June 4, 2015 at 12:41 pm
I have to disable newly implemented database encryption. It's a necessity unfortunately. Can I do this during production hours without much of a hit? I know I have to restart the instance after it's done. Can I expect performance impacts or other issues?
June 5, 2015 at 10:26 am
Hey Guys,
I didn't get an answer here so I'll answer my own question for those of you who are curious. I went ahead and did the decryption last night after hours as I was worried there may be some production impacts. Fortunately there were not. Here are the steps I took with some assistance from this blog post[/url] by Steve Perry,
1. Preemptive Setup
a. Double checked my certificate backups
b. Disabled transaction log backups
c. Disabled backups
2. Ran a backup of the database.
3. Ran the following decryption and progress check
USE MASTER
GO
ALTER DATABASE {Database Name}
SET ENCRYPTION OFF
GO
SELECT * FROM sys.dm_database_encryption_keys
4. After the database was fully decrypted, I ran a drop cert statement
USE {Database Name}
GO
DROP DATABASE ENCRYPTION KEY
GO
5. Restarted the instance
a. apparently, this is only necessary if the decrypted database was the only encrypted DB
6. Ran another Backup
7. Tested backup restore on test server
8. Enabled T-Log backups
9. Turned on Backups
Thankfully, there were no issues, no job failures, etc. I'm assuming if you don't need to restart the instance that you can go ahead and run these steps without issue.
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply