CODEWITHSUNDEEP
sql-serversql-server-2008-r2certificateservice-broker
Stuart Whiteford
Stuart Whiteford

Reputation: 531

Cannot copy a security certificate file created from within SQL Server

I'm attempting to get SQL Server Service Broker working across database instances and an at the stage of copying certificates (from initiator to target and vice versa). I can back up the certificate to a file but once created I can't open the file or copy it to any other location. If I try and open the file I get a message box with the title "Invalid Public Key Security Object File" and the message "Access is denied.".

The server is within the local domain and is running Windows Server 2008 R2 Enterprise with SP1.

This works (but I cannot do anything with the file):

BACKUP CERTIFICATE UserCertificateB TO FILE='C:\Certs\UserCertificateB.cer';

This doesn't work:

BACKUP CERTIFICATE UserCertificateB TO FILE='\\localmachine\Certs\UserCertificateB.cer';

Error message is:

Msg 15240, Level 16, State 1, Line 2 Cannot write into file '\localmachine\Certs\UserCertificateB.cer'. Verify that you have write permissions, that the file path is valid, and that the file does not already exist.

Upvotes: 3

Views: 5844

Answers (2)

Mr. Munoz
Mr. Munoz

Reputation: 69

I know this is an old question, but maybe this answer will be relevant to others that may find the same issue.

If it shows the error ‘Msg 15240, Level 16, State 1, Line 8 Cannot write into file 'C:\tmp\cert\MY_TDE_CERT_KEY.PVK'. Verify that you have write permissions, that the file path is valid, and that the file does not already exist.’

It is because the script has to be executed on the server and not the local computer connected to the server.

Once the SQL script executed in the server then the files will appear in the selected folder in the server (must create a local directory).

Error (the image shows the path of the local computer, it was the wrong path, must be in the server): Error message

After executing in server Solved error

Learned this from Microsoft: "The path is relative to the SQL Server instance. The path needs to be setup on the machine hosting the instance."

Upvotes: 0

Remus Rusanu
Remus Rusanu

Reputation: 294457

I can back up the certificate to a file but once created I can't open the file or copy it to any other location.

Yes, the access is restricted to the SQL Server service account. Grant permissions as appropriate on the file, using an administrative account. Use icacls.

Cannot write into file '\localmachine\Certs...'

You are doing a 'double hop' so it requires Kerberos constrained delegation. Contact your network administrator to set it up properly for you.

Upvotes: 2

Related Questions