Symptoms
Assume that you have enabled Transparent Data Encryption (TDE) in a database in Microsoft SQL Server 2016. You restart the SQL Server service for the instance hosting the database before the initial TDE encryption scan is completed, and then you notice the resumed encryption scan may be canceled and will not progress unless you manually start the service by running the following statement:
ALTER DATABASE yourPartiallyEncrypteDB SET ENCRYPTION ON
Cause
The encryption scan task cancellation occurs because it can't run normally until the startup process of the database is completed. However, the encryption scan task waits for the startup process for only two seconds. Accordingly, if the time-out is exceeded, the encryption task will be silently canceled.
Note This fix increases the time-out to 20 seconds. You can use the percent_complete of the sys.dm_database_encryption_keys to monitor whether the encryption task is making any progress.
Status
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Resolution
This issue is fixed in the following cumulative update for SQL Server:
About cumulative updates for SQL Server:
Each new cumulative update for SQL Server contains all the hotfixes and all the security fixes that were included with the previous cumulative update. Check out the latest cumulative updates for SQL Server:
References
Learn about the terminology that Microsoft uses to describe software updates.