Why is SQL server unable to connect to Azure key v

2019-08-17 18:16发布

站内问答 / 后端开发
1557 1 4

I am trying to encrypt sql server database in Azure VM using TDE where the EKM will use Azure Key vault. I have been following the steps outlined in below link.

setup steps for EKM using Azure Key Vault

I have followed all the steps exactly including the below step where we need to provide value for SECRET (Application ID without hyphens+ Azure vault key).

USE master;  
CREATE CREDENTIAL sysadmin_ekm_cred   
    WITH IDENTITY = 'keyvaultname',  
    SECRET = 
 'ef509ab6e52649388e65283e9378b0a171ccf2d0a8004abbbaaf93ab8f5909c0'   
  FOR CRYPTOGRAPHIC PROVIDER AzureKeyVault_EKM_Prov;

I get following error when trying to run below code

CREATE ASYMMETRIC KEY CONTOSO_KEY   
FROM PROVIDER [AzureKeyVault_EKM_Prov]  
WITH PROVIDER_KEY_NAME = 'Azurevaultkeyname',  
CREATION_DISPOSITION = OPEN_EXISTING;

Msg 33028, Level 16, State 1, Line 14 Cannot open session for cryptographic provider 'AzureKeyVault_EKM_Prov'. Provider error code: 3303. (Provider Error - No explanation is available, consult EKM Provider for details)

Please let me know how to fix it.

1条回答
萌系小妹纸
2楼-- · 2019-08-17 18:27

I ran into a similar issue, the provider tries to create a registry key but doesn't have permissions to do so, therefore it fails. Try the following steps taken from this blogpost

Open regedit

  1. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft
  2. Create a new Key called “SQL Server Cryptographic Provider” (without quotes)
  3. Right click the key, from the context menu select ‘permissions.
  4. Give Full Control permissions to this key to the Windows service account that runs SQL Server
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)