Enabling TDE on Databases in an AlwaysOn Scenario

  • Comments posted to this topic are about the item Enabling TDE on Databases in an AlwaysOn Scenario

  • Thanks for the article.

  • I've followed these instructions on a SQL 2016 / Widnows 2012 R2 cluster; however my secondary is now in a Not Synchronizing/Suspect state.

    What did I miss?

  • On my SQL2014, in Scenario 1, running the verify query shows 0 percent completed while the encryption is happening on the Secondary.

    Just FYI...they do more to encrypted status, just they don't show a percent like the Primary Replicas do

    ------------------------------------------------------------------------------------------------Standing in the gap between Consultant and ContractorKevin3NFDallasDBAs.com/BlogWhy is my SQL Log File HUGE?!?![/url]The future of the DBA role...[/url]SQL Security Model in Plain English[/url]

  • IMPORTANT:

    If you follow the instructions as described, your databases on your secondary will go SUSPECT

    You have to create the DMK and Certificate on the secondary BEFORE you create the DEK.

    If you are reading this, you probably already followed the step by step instructions and ended up with SUSPECT databases.  Here's how to fix that:

    As long as you've created the DMK and Cert on the secondary at this point, you should be able to go into the AG on the secondary and right click the database and resume data movement, which will bring it back to a synchronized state.

  • You can now use Database Backup Compression with TDE:
    https://www.brentozar.com/archive/2016/07/tde-backup-compression-together-last/

    Just make sure you are patched to the very latest level, as they are bringing fixes out for this all the time.

    qh

    [font="Tahoma"]Who looks outside, dreams; who looks inside, awakes. – Carl Jung.[/font]

Viewing 6 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Login to reply