I have two instances of SQL Server 2012 Enterprise but struggling to restore a TDE database from a set of backups (full, differential and log) from instance one to instance two. I am getting the error 'Cannot find server certificate with thumbprint'.
Instance one and two both have master keys with the same password, I have backed up the certificate and private file from instance one and restored to instance two. If I look in the Security > Certificates folder of the master DB on instance two I can see it listed.
If I try a restore despite have imported the same certificate and it being present I still get the error 'Cannot find server certificate with thumbprint', can somebody please advise as to what to do next?
If I try reimporting the certificate again I get the message 'A certificate with name 'ServerCert' already exists or this certificate already has been added to the database.'
I have also tried restoring/replacing the database on instance one from the backup sets and they work, just not when restoring to instance two.
Any help would be much appreciated :-)
Despite retrying the same process several times, I removed the TDE, certificate and master keys across all instances and started from scratch with the exception of re-backing up the database. Despite all passwords and certificate names being the same still no joy.
I then removed the TDE, certificate and master keys across all instances, restarted both instances, then created a master key, then the cert, reapplied the TDE, then carried out all new full, differential and transaction log backups all on instance one. Backup up the certificate from instance one, then on instance two created the same master key, imported the backup up certificate from instance one and then carried out the database restore and all is well.
None of my T-SQL changed in any way, the only think I can gather is some sort of security failed to correctly apply, maybe a tempdb issue.
I have read others having the same issues, I hope this helps others.
Related
I am trying to diagnose an issue with SQL Server 2016 that occurred after some software was updated and I wanted to see if any of the server configurations changed. I have a backup of the master db and I figured I could compare settings between the live master and the backup. I read that "network packet size (B)" could cause "Protocol error in TDS stream" and I know how to look up the configuration using sp_configure but how can I look it up in the "master" backup?
The only way to do that is to copy regularly some views from master database (in fact mssqlsystemresources db) into a newly designed database and compare it.
Everytime you will query sys.configurations, the data will be retrieved from the actual system database...
I'm using SQL Server 2016 and in the SQL Server Agent event log, I have thousands of error's with the following message:
Date 26/12/2019 3:47:06 PM
Log SQL Server Agent (Current - 16/12/2019 4:28:00 PM)
Message
[442] BCryptDecrypt failed (-1073741762).
I can't find anything that relates to this error and there doesn't seem to be anything wrong that I can see except for the message - does anyone know what it is and how I could potentially fix it?
Thank you
I found the issue.
We use to use managed backups to Azure blob for our DB's - we canned this method for our on prem servers and went another path - however when we swapped over we didn't disable managed backups on the server and we deleted our storage account within Azure. This in return was throwing these weird errors up.
You can't disable managed backup's on your DB's if your storage account in Azure is gone - i had to recreate the storage account with the same naming convention and recreate the blob - update the SAS key in your credentials - then you can disable managed backups.
Hope this helps others.
The generic problem is as listed here SQL Maintenance Cleanup Task Working but Not Deleting but no solutions applicable. Environment: Windows Server 2012R2, AD DS (with policies of course), RDSH/TS Licensing, 1C-server. The primary problem is SQL Server generating insane amount of events per backup plan run, recording a pair of 18456+17052 errors per file to delete. Errors are as follows:
17052: [Microsoft][SQL Server Native Client 11.0][SQL Server]Login failed for user 'DOMAIN\mssql_srv'
18456: Reason: Could not find a login matching the name provided. [CLIENT: 192.168.x.x] (matches localhost)
Given that each pair of errors appears once per file to delete (there are about 6000 files already!), the algorithm looks like this:
First, backup plan task runs xp_delete_file, it enumerates all the files in target folder;
Second, each file is deleted by creating a separate connection to machine with service's credentials;
Each connection fails due to whatever restrictions default DC policy applies, generating the pair of events. Of course the file remains in place.
The workaround is of course assign file delete task to a local script run as system, for example, but the very reason of why does SQL server fail to delete a file remains unknown. Permissions have been checked and verified that both SQL Server Agent and SQL Server service accounts have full control to the folder.
It turned out that this "login missing" is not a Windows login, but rather SQL "login" which was not present for the service account. So I needed to create a "DOMAIN\mssql_srv" login in SSMS, give it "public" access rights and voila, files started to get deleted properly. The reason is explained in comment:
If it's T-SQL step and job owner is member of sysadmin server role, the step is executed under service account.
I am trying to set up a merge replication using web synchronization between a publishing SQL Server 2012 standard and subscribing SQL Server 2012 Express. After following the instructions provided at Technet, I am stuck on this:
Source: Merge Process(Web Sync Server)
Number: -2147200985
Message: The subscription to publication 'MyMergePublication' has expired or does not exist.
I already verified that SSL certification are good, that I can browse to the publishing machine's URL https:\\mycomputer\replisapi.dll and get the expected output. I already verified that snapshot was set up and I took a giant hammer & use an administrator account to run the pool identity which is really bad security-wise but wanted to validate that it was not security that was tripping me up.
To further the mystery, when I try and fail to sync, the publisher acknowledges that a new subscriber has been registered, but it cannot get the snapshot at all and thus subscriber database is still empty.
On the replication monitor, there are no failed synchronization history, or any errors; all it has to say is that the subscriber is uninitialized, and no more.
Turning up the verbosity of the merge agent, I saw some sql being executed and tried replicating the sql and i found this was failing with same error:
{call sys.sp_MSgetreplicainfo(?,?,?,?,?,?,?,90)}
I called it with only the 3 mandatory parameters supplied and it would fail. That is despite the prior call sp_helpmergepublication does return a row for that publication. Oddly, the content of sp_helpmergepublication does not match what I configured for the subscription (e.g. it says web url is null when viewing the properties correctly shows the web url being set). Not sure that is significant.
The content of sp_MSgetreplicainfo contains a call to another system sprocs that I cannot run for some reason (says not found) so I'm not sure what is actually going on here.
Any clues would be greatly appreciated.
I have two databases, production and stage. I am getting the error message in the title of this post when I click "Database Diagrams" for production, but on stage I don't get an error.
I've researched this message, and I've found posts such as this:
Link
They pretty much say to change the owner of my database to sa. I'm not convinced this is the issue, though, because both production and stage databases have the same owner (not sa), but I only get this error for production.
Does anyone else know how else to resolve this error message?
both production and stage databases
have the same owner (not sa), but I
only get this error for production.
That usually is the very source of the problem: a database created on one machine is restored on a different machine where the SID of the original creator is no longer valid. Change the owner to a valid one:
ALTER AUTHORIZATION ON DATABASE::[<dbname>] TO sa;
I received this error. In my case, I had existing Diagrams but could not view them on account of this error. I remembered that I had changed the name of the server a week or so ago. After renaming the computer, SQL Server (2012) apparently correctly began using the correct underlying local user object in the Logins section of Security. So, from appearances, the database had a valid owner. But the name of the security account wasn't changed - the username of the owner was correctly localputer\localuser but the SQL account name was local-puter\localuser (the original name of the server). I renamed the account name to localputer\localuser and everything went back to normal. I did not need to issue an ALTER AUTH ON DB.