Symptoms

Assume that you have some Transparent Data Encryption (TDE) databases that are encrypted by using Extensible Key Management (EKM) provider in Microsoft SQL Server 2012 or SQL Server 2014. When you run high load insert query on an unstable network connection, you find that TDE database becomes unavailable and shows "recovery pending" state. You receive the following errors:

<Date> <Time> spid1s Cannot open session for cryptographic provider ‘<EKM Provider name>’. Provider error code: 5. (Authentication Failure - Consult EKM Provider for details)
<Date> <Time> spid125 Error: 9001, Severity: 21, State: 1.
<Date> <Time> spid125 The log for database '<DB name>' is not available. Check the event log for related error messages. Resolve any errors and restart the database.
<Date> <Time> spid125 During undoing of a logged operation in database ‘<DB name>’, an error occurred at log record ID (1183:136:350). Typically, the specific failure is logged previously as an error in the Windows Event Log service. Restore the database or file from a backup, or repair the database.
<Date> <Time> spid62 Database <DB name> was shutdown due to error 3314 in routine 'XdesRMReadWrite::RollbackToLsn'. Restart for non-snapshot databases will be attempted after all connections to the database are aborted.


Each new cumulative update for SQL Server contains all the hotfixes and all the security fixes that were included with the previous cumulative update. Check out the latest cumulative updates for SQL Server:


Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

What affected your experience?

Thank you for your feedback!

×