Symptoms

Assume that you have enabled Transparent Data Encryption (TDE) in a database in Microsoft SQL Server 2016. You restart the SQL Server service for the instance hosting the database before the initial TDE encryption scan is completed, and then you notice the resumed encryption scan may be canceled and will not progress unless you manually start the service by running the following statement:

ALTER DATABASE yourPartiallyEncrypteDB SET ENCRYPTION ON

Cause

The encryption scan task cancellation occurs because it can't run normally until the startup process of the database is completed. However, the encryption scan task waits for the startup process for only two seconds. Accordingly, if the time-out is exceeded, the encryption task will be silently canceled.

Note This fix increases the time-out to 20 seconds.  You can use the percent_complete of the sys.dm_database_encryption_keys to monitor whether the encryption task is making any progress.

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

Resolution

This issue is fixed in the following cumulative update for SQL Server:

About cumulative updates for SQL Server:

Each new cumulative update for SQL Server contains all the hotfixes and all the security fixes that were included with the previous cumulative update. Check out the latest cumulative updates for SQL Server:

References

Learn about the terminology that Microsoft uses to describe software updates.

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

What affected your experience?

Thank you for your feedback!

×