March 30, 2015 at 6:38 pm
Sql server 2008R2 (SP2) Ent, PROD DB myDB was encrypted. During Release mistakenly (Vendor created script blames some settings in ...- actually does not matter) Decryption started (ALTER .. SET ENCRYPTION OFF) as we got from ErrorLog. For some reason initial encryption scan was aborted and then mentioned command: ALTER ... OFF was issued again. What we have now (after 60 h of decryption- encryption took only 2.5 h)- is_encrypted = 0 in sys.databases, encryption_state = 5 (decryption in progress) in sys.dm_database_encryption_keys (percent_complete= 0). But it seems myDB is still encrypted- I made a backup of myDB and tried to read it (restore filelistonly) from other server (with no encryption)- failed- asked for key. Seems metadata was changed when initial scan during decryption started but then stuck and (if I am correct) decryption was never completed. Question- any similar experience? How we can fix meta- data, i.e. assuming that myDB is still encrypted we should have is_encrypted = 1 and encryption_state = 3 (encrypted). Opened ticket with MS but could not get clear answer what to do. Appreciate any tip. Thanks
April 1, 2015 at 5:00 am
Have you stopped all connections to the database to allow the decryption to complete?
-----------------------------------------------------------------------------------------------------------
"Ya can't make an omelette without breaking just a few eggs" 😉
April 1, 2015 at 4:18 pm
As we figured out (and MS confirmed this) when "initial encryption scan" was aborted decryption stopped- not canceled, not rolled back, but stopped
(as per MS there is bit - sorry, did not get where 🙂 that shows- decryption hits an error and waits for restart). Essentially that means: 1) DB is still encrypted; 2) we need to re-issue decryption again, i.e. ALTER .. OFF. I did test in BR (backup/restore) server with the same TDE configured- restored Prod backup and decryption started immediately and completed in 15 min. With this info and test results I re-started Decryption- everything was fine. Then encrypted back DB- end of story. Thanks
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply