Why is SQL server unable to connect to Azure key vault using SQL Server connector

你离开我真会死。 提交于 2019-12-11 16:10:24

问题


I am trying to encrypt sql server database in Azure VM using TDE where the EKM will use Azure Key vault. I have been following the steps outlined in below link.

setup steps for EKM using Azure Key Vault

I have followed all the steps exactly including the below step where we need to provide value for SECRET (Application ID without hyphens+ Azure vault key).

USE master;  
CREATE CREDENTIAL sysadmin_ekm_cred   
    WITH IDENTITY = 'keyvaultname',  
    SECRET = 
 'ef509ab6e52649388e65283e9378b0a171ccf2d0a8004abbbaaf93ab8f5909c0'   
  FOR CRYPTOGRAPHIC PROVIDER AzureKeyVault_EKM_Prov; 

I get following error when trying to run below code

CREATE ASYMMETRIC KEY CONTOSO_KEY   
FROM PROVIDER [AzureKeyVault_EKM_Prov]  
WITH PROVIDER_KEY_NAME = 'Azurevaultkeyname',  
CREATION_DISPOSITION = OPEN_EXISTING;

Msg 33028, Level 16, State 1, Line 14 Cannot open session for cryptographic provider 'AzureKeyVault_EKM_Prov'. Provider error code: 3303. (Provider Error - No explanation is available, consult EKM Provider for details)

Please let me know how to fix it.


回答1:


I ran into a similar issue, the provider tries to create a registry key but doesn't have permissions to do so, therefore it fails. Try the following steps taken from this blogpost

Open regedit

  1. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft
  2. Create a new Key called “SQL Server Cryptographic Provider” (without quotes)
  3. Right click the key, from the context menu select ‘permissions.
  4. Give Full Control permissions to this key to the Windows service account that runs SQL Server


来源:https://stackoverflow.com/questions/48517350/why-is-sql-server-unable-to-connect-to-azure-key-vault-using-sql-server-connecto

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!