Lost the database master key password

  • hurricaneDBA

    SSCarpal Tunnel

    Points: 4789

    Dear Everyone

    We are upgrading our SP application and database from SP2010 to SP2013 and our databases from 2008 to 2016.

    However the application team doesnt have the DMK passwords only the files and certificates.

    When they try to install the RBS client on the new machine and point to the restored SP databases they get the error attached.

     

    I obviously cant open the database as i dont have the password and i cant drop the encryption again since i dont have a password.

    A solution i already tried and worked was to do the following:

    1. Regenerate the password using force:Alter Master Key FORCE Regenerate

      With Encryption By Password = '**********'

    2. Drop the signatures on the objects which have signatures on them

    3. Drop the certificates

    4. Drop the DMK

    5. Generate a new DMK

     

    Is there another method which is easier or is this the only route to resolve this issue as well have to do this for all SP databases and i dont know if any data will be lost in the process!!

    Kal

    Attachments:
    You must be logged in to view attached files.
  • Site Owners

    SSC Guru

    Points: 80380

    Thanks for posting your issue and hopefully someone will answer soon.

    This is an automated bump to increase visibility of your question.

  • hurricaneDBA

    SSCarpal Tunnel

    Points: 4789

    Microsoft came back and recommended I backup the database master key from production and encrypt those with a new password then restore them using them same password on the simulation environment using the FORCE option and this worked for us.

    Kal

  • Sue_H

    SSC Guru

    Points: 90287

    Thanks for posting back - I was wondering about the other alternatives. My thought was about the adding another password but from another post of yours it looked like you tried that one and got the error about the key needing to be open.

    Sue

  • hurricaneDBA

    SSCarpal Tunnel

    Points: 4789

    Hi Sue

    Hope you’re doing great

    Yeah I tried to add a second password to the DMK but you need to know the first password to open it first like you said.

    What worked was the key backup and restore but I noticed that the restore with Force didn’t decrypt the certificates so I don’t know what the consequences of that will be

    it needs to be tested

    kal

     

    • This reply was modified 3 months, 2 weeks ago by  hurricaneDBA.
  • Sue_H

    SSC Guru

    Points: 90287

    Hey Kal - Things will run fine for now but if you hit a disaster of some type in production, then you may have some things to work on. When I read your post and then there was something in the QOD or someplace about adding the additional password, I did some reading about it but didn't test anything yet. Lots of posts are all over the internet about lost dmk password, if its any consolation :). Some of the more accurate things I read about it was a MS person (Sean Gallardy) who often posts on stackexchange. If you put this into a google search, you can find those posts: lost dmk password "sean gallardy" site:dba.stackexchange.com

    That will probably give you some ideas.

    Sue

     

  • hurricaneDBA

    SSCarpal Tunnel

    Points: 4789

    Hi Sue

    I opened a call with stackexhange with the full details if you would like know what happened:

    https://dba.stackexchange.com/questions/244635/lost-the-dmk-password

    thanks again for the heads up

    Kal

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic. Login to reply