What we are doing is simply shutting down sql server and physically moving mssql folder to another server. After that operation service broker not working correctly. What to do to make service broker work on a new server? What's the correct way to move whole server to a new machine?
We have merge replication which we dont want to reinitiallize. So backup/restore and attach/deattach is not a good option. Any solutions for reanimation of service broker on a new machine? Recreate certificates/create new SB guid (NEW BROKER)?
Alright, we moved folder with database files to fresh new instance of sql server on another machine. After few tests we get the expected error An error occurred while receiving data: '10054(An existing connection was forcibly closed by the remote host.)'. and in SQLProfiler it shows as Connection handshake failed. Error 15581 occurred while initializing the private key corresponding to the certificate. The SQL Server errorlog and the Windows event log may contain entries related to this error. State 88..
So, i've tried to regenerate master keys on both main database and master database. And it worked. Service broker running good on both directions.
USE <dbName>;
OPEN MASTER KEY DECRYPTION BY PASSWORD = 'password';
ALTER MASTER KEY REGENERATE WITH ENCRYPTION BY PASSWORD = 'password';
CLOSE MASTER KEY;
USE master;
OPEN MASTER KEY DECRYPTION BY PASSWORD = 'password';
ALTER MASTER KEY REGENERATE WITH ENCRYPTION BY PASSWORD = 'password';
CLOSE MASTER KEY;
Related
Background:
I have a Always On Availability Group Setup with 4 Nodes(DB1,DB2,DB3,DB4). I am using File Share witness hosted on some other server. All the nodes on AG are set to failover automatically. And as readable secondary option set to 'yes'.
Issue:
For instance, lets consider DB1 as primary node on both AG and WSFC. Now,whenever I stop the MSSQL service on DB1, DB2 or the other 2 becomes primary on AG. However, DB1 stays as primary host on the WSFC. The main problem here is whenever my application tries to connect to the DB, I get an error as "Failed to update 'Dbname' database is read only". But when I manually change the node of WSFC to the now Primary AG DB my application starts working. Can someone please help me out here.
whenever my application tries to connect to the DB, I get an error as "Failed to update 'Dbname' database is read only"
Your app needs to connect to the AG through the AG Listener, which will only be active on the node hosting the primary database replica.
If your app is connecting to the listener you need to troubleshoot the connection. Verify that DNS resolution is returning all the IP addresses, and that only the IP address hosting the primary replica has the requested SQL Server port open.
I moved some jobs from sql 2012 to sql 2016, and I got the error:
Environment reference Id: NULL. Description: Please create a master key in the database or open the master key in the session before performing this operation. Source: .Net SqlClient Data
I want to delete the master key at source and then script out the jobs and then “paste” them in the new sql 2016. (this could be a ‘fix’, right?)
My questions are:
How can I delete the master key in the source server?
Is it a few jobs using this master key, or all of them require this master key?
Is this “master key” the below? (not sure if the master key is ‘jobs’ or ‘ssis’ level…)
Does the master key has like a login name, or is it just a password?
If deleting the master key (not sure if it is one or many) may be risky… I can try contacting the previous DBA we had, and ask for this password.
Environment: Win 2012 and SQL 2014 Standard edition.
Issue: I am doing a daily restore of the production database into our test server. The production database has a encryption key. The restore to the test server is a SQL Job that runs nightly.
Items Tried: I have tried to include a step in the sql job to decrypt the key in the test environment: open master key decryption by password = ''. I have tried using EXEC, sp_executesql and embedding the commands in a stored procedure. The only thing that really works of when I open up management studio and run the command manually.
Results From the Job: The job runs successfully but does nothing. I adding logging and there is nothing indicating any errors. All the log say is Begin Executing.
Question: Does anybody know how I can embed the open master key decryption by password = '' step into the sql job where the command with work.
I think the issue that you have is that you're successfully opening the master key within that session, but other sessions don't see that. You subsequently need to re-encrypt the database master key with the test server's service master key. Luckily, once you've opened the key with the password (as you already have), it's as easy as:
alter master key add encryption by service master key;
Also, you shouldn't need to do anything fancy in your open master key… statement. That is, no need to wrap it in sp_executesql or any of that.
I have two instances of SQL Server 2012 Enterprise but struggling to restore a TDE database from a set of backups (full, differential and log) from instance one to instance two. I am getting the error 'Cannot find server certificate with thumbprint'.
Instance one and two both have master keys with the same password, I have backed up the certificate and private file from instance one and restored to instance two. If I look in the Security > Certificates folder of the master DB on instance two I can see it listed.
If I try a restore despite have imported the same certificate and it being present I still get the error 'Cannot find server certificate with thumbprint', can somebody please advise as to what to do next?
If I try reimporting the certificate again I get the message 'A certificate with name 'ServerCert' already exists or this certificate already has been added to the database.'
I have also tried restoring/replacing the database on instance one from the backup sets and they work, just not when restoring to instance two.
Any help would be much appreciated :-)
Despite retrying the same process several times, I removed the TDE, certificate and master keys across all instances and started from scratch with the exception of re-backing up the database. Despite all passwords and certificate names being the same still no joy.
I then removed the TDE, certificate and master keys across all instances, restarted both instances, then created a master key, then the cert, reapplied the TDE, then carried out all new full, differential and transaction log backups all on instance one. Backup up the certificate from instance one, then on instance two created the same master key, imported the backup up certificate from instance one and then carried out the database restore and all is well.
None of my T-SQL changed in any way, the only think I can gather is some sort of security failed to correctly apply, maybe a tempdb issue.
I have read others having the same issues, I hope this helps others.
I had a SQL database on a previous server, of which I had a master key and certificate creating using the following syntax:
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'AReallyReallyReallySecurePassword!!!!!'
CREATE CERTIFICATE CPCertificate01 WITH SUBJECT = 'CP Certificate'
CREATE SYMMETRIC KEY SSN_Key_01 WITH ALGORITHM = TRIPLE_DES ENCRYPTION BY CERTIFICATE CPCertificate01
I've done a backup of this database, and now restored it onto a new server (fresh install of SQL Server as well).
When I try to run commands against the database, I get this error:
Cannot find the symmetric key 'SSN_Key_01', because it does not exist
or you do not have permission.
However if I run this code...
select * from sys.symmetric_keys
...I can see SSN_Key_01 listed in the result set.
I also get other errors relating the master key not existing.
Can anyone please guide me as to how I can recreate the encryption settings on the new server without losing any of my data? I still have access to the old server if required. Thanks.