Private bytes keep increasing when you encrypt data on SQL Server on Windows 10, version 1607, Windows Server 2016, Window 8.1 or Windows Server 2012 R2

Applies to: Windows 8.1 EnterpriseWindows 8.1Windows 8.1 Pro More

This article describes an issue when you encrypt data on Microsoft SQL Server on Windows 10, version 1607, Windows Server 2016, Window 8.1 or Windows Server 2012 R2. A hotfix is available to resolve this issue. The hotfix has a prerequisite.

Symptoms


Assume that you encrypt data on a SQL Server that is running on Windows 10, version 1607, Windows Server 2016, Window 8.1, Windows RT 8.1, or Windows Server 2012 R2. Multiple open key operations occur in one SQL Server connection. In this situation, you notice that the Private (KB) and Working Set (KB) columns for SQL Server keep increasing in the Resource Monitor.

Cause


This issue occurs because of an issue inside the rsaenh.dll file, version 6.3.9600.16384. SQL Server internally uses Cryptography Next Generation (CNG) functions to manage data encryption. If you use the VMMAP tool, take an analysis of the process or collect Xperf data with heap tracing, you would see that most memory consumption is accounted from the default heap. 
This issue would only occur if in SQL Server if you use data encryption by using a symmetric key that uses a certificate, and then you execute queries that open and close the symmetric key in a recursive loop on a Windows Server 2016 or Windows Server 2012 R2-based computer. 

Resolution


To resolve this issue for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2, install update rollup 2975719, or get the standalone package for this update tbhrough the Microsoft Update Catalog website.

To resolve this issue for Windows 10, version 1607 or Windows Server 2016, install update rollup 4284833.

Update information

Prerequisites

To apply this update for Windows 8.1, Windows RT 8.1, or Windows Server 2012 R2, you must first install the update 2919355. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

2919355 Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 Update: April 2014

Registry information

To use the hotfix in this package, you do not have to make any changes to the registry.

Restart requirement

You have to restart the computer after you apply this update.

Update replacement information

This update does not replace a previously released update.


Workaround


To work around this issue, encrypt the SYMMETRIC key by using a password instead of a certificate.

Status


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More Information


For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates