Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Encrypted Databases with AlwaysOn Availability Groups

Encrypted Databases with AlwaysOn Availability Groups (SQL Server)

Topic Status: Some information in this topic is preview and subject to change in future releases. Preview information describes new features or changes to existing features in Microsoft SQL Server 2016 Community Technology Preview 2 (CTP2).

This topic contains information about the using currently encrypted or recently decrypted databases with AlwaysOn Availability Groups in SQL Server 2016.

In this Topic:

  • If a database is encrypted or even contains a Database Encryption Key (DEK), you cannot use the New Availability Group Wizard or Add Database to Availability Group Wizard to add the database to an availability group. Even if an encrypted database has been decrypted, its log backups might contain encrypted data. In this case, full initial data synchronization could fail on the database. This is because the restore log operation might require the certificate that was used by the database encryption keys (DEKs), and that certificate might be unavailable.

    To make a decrypted database eligible to add to an availability group using the wizard:

    1. Create a log backup of the primary database.

    2. Create a full database backup of the primary database.

    3. Restore the database backup on the server instance that hosts the secondary replica.

    4. Create a new log backup from primary database.

    5. Restore this log backup on the secondary database.

Arrow icon used with Back to Top link [Top]

Community Additions

© 2015 Microsoft