CB Protection: SQL Server Fails to Start After Server Name Change
search cancel

CB Protection: SQL Server Fails to Start After Server Name Change


Article ID: 288801


Updated On:


Carbon Black App Control (formerly Cb Protection)


  • Unable to start the SQL Server services
  • No certificate listed under SQL Server Configuration Manager > Protocols
  • SQL Startup errors show: 
    Unable to load user-specified certificate [Cert Hash(sha1) "<CERTHASH>"]. The server will not accept a connection. You should verify that the certificate is correctly installed. See "Configuring Certificate for Use by SSL" in Books Online.


  • CB Protection Server: All Supported Versions
  • Microsoft SQL Server: All Supported Versions


This is caused by the SQL Service account, being no longer able to access the private key of the self signed certificate that was set for SQL communication. 


  1. Open Services.msc
  2. Navigate to SQL Server and double click the service.
  3. Write down the Username on the Log On tab, as you will need that later.
  4. Open IIS Manager
  5. Navigate to the Server Name, and double click Server Certificates
  6. On the right hand panel, select Generate Self Signed Certificates
  7. Specify a name, and click OK
  8. Open MMC
  9. Select File > Add/Remove Snap-in
  10. Select Certificates with the options of Computer Account and Local Computer
  11. Navigate to Personal > Certificates
  12. Right click the new self-signed certificate you generated and select All Tasks > Manage Private Keys
  13. Grant full permissions to the service account you wrote down in step 3
  14. Open SQL Server Configuration Manager
  15. Right click and select Properties on Protocols under SQL Server Network Configuration
  16. On the Certificates tab, select the new Self Signed Certificate
  17. Start the SQL Server services