FIX: Error occurs when the Database Encryption Key is longer than 3,456 bits in SQL Server 2016

Applies to: SQL Server 2016 DeveloperSQL Server 2016 EnterpriseSQL Server 2016 Enterprise Core More

Symptoms


You create a Database Encryption Key (DEK) that is longer than 3,456 bits on an instance of Microsoft SQL Server 2016. If you enable Transparent Database Encryption (TDE) by using this DEK, an error entry that resembles the following is logged in the SQL Server error log:

Cause


This problem occurs because SQL Server does not throw an error message to indicate that a DEK that has a length that is greater than 3,456 bits is not supported.

Resolution


This problem is fixed in the following update for SQL Server:

Cumulative Update 11 for SQL Server 2016 Service Pack 1

Note After you apply this fix, and then you try to create a DEK that is longer than 3,456 bits, the attempt is unsuccessful, and you receive the following error message:

 

Status


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

References


Learn about the terminology Microsoft uses to describe software updates.