When following recommended security procedures and running SQL server under a domain service account, the service will fail to start after assigning a certificate to the protocols. This is because the service account does not have permissions to read the private key. Fix this in the Certificates MMC snap-in (preferably right after installing the certificate.) Select the certificate you just imported, then in the Action menu select "Manage private keys." Grant the domain service account read
↧