Error message when you try to install a SQL Server 2008/2008 R2 cumulative update or service pack: “The NT service 'MSSQL' could not be started"

  • Article

Error message when you try to install a SQL Server 2008/2008 R2 cumulative update or service pack: “The NT service 'MSSQL' could not be started"

We encountered an issue while working on a SQL 2008 patching. While running SP4 setup files suddenly a window populated with message

The NT service MSSQL could not be started

While checking the configuration manager, found all SQL services are up and running fine. SQL version, SQL logs and sqlserver.exe everything updated and on the latest patch level (10.0.5000).

Again, we run the CU4 for the same SQL instance, hoping that might be a one time issue and if CU4 succeeded it will cover our previous SP issue. But our hard luck again we encountered the same popup and upgrade failed with same error message.

But as I discussed above while checking SQL after Sp4 and CU4, again everything updated including SQL version, Sqlserver.exe and start-up logs on the latest patch level (10.0.5770).

Now, we were in doubt condition whether patching completed or not. If yes than why error and what would be the root cause for this issue to avoid in future for other servers?
Below is our observations and solution:

When you try to install/upgrade a Microsoft SQL Server 2008/ 2008 R2 cumulative update or service pack (example SP3 and CU3), you receive an error message that resembles ‘The NT service 'MSSQL' could not be started’

In this case, check the summary.txt (C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log)

You could observe logs as below:

Overall summary:

Final result:               The patch installer has failed to update the following instance:. To                                               determine the reason for failure, review the log files.

Exit code (Decimal):   -2068709375

Exit facility code:        1202

Exit error code:          1

Exit message:            The NT service 'MSSQL' could not be started.

Requested action:       Patch

Additionally, can observe below error message that resembles in the Details log (placed at (C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\Instancenamefolder]Details.txt)

Slp: The following NT service was in a stopped state prior to patch action: SQLServer

Slp: Sco: Attempting to open SC Manager

Slp: Attempting to run patch request for instance: Instancename

Slp: Error: Failed to run patch request for instance: SQLinstance (exit code: -2068709375)

Above logs clearly says while patching installer not able to start and stop the NT services, which seems to be issue with the permissions of the account running the upgrade. While checking the permissions and goggling we found that account used for patching should have administrative rights on SQL and Windows server including below permissions in local policy

Backup files and directories (SeBackupPrivilege)
Debug Programs (SeDebugPrivilege)
Manage auditing and security log (SeSecurityPrivilege)

While comparing the above permissions we found our patching account does not have rights on the Debug Programs (Local policy) i.e. causing issues while for NT services start/stop.

To resolve this we approached our AD team to provide our group access on the above and applied CU9 on the same instance and completed successfully

CAUSE:

This problem may occur if the account which is used for patching does not have administrative rights and below permissions in local policy

Backup files and directories (SeBackupPrivilege)
Debug Programs (SeDebugPrivilege)
Manage auditing and security log (SeSecurityPrivilege)

WORKAROUND

To work around this problem, check the account permissions used for patching

Firstly, account used for patching should be part of administrative group and can be checked:
Computer management (compmgmt.msc) --> Local Users and Groups --> Administrator

Secondly, patching account should have permissions on below Local policies:

Backup files and directories (SeBackupPrivilege)
Debug Programs (SeDebugPrivilege)
Manage auditing and security log (SeSecurityPrivilege)

Local policies can be accessed from below path
Control Panel--> Administrative Tools --> Local Security -->Settings --> Local Policies --> User Rights Assignment

Incase patch already applied than uninstall the CU3 from control panel and reapply the patch once you have all above permissions (although that’s bit tricky but confirms you about the applied patch)