Transparent Data Encryption added for Log Shipping in SQL Server 2016 and 2017

Applies to: Microsoft SQL Server 2016 Service Pack 1SQL Server 2017 Developer on WindowsSQL Server 2017 Enterprise on Windows


SQL Server enables compression of database backups and log backups. This can be achieved by using either the compression flag in the Backup command or through the sp_configure backup_compression option. For Transparent Data Encryption (TDE)-enabled databases, you must explicitly set the MAXTRANSFERSIZE setting to be greater than 64 KB in the Backup command to achieve effective compression.

Although this limitation can be easily worked around for the Backup command, this cannot be done for backups that are generated through Log Shipping. Log Shipping currently does not provide a way (either through UI or as a command line parameter) to set the MAXTRANSFERSIZE property. In this fix, log shipping internally sets the MAXTRANSFERSIZE to 1 MB so that effective compression can be achieved when a database is enabled for TDE. The MAXTRANSFERSIZE setting is not exposed to log shipping users.

More information

This update is included in the hotfix that is described in the following article:

4099490 On-demand hotfix update package for SQL Server 2016 SP1

Cumulative update for SQL Server:

This issue is fixed in the following cumulative updates for SQL Server:

       Cumulative Update 2 for SQL Server 2016 SP2

       Cumulative Update 10 for SQL Server 2016 SP1        

       Cumulative update 7 for SQL Server 2017