← Back to Knowledge Base

KB #240040: Cannot start SQL Server or encrypted database is inaccessible when profile is on a remote machine

⏱️ 2 min read

Type:

Information

Summary:

If you have specified the remote profile to be on a remote machine, you must start the SQL Service and/or the NetLIb Key Management Service (NLCBTASK) Service with a login that has read permissions to the remote machine.

Additional Information:

By default, most Services, including SQL Server and NetLib’s Key Management Service (KMS), start in the Local System Account (LSA) or the Network Account (NA). Both are restricted accounts that have rights only to local devices. If the remote profile is on a remote machine, the LSA or the NA will not be able to read that profile.Therefore you need to modify NetLib KMS Service and/or the SQL Service to start with an account that has at least Read Permissions to the remote system. (It does not need to be an Administrative account. In fact, for security reasons, it should not be.) These same issues may arise with SQL Server Replication.

Method 1:

Start first by modifying the account that the NetLib KMS Service starts with. If that does not solve the issue, or if the KMS Service does not exist, then go to Method 2.

  • Start Services.msc (or go to Administrative Tools, Services)
  • Locate the NetLib Key Management Service (a/k/a NLCBTASK, NetLib Process Tracking Service in earlier versions)
  • Bring up the Properties dialog
  • Select the Log On tab
  • Specify an account that has at least Read Permissions to the remote location
  • Click Ok to close the dialog
  • Restart the KMS Service
  • Restart SQL Server

Method 2:

Modify the account that the SQL Server Service starts with.

  • Start Services.msc (or go to Administrative Tools, Services)
  • Locate the SQL Server Service associated with your instance. For a Named instance, the service name is usually MSSQL$instance. For the Default instance, the service name is MSSQLSERVER.
  • Bring up the Properties dialog
  • Select the Log On tab
  • Specify an account that has at least Read Permissions to the remote location
  • Click Ok to close the dialog
  • Restart the SQL Server Service

If neither one of these methods addresses the issue it is possible that the account you specified does not have sufficient permissions to the remote location, or that the remote location is otherwise inaccessible. See Microsoft documentation for general information about service startup accounts and on SQL Server Replication for more information.

Was this article helpful?

Related Articles

KB #240038: SQL database backups to a Mapped Drive are not encrypted

Type: Fixed This issue is resolved with Encryptionizer (x86) driver version 2008.401.4 or later. Summary:…

KB #240125: System Stop (BSOD) when restoring an encrypted database with FileStreams from backup

Type: Fixed Summary: When restoring a backup which contains FileStreams, you may experience a System…

KB #240112: Installing SQL Server Management Objects (SMO)

Type: Information Summary: Important note: For Column Encryption support only. The SQL Server Management Objects…

Still need help?

Our support team is here to assist you.

Contact Support 📞 1-877-367-1177
NetLib Security
AI Assistant · Online
Hi! I'm the NetLib Security assistant. I can answer questions about our encryption solutions, HIPAA compliance, Encryptionizer, and more. How can I help you today?