Fix : Server Unable to load user-specified certificate. The server will not accept a connection

You may encounter this error when you attempt to start the MSSQL service. This error occurs when the certificate attached to MS SQL Server, which is being used to encrypt the database connections is not available.

Unable To Start Mssql Min

An Error Message on Event Logs


 Server Unable to load user-specified certificate. The server will not accept a connection. You should verify that the certificate is correctly installed. See "Configuring Certificate for Use by SSL" in Books Online.

You can check the used SSL certificate from SQL Server Configuration Manager >> SQL Server Network Configuration. Then right click on Protocols for SQLInstanceNAME (SQLEXPRESS in this case) and select Property >> Certificate tab. If you don't see the certificate in the drop-down menu, then it is removed, and you'll have to re-install it.

Ssl Certificate at Sqlmanager

Solution


To fix this error, you'll need to add the removed certificate. In our case, we are using IIS Self-Signed certificate, but you can use paid third party SSL certificate as well.

Generating Self-Signed SSL certificate


  1. Go to Run >> IIS Manager >> Server Certificates.

    Iis Ssl Certificate

  2. Click on Create Self-Signed Certificate.

    Create Self Signed Ssl Certificate

  3. Specify the friendly name of certificate and click OK.

    Specify Ssl Certificate Details

Once your SSL certificate is created you will have to assign read permission to SQL service user. To determine the SQL service username, Go to Run, type services.msc and hit Enter.Open properties of SQL service and click on Log On tab.

SQL Service Username

Now follow these steps to assign read permission to this MSSQL user.


  1. Go to Start >> Run, type MMC and hit enter. Click on File >> Add and Remove Snap-In.

    Add Or Remove Snap In

  2. Select Certificates and click on Add. On Next window, select Computer Account >> Next >> Finish. Click on OK.

    Add Remove Span In Certificate

  3. From Console Home, Expand Certificates >> Personal >> Certificates. Right click on your created Certificate >> All Tasks >> Manage Private Key.

    Manage Private Keys

  4. Click on Add, then specify SQL service username which is NT Service\MSSQL$SQLEXPRESS here. Click on OK.

    Sql Service User Add

The certificate will now appear on SQL server configuration manager >> Protocols of SQLExpress >> Properties >> Certificate Tab. Select the certificate yourselfsignedcertficate and click on OK.

Updated Ssl Certificate at Sql Manager

As a final step, restart the MSSQL service from services.msc. MS SQL Server should start now without any problem.
  • 0 Users Found This Useful

Was this answer helpful?


Related Articles

How to use MSSQL Activity Monitor to find the most expensive query?

A slow and long running SQL query execution consumes much processor, memory, and disk of your...

Comparison of MS SQL Server 2016 Express Edition V/S. MS SQL Server 2016 Web Edition

Following is a brief comparison between MSSQL Server 2016 Express Edition and MSSQL Server 2016...

How to assign particular permissions to SQL server database user from SQL Server Management Studio?

We can restrict SQL database users to fire some critical queries, e.g. Update, Delete, etc....

How to change password for MS SQL admin user?

Following tutorial will guide you to reset the MS SQL server sa user password. We assume that you...

How to Fix Error "Could not allocate space for object 'X' in database"?

Error Message Could not allocate space for object 'dbo.ABC_XYZ_XYZ'.'AB__ABC_XYZ__XYZ' in...