.com/cd/E37097_01/doc/install.42/e35123/otn_install.htm#BHAFJJDA]dads.conf is configured correctly there should not be a problem with this.
  From Original question:
  We are having Oracle APEX 3.1 version on Oracle 10g Database and Oracle 10g HTTP Server as web server in our organization.How did this setup of APEX worked?(i.e. on different machines)
  If you still have doubt about this you can do the setup and find out before upgrading.
  </li>
  <li>So do i need to change Oracle 10g HTTP Server? do i need to install Oracle 11g HTTP SErver?This question is answered in the above post. As long as you fulfill the [url http://docs.oracle.com/cd/E37097_01/doc/install.42/e35123/pre_require.htm#CFHIIJBE]HTTP Server Requirements for APEX 4.2 (Also we are discussing this long about only Oracle 10g HTTP Server but which version?)
  </li></ul>
  Hope now I am more clear!
  Regards,
  Kiran

• SQL Server 2008 self-signed certificate is 1024bit or 2048bit?

  When there is no user defined certificate available, SQL Server will generate a self-signed certificate when service starts, We have a tool scans and finds that in SQL 2005 the self-signed certificate is 1024bit,  does someone know the default self-signed
  certificate is still 1024bit or is it 2048bit in SQL 2008? Thanks a lot!!!

  I will begin my answer by making an emphasis that the best way to protect your data in-transit is using a 2048 bit certificate signed by a trusted certificate authority (CA) instead of relying on the self-signed certificate created by SQL Server.
   Please remember that the self-signed certificate created by SQL Server usage for data in-transit protection was designed as a mitigation against passive traffic sniffers that could potentially obtain SQL Server credentials being transmitted
  in cleartext, but nothing more. Think of it as a mitigation against a casual adversary.
   The self-signed certificate usage was not intended to replace real data in-transit protection using a certificate signed by a trusted CA and encrypting the whole communication channel. Remember, if it is self-signed, it is trivial to spoof.
  After making this clarification, the self-signed certificate generated by SQL Server uses a 1024 bit key, but that size may be subject to change in future versions of the product. Once again, I would like to strongly discourage relying on the self-signed
  certificate created by SQL Server for data in transit transmission.
  BTW. Azure SQL Database uses a 2048 certificate issued by a valid certificate authority.
  I hope this information helps,
  -Raul Garcia
   SQL Server Security
  This posting is provided "AS IS" with no warranties, and confers no rights.

• SQL Server Connection using SSL

  I am currently using an encrypted connection to a SQL Server database. I am able to do this by  appending "encrypt=true" to my connection string and using a .pem file that I am able to apply using the Microsoft management console. 
  http://www.sqlservermart.com/HowTo/Windows_Import_Certificate.aspx
  Is there another way to dynamically import a security certificate or set it using the LabView Db connectivity toolkit?
  Solved!
  Go to Solution.

  Almost everything you can do in the MMC plugins can also be done from the command line in Windows.  You just need to find the proper set of commands, and use the System Exec VI to implement your solution.
  http://technet.microsoft.com/en-us/library/cc732061(v=ws.10).aspx
  Machine Vision, Robotics, Embedded Systems, Surveillance
  www.movimed.com - Custom Imaging Solutions

• Server cannot find the printer on my imac

  a externe server (windows) cannot find the printer on my imac.

  its working good ,, but when i make contact wit a server and i want too print ... he cant find the printer

• Weblogic Server cannot find Service accounts  in my MSAD via LDAP

  Hello,
  I've configured an LDAP security provider in my WebLogic server but it's only finding some of my users, not my "service account" users.
  The users are found in the following locations in the tree:
  OU=Users,OU=Accounts,DC=dev,DC=mtb,DC=com
  OU=Service,OU=Accounts,DC=dev,DC=mtb,DC=com
  So I configured the LDAP provider with the following settings:
  User Base DN: OU=Accounts,DC=dev,DC=mtb,DC=com
  All Users Filter: (blank)
  User from Name Filter: (&(cn=%u)(objectclass=user))
  User Search Scope: subtree
  User Name Attribute: cn
  User Object Class: user
  But it cannot find users in the "Service" node, only users in the "Users" node. Both users have CN=, and "user" as part of their objectClass string. Any idea what I might be missing?
  Thank you,
  -Ben

  Hi
  1. I hope you already created a datasource on Weblogic Side using weblogic admin console and create New Data Source. Create a data source preferably with this JNDI Name "jdbc/mydbDSDS". It can be anything, but standard is jdbc/whatevernameyouwant. Once data source is created, you give db details like host, port, sid, username/password. Then deploy to appropriate server(s) like using Targets screen. Once all done. Under your domain/config/jdbc, you should see a .xml file with some unique name that has all the datasource details. The jndi name tag should be like this: <jndi-name>jdbc/mydbDSDS</jndi-name>
  2. Now, edit your persistence.xml file to refer above jndi name. By default, I know, it adds that wierd name with jdbc/jdbc etc etc. But you can edit it always. Take a backup of your persistence.xml file and edit it to look like this.
    <persistence-unit name="mydbDS">
      <provider>org.eclipse.persistence.jpa.PersistenceProvider</provider>
      <jta-data-source>jdbc/mydbDSDS</jta-data-source>
      <properties>
        <property name="eclipselink.target-server" value="WebLogic_10"/>
        <property name="eclipselink.cache.shared.default" value="false"/>
      </properties>
    </persistence-unit>
  </persistence>Save it. Redeploy and see how that goes. The above file is simplified version. What it means is, just refer already deployed data source whose jndi name is "jdbc/mydbDSDS". If you really have some extra properties, you can retain them. Otherwise they are not required.
  Thanks
  Ravi Jegga

• Exchange Server Affected by SSL Certificate Organization Name Change

  We recently underwent a name change of our company. We added a few new domain names for the new company to our Exchange Server 2007 and updated our address policy to include them and everything seemed to work okay for a while.  We subsequently reissued
  the SSL Certificate for our Exchange Server under the new organization name (per the CA's recommendation) .  Shortly thereafter we experienced all sorts of issues necessitating a rebuild of our Exchange Server.  Is there any dependency between
  the organization name in an SSL certificate and the organization name that Exchange Server stores it's info under in Active Directory (which still had the old name) that would cause Exchange to go haywire?

  Hi,
  Please confirm you were creating a new domain in your AD or creating an accepted domain in Exchange server.
  If you directly create an accepted domain in Exchange, the new domain would be
  considered authoritative when the Exchange organization hosts mailboxes for recipients in this SMTP domain. We don’t need to create a new Exchange certificate for this new accepted domain because the
  SRV records can be used to connect to Autodiscover service. And the Exchange services URLs are not changed and they can still be authenticated by the original certificate (mail.domain.com, autodiscover.domain.com).
  Certainly, we can reissue a new Exchange certificate, please make sure the new Exchange certificate has included all needed namespaces for your Exchange server such as:
  Mail.domain.com, autodiscover.domain.com, autodiscover.newdomain.com
  We can also run Get-ExchangeCertificate | fl to check it.
  Regards,
  Winnie Liang
  TechNet Community Support

• SQL Server - cannot open table

  Hi all - has anyone experienced this problem? Using SQL
  Server 2000 and CF5.
  We run reporting queries on one table in the database which
  link to another database server (using
  'servername.dbname.dbo.tablename/viewname' in the queries to refer
  to the linked server).
  This has been working successfully, but on several occasions
  the table refuses to open in Enterprise Manager - it just gives a
  blank set of rows with a blinking cursor. The application then
  stops working.
  Thanks for any advice
  Rog

  The default for SQL 2000 is READ COMMITTED. This prevents
  dirty reads, but has the performance hit of waiting for locked
  pages. READ UNCOMMITTED, the lowest level of isolation, returns
  data regardless of the lock state. It depends, if you're willing to
  trade performance for accuracy. In the case of data that is not
  changed often, READ UNCOMMITTED can increase query performance.
  Read SQL BOL for more info on the isolation levels.
  HTH,

• Messaging Server: Problem Adding SSL Certificate

  We have a problem importing a CA certificate into Messaging Server 7 on Solaris 10 x86.
  Platform
  uname -a
  SunOS mail1 5.10 Generic_138889-03 i86pc i386 i86pcMessaging Server Version
  imsimta version
  Sun Java(tm) System Messaging Server 7.0-3.01 64bit (built Dec  9 2008)
  libimta.so 7.0-3.01 64bit (built 09:24:13, Dec  9 2008)We have created a certificate database and generated a certificate request, as follows:
  msgcert generate-certDB
  msgcert request-cert --name mail.domain.xxx  --org "University of XXX" --org-unit ITS --city XXX  --state "XXX" --country GB -F ascii -o /tmp/ssl.csrHowever, when we come to import the CA-supplied certificate we get the following error.
  msgcert add-cert Server-Cert /tmp/mail1.crt
  Enter the certificate database password:
  Unable to find private key for this certificate.
  Failed to add the certificate.I'm confused. What does the msgcert request-cert command use as a private key when generating the certificate request? Should I have used openssl to generate the certificate request with a known private key?
  Thanks
  Alan

  I solved the problem by converting certificate to pkcs#12 format and importing it.
  openssl pkcs12 -export -in cert.pem -inkey private.key -out cert.pkcs12 -name Server-Cert
  /opt/sun/comms/messaging64/bin/msgcert add-cert Server-Cert cert.pkcs12Alan