[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 615
  • Last Modified:

SQL Server 2008

Hi,

We have disabled TDE and dropped Certificates/Master for few servers then the backups have been executed successfully except one server due to below error.

“Cannot find server certificate with thumbprint '0x0CE1D924785C160413399D79FD3594E158129976'..

The issue is impacting backup failure for server and it is not impacting application/data retrivel.

Again After dropping certificate, we have reviewed the following steps successfully but the problem persists.

-- SELECT name, database_id, is_encrypted FROM sys.databases
This query will return all of the databases in your instance and reflect the encryption status. The value of "1" in the is_encrypted column indicates that TDE is enabled. A value of "0" indicates that TDE is not enabled.

--SELECT * FROM master.sys.certificates
This query will return the server certificates that have been created in the MASTER database. Upon execution of the DROP CERTIFICATE command the server certificate will no longer appear.

-- SELECT * FROM master.sys.symmetric_keys

This query will return the Database Master Keys (DMK) that have been created in the MASTER database. Upon execution of the DROP MASTER KEY command the DMK will no longer appear.
-- SELECT * FROM sys.dm_database_encryption_keys
This query will return all Database Encryption Keys (DEK) that have been created in your instance. Upon execution of the DROP DATABASE ENCRYPTION KEY command the DEK for the target database will no longer appear. If there are no other databases with TDE enabled on the instance, a restart of the instance will remove the DEK for the TEMPDB.

-- Query any table in the target database to show that data is successfully returned.

SQL Server version Details:

Microsoft SQL Server 2008 (SP1) - 10.0.2573.0 (X64)   Feb  4 2011 11:27:06   Copyright (c) 1988-2008 Microsoft Corporation  Enterprise Edition (64-bit) on Windows NT 6.0 <X64> (Build 6002: Service Pack 2)

Please help to resolve the issue.

Thanks,
Chandra
0
Chandra Mohan Kanithi
Asked:
Chandra Mohan Kanithi
  • 2
1 Solution
 
Kent DyerIT Security Analyst SeniorCommented:
Question - why did you pull the certificate in the first place?  Was it expired?  It sounds like your certificate store may need to be repaired.  However, I would be absolutely sure your cert in question is not expired or set to expire.
0
 
Chandra Mohan KanithiPrincipal Consultant - DatabaseAuthor Commented:
Here the issue is we are unable to take backup of database after dropped the certificate and disabled the TDE.

Could you please solution for certification set to expire.
0
 
Chandra Mohan KanithiPrincipal Consultant - DatabaseAuthor Commented:
No, the certificate was not expired. As part of decryption, we had to remove the certificate. After that, backup won't work anymore. When the system was restarted SAP won't come up until the certificate was recreated.

Please help us.

Thanks,
Chandra
0
 
Aaron ShiloChief Database ArchitectCommented:
hi

The fix for this issue was first released in Cumulative Update 1 for SQL Server 2008 Service Pack 2. For more information about this cumulative update package, click the following article number to view the article in the Microsoft Knowledge Base:
2289254 Cumulative update 1 for SQL Server 2008 Service Pack 2
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now