Knowledge Base

Search Knowledge Base

KB #240040: Cannot start SQL Server or encrypted database is inaccessible when profile is on a remote machine

Type:

Information

Summary:

If you have specified the remote profile to be on a remote machine, you must start the SQL Service and/or the NetLIb Key Management Service (NLCBTASK) Service with a login that has read permissions to the remote machine.

Additional Information:

By default, most Services, including SQL Server and NetLib’s Key Management Service (KMS), start in the Local System Account (LSA) or the Network Account (NA). Both are restricted accounts that have rights only to local devices. If the remote profile is on a remote machine, the LSA or the NA will not be able to read that profile.Therefore you need to modify NetLib KMS Service and/or the SQL Service to start with an account that has at least Read Permissions to the remote system. (It does not need to be an Administrative account. In fact, for security reasons, it should not be.) These same issues may arise with SQL Server Replication.

Method 1:

Start first by modifying the account that the NetLib KMS Service starts with. If that does not solve the issue, or if the KMS Service does not exist, then go to Method 2.

  • Start Services.msc (or go to Administrative Tools, Services)
  • Locate the NetLib Key Management Service (a/k/a NLCBTASK, NetLib Process Tracking Service in earlier versions)
  • Bring up the Properties dialog
  • Select the Log On tab
  • Specify an account that has at least Read Permissions to the remote location
  • Click Ok to close the dialog
  • Restart the KMS Service
  • Restart SQL Server

Method 2:

Modify the account that the SQL Server Service starts with.

  • Start Services.msc (or go to Administrative Tools, Services)
  • Locate the SQL Server Service associated with your instance. For a Named instance, the service name is usually MSSQL$instance. For the Default instance, the service name is MSSQLSERVER.
  • Bring up the Properties dialog
  • Select the Log On tab
  • Specify an account that has at least Read Permissions to the remote location
  • Click Ok to close the dialog
  • Restart the SQL Server Service

If neither one of these methods addresses the issue it is possible that the account you specified does not have sufficient permissions to the remote location, or that the remote location is otherwise inaccessible. See Microsoft documentation for general information about service startup accounts and on SQL Server Replication for more information.

Top