SQL Server Service Fails to Start

The MS SQL Service fails to start and the following error messages appear in the System Event Viewer log:

Schannel error in the system event log : A fatal error occurred while creating a TLS client credential. The internal error state is 10013. SQL error in the system event log: A fatal error occurred while creating a TLS client credential. The internal error code is 7024.

Cause

This error message appears you disable TLS 1.0 on the NES server and the version of MS SQL Server does not support TLS 1.2.

Resolution

To resolve this issue, perform the following steps to install a version of MS SQL server that supports TLS 1.2 and preserve the information in the NES database.

  1. Enable TLS 1.0 and disable TLS 1.2.
  2. Start the MS SQL Server service.
  3. Install SQL Server Management Studio (ssms).
  4. Download SQL Express 2017 SP1 or later.
  5. Perform the following actions to backup the NES database.
    1. Connect to IIS Manager and stop IIS.
    2. Launch ,and then connect to the SQL instance.
    3. Expand Databases.
    4. Right-click the Nymi.nes database and then select Tasks > Back up. NOTE: If your database name is not Nymi.nes, select the name that appears in your env.
    5. From the Backup type list, select Full. Make note of the destination directory.
    6. Click OK.
    7. Start IIS.
  6. Remove SQL Express 2012.
  7. Restart the NES server.
  8. Install SQL Express 2017.
  9. Perform the following steps to restore the NES database.
    1. Run SSMS and then connect to the SQL instance.
    2. Right-click Databases and then select Restore Database.
    3. In the left navigation pane of the Restore Database window, click Options.
    4. Select Overwrite existing database (WITH REPLACE).
    5. In the left navigation pane click General.
    6. In the Source section, select Device and then click the Elispses (...).
    7. On the Select backup devices window, click Add.
    8. Navigate to the MSSQL11.SQLEXPRESS subfolder and then expand MSSQL > Backup.
    9. Select the Nymi.nes.bak file and then click OK.
    10. On the Select backup devices window, click OK.
    11. Click Verify Backup Media. (no errors should appear)
    12. Click OK.
  10. Perform the following steps to verify the NES database.
    1. Log into the NES Administrator Console and search for a user.
    2. When the user appears, click the hypertext link and ensure that you can see the properties of the user.
    3. On the Policies tab, edit your policy and confirm that the settings are correct.
  11. Enable TLS 1.2 and confirm that NES can access the database
    1. Disable TLS 1.0.
    2. Enable TLS 1.2.
    3. Ensure that SSL 3.0 is disabled.
    4. Stop and restart the MS SQL Server service.
    5. Log into the NES Administrator Console and search for a user.
    6. When the user appears, click the hypertext link and ensure that you can see the properties of the user.

Articles in this section

Was this article helpful?
0 out of 0 found this helpful
Share