Home Forums SQL Server 7,2000 Security An error occurred during decryption (Error: 15466, Severity: 16, State: 1.) RE: An error occurred during decryption (Error: 15466, Severity: 16, State: 1.)

  • Sakthivel Chidambaram (3/5/2009)


    Hi,

    So you have not changed service account since the cluster was started right? Can you connect to the passive node where it is failing and Check for "entropy" registry key in below Registry Node

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\ Security

    If it is not present there then there is some issue in creating a new key upon failover. So two solutions at this stage.

    1. Make Failover to passive node and stop and start the SQL Server (If possible :)) which should create a new key.

    2. Run ALTER SERVICE MASTER KEY FORCE REGENERATE to create new key (Nothing wrong) which will re-encrypt all the contents.

    3. Use BACKUP SERVICE MASTER KEY when the working node is active and make failover and then run RESTORE SERVICE MASTER KEY.

    The Service Master key is combination of Service Account and Machine Account so if both are same then there should not be any issue. Please reply after try any of above methods.

    Hi,

    I have a similar issue to the one decribed in this post. I have tried the above steps to regenerate the SMK for the sql instance however a REGENERATE or RESTORE always end with the following error

    RESTORE SERVICE MASTER KEY FROM FILE = 'filepathTestServerSMK.bak'

    DECRYPTION BY PASSWORD = 'password' FORCE

    The current master key cannot be decrypted. The error was ignored because the FORCE option was specified.

    Msg 15209, Level 16, State 1, Line 1

    An error occurred during encryption.

    The following message appears in my SQL Logs on startup (on the affected node)

    Message

    Error: 15466, Severity: 16, State: 1.

    Message

    An error occurred during decryption.

    I'm kind of at my wits end at the moment as my understanding is that the SMK is encrypted against both the service account (all nodes have the same domian user account) and the machine name, therefore the machine name encryption should work.

    Any help greatly appreciated