Microsoft Knowledge Base Article
This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved.
Terms
of Use |
Trademarks
Article ID: 912412 - Last Review: December 27, 2005 - Revision: 1.2
Error message when you use Service Broker or database mirroring to connect to an instance of SQL Server 2005: "Connection handshake failed"
Bug #: 413389 (SQLBUDT)
SYMPTOMS
When you use Service Broker or database
mirroring to connect to an instance of Microsoft SQL Server 2005, you receive the following
error messages:
Connection handshake failed. An OS
call failed: (5) 5(error not found). State 87.
Connection handshake
failed. An OS call failed: (5) 5(Access is denied). State 87.
This
issue occurs when you use certificate-based authentication for the
connection.
CAUSE
This issue occurs because the discretionary access control
list (DACL) of the folder that contains the RSA
keys is set incorrectly. Therefore, the account that runs the instance of SQL
Server 2005 does not have sufficient permissions to access certificate pair
keys.
The following folder contains the RSA keys:
%ALLUSERSPROFILE%\Application
Data\Microsoft\Crypto\RSA\MachineKeys
RESOLUTION
To resolve this issue, you must manually set the DACL of the
folder to the default permissions. To do this, follow the steps that are listed in Microsoft Knowledge Base article 278381.
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
278381Â
(http://kbalertz.com/Feedback.aspx?kbNumber=278381/
)
Default permissions for the MachineKeys folders
APPLIES TO
- Microsoft SQL Server 2005 Standard Edition
- Microsoft SQL Server 2005 Developer Edition
- Microsoft SQL Server 2005 Enterprise Edition
- Microsoft SQL Server 2005 Workgroup Edition
- Microsoft SQL Server 2005 Express Edition
Community Feedback System
Very often, it takes hours to solve a problem. Very often, you've looked high
and low, and have tried a lot of solutions. When you finally found it, chances
are, it was because someone else helped you. Here's your chance to give back.
Use our community feedback tool to let others know what worked for you and what
didn't.
Please also understand that the community feedback system is not warranted to be
correct, it's simply a system that we've built to let people try and help each
other. If something in a feedback response doesn't make sense to you, or you're
not comfortable making changes that the feedback talks about (like registry
edits), please consult a professional.
Thank you for using kbAlertz.com Feedback System.
-- Scott Cate
Be the first to leave feedback, to help others about this knowledge base
article.
(Optional) Name
(Optional)
Public URL Or Email
Comments
No
HTML -- Text Only Please