← Back to Knowledge Base

KB #240040: Cannot start SQL Server or encrypted database is inaccessible when profile is on a remote machine

⏱️ 2 min read

Type:

Information

Summary:

If you have specified the remote profile to be on a remote machine, you must start the SQL Service and/or the NetLIb Key Management Service (NLCBTASK) Service with a login that has read permissions to the remote machine.

Additional Information:

By default, most Services, including SQL Server and NetLib’s Key Management Service (KMS), start in the Local System Account (LSA) or the Network Account (NA). Both are restricted accounts that have rights only to local devices. If the remote profile is on a remote machine, the LSA or the NA will not be able to read that profile.Therefore you need to modify NetLib KMS Service and/or the SQL Service to start with an account that has at least Read Permissions to the remote system. (It does not need to be an Administrative account. In fact, for security reasons, it should not be.) These same issues may arise with SQL Server Replication.

Method 1:

Start first by modifying the account that the NetLib KMS Service starts with. If that does not solve the issue, or if the KMS Service does not exist, then go to Method 2.

  • Start Services.msc (or go to Administrative Tools, Services)
  • Locate the NetLib Key Management Service (a/k/a NLCBTASK, NetLib Process Tracking Service in earlier versions)
  • Bring up the Properties dialog
  • Select the Log On tab
  • Specify an account that has at least Read Permissions to the remote location
  • Click Ok to close the dialog
  • Restart the KMS Service
  • Restart SQL Server

Method 2:

Modify the account that the SQL Server Service starts with.

  • Start Services.msc (or go to Administrative Tools, Services)
  • Locate the SQL Server Service associated with your instance. For a Named instance, the service name is usually MSSQL$instance. For the Default instance, the service name is MSSQLSERVER.
  • Bring up the Properties dialog
  • Select the Log On tab
  • Specify an account that has at least Read Permissions to the remote location
  • Click Ok to close the dialog
  • Restart the SQL Server Service

If neither one of these methods addresses the issue it is possible that the account you specified does not have sufficient permissions to the remote location, or that the remote location is otherwise inaccessible. See Microsoft documentation for general information about service startup accounts and on SQL Server Replication for more information.

Was this article helpful?

Related Articles

KB #240148: Testing EKM Server to EKM Client connectivity

Type: Information Summary: You have a service or application secured with an encryption key that…

KB #240124: Using Encryptionizer for SQL on a Cluster

Type: Information Summary: Encryptionizer for SQL is cluster safe, but the installation and configuration are…

KB #240117: Upgrading SQL Version on an instance secured with Encryptionizer

Type: Information Summary: You have an SQL instance that is secured with Encryptionizer for SQL.…

Still need help?

Our support team is here to assist you.

Contact Support 📞 1-877-367-1177
NetLib Security
AI Assistant · Online
Hi! I'm the NetLib Security assistant. I can answer questions about our encryption solutions, HIPAA compliance, Encryptionizer, and more. How can I help you today?