Re: An error occurred during decryption

The ALTER SERVICE MASTER KEY REGENERATE command worked. No errors, no
warnings no issues with linked servers. However, I started experiencing other
issues after the failover. After a few hours of looking, it appeared the
second node did not receive the SP1 update. I know this is a different topic
so I will start a new discussion if I can’t find any resolution.

Thanks for you help.


"Laurentiu Cristofor [MSFT]" wrote:

Are your nodes running under the same service account? They should be, but
I'd like to double check.

To confirm that the error happens with the service master key (SMK), run
ALTER SERVICE MASTER KEY REGENERATE. This is safe - it will fail if it
detects any problem, so you can use it as a quick SMK integrity check.

The service master key encrypts credentials (CREATE CREDENTIAL), linked
server login passwords, and database master keys (DbMK). You can loose the
first two if you FORCE regenerate the SMK, but you should still be able to
recover your DbMKs using their password encryption. This was explained in
the post I referred you to.

However, if things work on NodeA but not on NodeB, the problem is not with
the SMK. It looks like something is wrong with your cluster configuration
and the key cannot be recovered after failover. If what I told you so far
doesn't help, I suggest that you open a feedback report at
http://connect.microsoft.com/site/sitehome.aspx?SiteID=68 and provide us
with more details about your configuration. Also request that the report be
assigned to me.

Thanks

--
Laurentiu Cristofor [MSFT]
Software Development Engineer
SQL Server Engine
http://blogs.msdn.com/lcris/

This posting is provided "AS IS" with no warranties, and confers no rights.

"Dave B" <DaveB@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:CE0975B0-FD47-4193-B485-7EED618C20E7@xxxxxxxxxxxxxxxx
The issue that I am seeing on my cluster is any linked servers using sql
authentication created on NodeA fail when I move over to NodeB. They work
fine when I fail back to NodeA. The error I get is:

An error occurred during decryption

That is really the only link between the cluster and linked server. This
error occured both during an upgrade of the server and a new server
installation. Before I regenerate the key, I just want to know how
destructive the regenerate could be. Anything that I may need to recreate,
I
want to have scripted before my maintenance window starts.


"Laurentiu Cristofor [MSFT]" wrote:

It does look like an error with the service master key decryption. Have
you
copied your master database from another instance or performed any
changes
to your installation before starting to see this?

I wrote a post on this exact topic on my blog. See
http://blogs.msdn.com/lcris/archive/2006/04/10/572678.aspx.

Also, I am not clear of what you mean by linked servers and how do they
relate to your clustered installation and encryption. Can you elaborate
on
your setup?

Thanks

--
Laurentiu Cristofor [MSFT]
Software Development Engineer
SQL Server Engine
http://blogs.msdn.com/lcris/

This posting is provided "AS IS" with no warranties, and confers no
rights.

"Dave B" <DaveB@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:123435F7-6631-4C05-B5CD-CA50884DCB64@xxxxxxxxxxxxxxxx
I read your blog on the Service Master Key (SMK). One other question I
have
is what is encrypted by the SMK? If I regenerate the key and/or force
the
regeneration of the key, what data am I at risk of losing? I would
assume
SQL
login passwords and other database master keys. Anything else? I am
just
wondering what I may need to recreate if I need to regenerate the key.

"Laurentiu Cristofor [MSFT]" wrote:

Could be. Can you post the error from the errorlog, including a few
lines
before and after it, for context? You can remove sensitive information
like
IP addresses or account names - I just need to see the error number,
state,
and message.

Thanks

--
Laurentiu Cristofor [MSFT]
Software Development Engineer
SQL Server Engine
http://blogs.msdn.com/lcris/

This posting is provided "AS IS" with no warranties, and confers no
rights.

"Dave B" <DaveB@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:535415A4-4727-4652-82DC-401A3FD74D00@xxxxxxxxxxxxxxxx
I have a 2 node cluster that I recently installed. During the
installation,
node 2 was active. After the installation of SQL 2005 and the SP1, I
added
some linked servers that use SQL authentication. When I fail over to
node
1,
I get the following error:

An error occurred during decryption.

On all of my linked servers. If I fail back, everything works great.
I
have
these same linked servers on several other non-clustered machines
and
they
work fine. Is this possible a service master key issue?











.