Hi
We already have an established Log Shipping environment.The secondary has the databases in the 'Non recovery mode'
I have just enabled TDE on the primary server to one of the databases that is getting log shipped.
The master Key and certificate have been backed up to the primary server.
I copied and pasted these 2 files over to the secondary server (but interestingly cannot actually see them in the location i pasted to)
Since TDE was turned on, I am getting the LSAlert every 2 mins saying the database has a restore threshold of 45 mins and is out of sync. No restore was performed for 46 minutes......
If i check the job history the LSRestore job it has not failed.
Does the Log shipping Secondary need to have these Master certificate/Private key files restored for Log shipping to work?
Also, can I remove the Master certificate and private key files off the Primary C drive to a secure network location without breaking TDE?
Thanks
Most likely what you need to do is import / restore into SQL Server the certificate you're using for TDE on the primary server. Just copying those files to the secondary server does not allow SQL to use them.
As for removing the files from the primary server, yes, you can do that, as the files on disk are backups of the certificates held in SQL Server itself.
If you run this:
select *from sys.certificates;
do you see your encryption certificate on BOTH servers?