 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
SQL Server Forum / General / Security / October 2006An error occurred during decryption
I have a 2 node cluster that I recently installed. During the installation, node 2 was active. After the installation of SQL 2005 and the SP1, I added some linked servers that use SQL authentication. When I fail over to node 1, I get the following error: An error occurred during decryption. On all of my linked servers. If I fail back, everything works great. I have these same linked servers on several other non-clustered machines and they work fine. Is this possible a service master key issue? Could be. Can you post the error from the errorlog, including a few lines before and after it, for context? You can remove sensitive information like IP addresses or account names - I just need to see the error number, state, and message. Thanks  SignatureLaurentiu Cristofor [MSFT] Software Development Engineer SQL Server Engine http://blogs.msdn.com/lcris/ This posting is provided "AS IS" with no warranties, and confers no rights. >I have a 2 node cluster that I recently installed. During the installation, > node 2 was active. After the installation of SQL 2005 and the SP1, I added [quoted text clipped - 8 lines] > these same linked servers on several other non-clustered machines and they > work fine. Is this possible a service master key issue? this is a few lines of the log file. 10/20/2006 01:17:05,spid9s,Unknown,Starting up database 'tempdb'. 10/20/2006 01:17:05,spid9s,Unknown,Clearing tempdb database. 10/20/2006 01:17:05,spid9s,Unknown,Starting up database 'model'. 10/20/2006 01:17:05,spid5s,Unknown,The NETBIOS name of the local node that is running the server is 'SRVLWDSQL1'. This is an informational message only. No user action is required. 10/20/2006 01:17:05,spid5s,Unknown,Server name is 'SQLSERVER'. This is an informational message only. No user action is required. 10/20/2006 01:17:05,spid5s,Unknown,An error occurred during decryption. 10/20/2006 01:17:05,spid5s,Unknown,Error: 15466<c/> Severity: 16<c/> State: 1. 10/20/2006 01:17:05,spid5s,Unknown,Starting up database 'mssqlsystemresource'. 10/20/2006 01:17:05,spid5s,Unknown,SQL Trace ID 1 was started by login "sa". > Could be. Can you post the error from the errorlog, including a few lines > before and after it, for context? You can remove sensitive information like [quoted text clipped - 15 lines] > > these same linked servers on several other non-clustered machines and they > > work fine. Is this possible a service master key issue? I read your blog on the Service Master Key (SMK). One other question I have is what is encrypted by the SMK? If I regenerate the key and/or force the regeneration of the key, what data am I at risk of losing? I would assume SQL login passwords and other database master keys. Anything else? I am just wondering what I may need to recreate if I need to regenerate the key. > Could be. Can you post the error from the errorlog, including a few lines > before and after it, for context? You can remove sensitive information like [quoted text clipped - 15 lines] > > these same linked servers on several other non-clustered machines and they > > work fine. Is this possible a service master key issue? It does look like an error with the service master key decryption. Have you copied your master database from another instance or performed any changes to your installation before starting to see this? I wrote a post on this exact topic on my blog. See http://blogs.msdn.com/lcris/archive/2006/04/10/572678.aspx. Also, I am not clear of what you mean by linked servers and how do they relate to your clustered installation and encryption. Can you elaborate on your setup? Thanks SignatureLaurentiu Cristofor [MSFT] Software Development Engineer SQL Server Engine http://blogs.msdn.com/lcris/ This posting is provided "AS IS" with no warranties, and confers no rights. >I read your blog on the Service Master Key (SMK). One other question I have > is what is encrypted by the SMK? If I regenerate the key and/or force the [quoted text clipped - 28 lines] >> > they >> > work fine. Is this possible a service master key issue? The issue that I am seeing on my cluster is any linked servers using sql authentication created on NodeA fail when I move over to NodeB. They work fine when I fail back to NodeA. The error I get is: An error occurred during decryption That is really the only link between the cluster and linked server. This error occured both during an upgrade of the server and a new server installation. Before I regenerate the key, I just want to know how destructive the regenerate could be. Anything that I may need to recreate, I want to have scripted before my maintenance window starts. > It does look like an error with the service master key decryption. Have you > copied your master database from another instance or performed any changes [quoted text clipped - 41 lines] > >> > they > >> > work fine. Is this possible a service master key issue? Are your nodes running under the same service account? They should be, but I'd like to double check. To confirm that the error happens with the service master key (SMK), run ALTER SERVICE MASTER KEY REGENERATE. This is safe - it will fail if it detects any problem, so you can use it as a quick SMK integrity check. The service master key encrypts credentials (CREATE CREDENTIAL), linked server login passwords, and database master keys (DbMK). You can loose the first two if you FORCE regenerate the SMK, but you should still be able to recover your DbMKs using their password encryption. This was explained in the post I referred you to. However, if things work on NodeA but not on NodeB, the problem is not with the SMK. It looks like something is wrong with your cluster configuration and the key cannot be recovered after failover. If what I told you so far doesn't help, I suggest that you open a feedback report at http://connect.microsoft.com/site/sitehome.aspx?SiteID=68 and provide us with more details about your configuration. Also request that the report be assigned to me. Thanks SignatureLaurentiu Cristofor [MSFT] Software Development Engineer SQL Server Engine http://blogs.msdn.com/lcris/ This posting is provided "AS IS" with no warranties, and confers no rights. > The issue that I am seeing on my cluster is any linked servers using sql > authentication created on NodeA fail when I move over to NodeB. They work [quoted text clipped - 64 lines] >> >> > they >> >> > work fine. Is this possible a service master key issue? The ALTER SERVICE MASTER KEY REGENERATE command worked. No errors, no warnings no issues with linked servers. However, I started experiencing other issues after the failover. After a few hours of looking, it appeared the second node did not receive the SP1 update. I know this is a different topic so I will start a new discussion if I can’t find any resolution. Thanks for you help. > Are your nodes running under the same service account? They should be, but > I'd like to double check. [quoted text clipped - 87 lines] > >> >> > they > >> >> > work fine. Is this possible a service master key issue? |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.