Post reply

Netbackup Restore - Encrypted Database

  • January 22, 2015 at 1:34 pm

    #302498

    Hello - I am working with a storage admin to recover an encrypted database using netbackup. (The storage admin runs netbackup, not me)

    It is SQL2K8R2, I encrypted the database on my source server, created a BAK, a certificate and private key.

    I copied the files to the destination folder and added the certificate.

    CREATE CERTIFICATE TDECert

    FROM FILE = 'D:\SQLDBA\TDE20150121\TDECERT_TDE_20150121.cer'

    WITH PRIVATE KEY (FILE = 'D:\SQLDBA\TDE20150121\TDECERT_TDE_20150121.pvk',

    DECRYPTION BY PASSWORD = 'Fakepassword3!')

    I was able to restore successfully on my destination server from a BAK file.

    If I want to restore from Netbackup, do I need to refer to the certificate again? The storage admin is getting an error (fingerprint does not match the certificate)

    I can see the certificate in the master database in SSMS - I don't understand why Netbackup would have to reference the certificate if it is already there. Am I misunderstanding or is the error with Netbackup?

    Any help is appreciated.

    Thanks

    Dave

  • January 22, 2015 at 2:06 pm

    #1772402

    the cert should only require creating once, is this a backup of the same database or another?

    Has the cert changed on the source server maybe and now doesn't match the target?

    -----------------------------------------------------------------------------------------------------------

    "Ya can't make an omelette without breaking just a few eggs" 😉

  • January 23, 2015 at 8:06 am

    #1772654

    Hello - we did try and name the database differently on the destination server - but I think we also tried naming it the same - I'm meeting with the storage admin later today to try the process again from step 1. The error message refers to a "thumbprint" which makes me think of the certificate - but how could the certificate be OK when doing my regular SQL backup then not OK for Netbackup? The certificate didn't change and it is already in the master database. Thanks for your response - I'll try to share my results later.

    Thanks

    Dave

Viewing 3 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply