An alternative to this is to use a symmetric key created by a certificate instead of a password which is protected by the DMK, and then simply backup and restore that certificate on all replicas to enable encrypted databases to be joined to the AG with relative ease. Once this is done, take a new backup use that to join the secondary in the AG, providing the password when prompted. Backup the DMK to this location if possible as well, so that you can recover the DMK if need be. Once this has been done, record the new DMK password in a safe place, like a password safe. If you don't know the password, you need to go back to the live server and alter the DMK password: ALTER MASTER KEY REGENERATE WITH ENCRYPTION BY PASSWORD = '#' Your situation sounds similar to adding SSISDB to an AlwaysOn AG, in that a password protected DMK exists on the database, and so you must provide that password in order for the DB to be restored and accessible on the other replica. The screenshots show a backup of the service master key for the instance but that is not the same as the database master key that the AAG wizard is asking for. Maybe I will have to regenerate the master key. I don't have the decryption password for that master key backup file - above pic How can I restore those databases only having a backup of the master key in the original server? What do I need to restore an encrypted MSSQL database? I haven't got the decryption password for that master key backup file I have a backup of the master key in the original live server. I don't have the master key for that live server - the server where the databases come from.
When then adding then to the availability group I get this message below, for a couple of them.
Then I backup all these databases to a network share to make them ready for being added to the availability group.
I generated all the restores from live and restored them to this new server. While setting up AlwaysOn - Availability Group on a test system,
0 kommentar(er)
