Toad World Blog

SQL SERVER – Errorlog The Server was Unable to Initialize Encryption Because of a Problem with a Security Library

Mar 13, 2017 8:30:55 PM by Pinal Dave

One of my client was trying to start SQL Service and it was failing. I asked to hare ERRORLOG so that we will get some idea about the cause. Here is the information from ERRORLOG file.

2017-01-31 01:32:25.61 Server The server was unable to initialize encryption because of a problem with a security library.
The security library may be missing. Verify that security.dll exists on the system.

2017-01-31 01:32:25.61 spid7s Server name is ‘BIGDBSERVER’. This is an informational message only. No user action is required.

2017-01-31 01:32:25.61 Server Error: 17182, Severity: 16, State: 1.

2017-01-31 01:32:25.61 Server TDSSNIClient initialization failed with error 0x139f, status code 0x80.
Reason: Unable to initialize SSL support. The group or resource is not in the correct state to perform the requested operation.

2017-01-31 01:32:25.62 Server Could not start the network library because of an internal error in the network library.
To determine the cause, review the errors immediately preceding this one in the error log.

2017-01-31 01:32:25.62 Server Error: 17120, Severity: 16, State: 1.

2017-01-31 01:32:25.62 Server SQL Server could not spawn FRunCM thread.
Check the SQL Server error log and the Windows event logs for information about possible related problems.

I checked version of SQL Server in ERRORLOG and it was as below.

Microsoft SQL Server 2008 (SP4-OD) (KB3144113) – 10.0.6547.0 (X64)

Feb 22 2016 19:04:50

Copyright (c) 1988-2008 Microsoft Corporation

Enterprise Edition (64-bit) on Windows NT 6.1 (Build 7601: Service Pack 1) (VM)

When I searched for build 10.0.6547, I found below KB. 

That was a good hint and I checked TLS and SSL registry keys

.

WORKAROUND/SOLUTION

I checked below key based on the article

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocols

There were no keys for TLS and it means that TLS was not enabled in the server. Either TLS1.0 or SSL3.0 needs to be enabled to start SQL services.

Windows Registry Editor Version 5.00
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.0]

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.0Client]
“Enabled”=dword:ffffffff
“DisabledByDefault”=dword:00000000

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.0Server]
“Enabled”=dword:ffffffff
“DisabledByDefault”=dword:00000000

Once we created the keys, we could start SQL Services.

Have you encountered such issues of SQL startup due to TLS? What was the solution you found? Please share by comment to help others.

Reference: Pinal Dave (http://blog.SQLAuthority.com) 

Tags: SQL Server

Pinal Dave

Written by Pinal Dave

Pinal Dave is a Microsoft Technology Evangelist (Database and BI). He has written over 1700 articles on the subject on his blog at http://blog.sqlauthority.com. He is a dynamic and proficient Principal Database Architect who specializes in SQL Server Performance Tuning and has 7+ years of hands-on experience. He holds a Masters of Science degree and a number of certifications, including MCTS, MCDBA and MCAD (.NET). He is also Regional Mentor for PASS Asia. Prior to joining Microsoft he was awarded Microsoft MVP award for three continuous years for his contribution in community.