When using SSL, SQL Failover Cluster Instance fails to start with error 17182

  • Article

I recently worked on an interesting issue with a SQL Server Failover Cluster Instance (FCI). We were trying to use an SSL certificate on the instance, and we followed these steps:

  1. Made sure the certificate was requested according to the requirements defined here.
  2. Loaded the certificate into the Personal store of the computer account across all the nodes
  3. Copied the thumbprint of the certificate, eliminated the spaces, and pasted it into the value field HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL10.CLUSTEST\MSSQLServer\Certificate key. Please note that this was a SQL 2008 instance named "CLUSTEST"

 

However, when we restarted SQL Server after performing these changes, it failed. In the errorlog, we saw these messages:

2013-07-21 14:06:11.54 spid19s     Error: 17182, Severity: 16, State: 1.

2013-07-21 14:06:11.54 spid19s     TDSSNIClient initialization failed with error 0xd, status code 0x38. Reason: An error occurred while obtaining or using the certificate for SSL. Check settings in Configuration Manager. The data is invalid.

2013-07-21 14:06:11.54 spid19s     Error: 17182, Severity: 16, State: 1.

2013-07-21 14:06:11.54 spid19s     TDSSNIClient initialization failed with error 0xd, status code 0x1. Reason: Initialization failed with an infrastructure error. Check for previous errors. The data is invalid.

2013-07-21 14:06:11.54 spid19s     Error: 17826, Severity: 18, State: 3.

2013-07-21 14:06:11.54 spid19s     Could not start the network library because of an internal error in the network library. To determine the cause, review the errors immediately preceding this one in the error log.

2013-07-21 14:06:11.54 spid19s     Error: 17120, Severity: 16, State: 1.

2013-07-21 14:06:11.54 spid19s     SQL Server could not spawn FRunCommunicationsManager thread. Check the SQL Server error log and the Windows event logs for information about possible related problems.

I checked and made sure the certificate was okay, and that it was loaded properly. Then, I noticed something interesting. After copying the thumbprint to a text file, I got a Unicode to ANSI conversion warning when I tried to save the file in txt format:

image

 

This is expected, since the default format for notepad is indeed ANSI. I went ahead and clicked OK. When we reopened the file, we saw a "?" at the beginning, which basically meant that there was a Unicode character at the beginning of the string. We followed these steps to resolve the issue:

  1. Eliminated the Unicode character from the thumbprint
  2. Converted all the alphabetical characters in the thumbprint to Caps.
  3. Eliminated the spaces from the thumbprint
  4. Saved this thumbprint to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL10.CLUSTEST\MSSQLServer\Certificate key.

 

The instance came online just fine this time.

 

Hope this helps.

Comments

  • Anonymous
    November 26, 2013
    Hi How can I thank you enough? I spent hours struggling with this?

  • Anonymous
    November 26, 2013
    Hi Med, You appreciation is thank you enough for me. I am glad my blog helped you out. Regards, Harsh

  • Anonymous
    December 20, 2013
    Thanks for posting this.  I just experienced this exact problem.

  • Anonymous
    December 23, 2013
    Thanks for appreciating JaySee. Glad to know the blog helped. Regards, Harsh

  • Anonymous
    February 27, 2014
    When you removed all of the spaces, do you mean "ALL" the spaces???

  • Anonymous
    June 23, 2015
    You're a legend! I never would have figured this one out.

  • Anonymous
    July 29, 2015
    Hi Peter, Yes, unfortunately, you must remove ALL the spaces.

  • Anonymous
    July 29, 2015
    Hi Dylan, Thank you so much for your kind words. I'm glad my blog came in handy. Cheers, Harsh