-1

I'm trying to set up a security certificate for a sql server. According to the documentation, I need to set up the permissions so that the sql server instance can read the private key. I tried setting up the permissions through mmc (see https://stackoverflow.com/questions/36830411/how-can-i-give-sql-server-permission-to-read-my-ssl-key). I right click on the cert, select 'all tasks', select 'manage private keys', and it brings up the users dialog. The problem is, the sql server instance is running as 'NT Service\MSSQLSERVER'. That user doesn't appear in the group or user names section and I can't find it if I try to add it as a new user.

I tried the procedure listed here: How to add NETWORK SERVICE to Users permission group? but I still wasn't able to find that user or group. What am I doing wrong here?

pbuchheit
  • 139
  • 10

2 Answers2

1

I've tested this. I do not have this problem.

Make sure you click Locations... and change "From this location" to the name of the local server. Then simply type in nt service\mssqlserver and click check names. A window will open allowing you to select the MSSQLSERVER account.

enter image description here

Appleoddity
  • 3,290
  • 2
  • 10
  • 27
  • When I select locations, it brings up a tree with 2 nodes. One is the name of the local machine and the other is the domain name. I tried searching for MSSQLSERVER under both and it is not valid. – pbuchheit Apr 01 '22 at 19:31
  • Then the account doesn’t exist. Check SQL configuration manager and see what account the SQL service is running under. And you have to type in exactly `nt service\mssqlserver` then `check names.` – Appleoddity Apr 01 '22 at 19:32
  • 1
    Never mind, I found it. I must have mad something mistyped somewhere. Thanks. – pbuchheit Apr 01 '22 at 19:35
0

NT Service\MSSQLServer is an alias, so in the dialog you need to select Builtin Security Principals for Object Type for the system where SQL Server is installed to resolve the principal name.

Greg Askew
  • 34,339
  • 3
  • 52
  • 81