Unable to find user account to set permissions for private key

pbuchheit

8/1/23, 6:27 PM

I'm trying to set up a security certificate for a sql server. According to the documentation, I need to set up the permissions so that the sql server instance can read the private key. I tried setting up the permissions through mmc (see https://stackoverflow.com/questions/36830411/how-can-i-give-sql-server-permission-to-read-my-ssl-key). I right click on the cert, select 'all tasks', select 'manage private keys', and it brings up the users dialog. The problem is, the sql server instance is running as 'NT Service\MSSQLSERVER'. That user doesn't appear in the group or user names section and I can't find it if I try to add it as a new user.

I tried the procedure listed here: How to add NETWORK SERVICE to Users permission group? but I still wasn't able to find that user or group. What am I doing wrong here?

0 + 0

windows

permissions

sql

ssl-certificate

sql-server

Score:1

Server

Appleoddity

8/1/23, 7:20 PM

I've tested this. I do not have this problem.

Make sure you click Locations... and change "From this location" to the name of the local server. Then simply type in nt service\mssqlserver and click check names. A window will open allowing you to select the MSSQLSERVER account.

0 + 0

pbuchheit

8/1/23, 7:31 PM

When I select locations, it brings up a tree with 2 nodes. One is the name of the local machine and the other is the domain name. I tried searching for MSSQLSERVER under both and it is not valid.

Appleoddity

8/1/23, 7:32 PM

Then the account doesn’t exist. Check SQL configuration manager and see what account the SQL service is running under. And you have to type in exactly `nt service\mssqlserver` then `check names.`

pbuchheit

8/1/23, 7:35 PM

Never mind, I found it. I must have mad something mistyped somewhere. Thanks.

Score:0

Server

Greg Askew

8/1/23, 7:02 PM

NT Service\MSSQLServer is an alias, so in the dialog you need to select Builtin Security Principals for Object Type for the system where SQL Server is installed to resolve the principal name.

0 + 0

pbuchheit

8/1/23, 7:15 PM

I did that and it still wasn't available.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Unable to find user account to set permissions for private key

TH: ไม่พบบัญชีผู้ใช้เพื่อตั้งค่าการอนุญาตสำหรับคีย์ส่วนตัว

RO: Nu s-a putut găsi contul de utilizator pentru a seta permisiunile pentru cheia privată

RU: Не удалось найти учетную запись пользователя для установки разрешений для закрытого ключа

VI: Không thể tìm thấy tài khoản người dùng để đặt quyền cho khóa riêng

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.