Knowledge Base

Search Knowledge Base

KB #240102: Encrypted Databases not accessible




Your encrypted SQL databases are not accessible after you have started SQL Server. There are numerous reasons this might be the case. This article lists some myriad reasons and how to diagnose and resolve.

Additional Information:

You have encrypted your database, but you are not able to access it via SQL Server. You will typically see either “Torn Page..” error or a “I/O inconsistency..” error when SQL has tried to load the encrypted database.Below are some of the reasons that you might not be able to access the encrypted databases.

  • The SQL instance is not secured or has not been restarted since you secured the instance. You can run the Administration Wizard to determine the Secured state of a SQL instance. If the state of the SQL instance says “Unsecured”, you must run the Admin Wizard to set the Encryptionizer server key(s) and options. If the state says “Secured/Restart”, you must restart the SQL instance in order for the Encryptionizer keys to load.
  • The database was encrypted with a key that does not match one of the keys entered in the Administration Wizard when you secured the SQL instance. In order for a SQL instance to load an encrypted database, the key with which you encrypted the database must match exactly one of the keys entered in the Admin Wizard – algorithm, key length and passphrase. If the encrypted database does not match the Admin Wizard keys, Encryptionizer cannot open the encrypted database file and SQL cannot recognize the database files as valid. Use the fn_n_codelvl Encryptionizer API to determine if you have a match. More information can be found in the Whole Database User Guide (PDF) installed with your software (found in the install directory)
  • Your Registration key has expired or is invalid. If the Encryptionizer Registration key is not valid (it may be a temporary or evlauation registration key) the Encryptionizer drivers will not load and your encrypted databases are not accessible. If you run the reg3.exe or reg2.exe program found in your NetLib install directory, it will display the registration key name. If it has the words “Temp” or “Exp” in it, it is likely an expiring registration key. If you start the NetLib Main Menu program, you will be presented with an expired registration key message. These are all tips that you registration key may have expired. Contact tech support for a new Temporary Registration key or information on how to request a Permanent Registration key for your installation.
  • The NetLib Key Management Service is not running. You will find this service in the Services Management Console. It must be running at the time that your secured SQL instance starts or your database will not come online
  • You are using a Remote Profile (profile stored in alternate location) and there is an issue. See KB240040: Cannot start SQL Server or encrypted database is inaccessible when profile is on a remote machine
  • You have specified that the Master must be encrypted when you secured the instance, but the Master is not encrypted. The Encryptionizer Key Management Service (KMS) will not deliver the encryption key to the instance unless the “master must” rule is satisfied. The Master must be encrypted and it must be encrypted with a key that matches one of the keys specified in the Admin Wizard.

Related Topics:

240040: Cannot start SQL Server or encrypted database is inaccessible when profile is on a remote machine

240091: NLCBTASK Service fails to start with error “The system cannot find the file specified”

240085: SQL will not start – related articles

240084: SQL will not start. The System cannot find the file specified

Last modified: 1/28/2016