Operational Defect Database

BugZero found this defect 3353 days ago.

Veeam | kb2006

Restoring Encrypted Databases with Veeam Explorer for Microsoft SQL Server

Last update date:


Affected products:

Veeam Backup & Replication

Affected releases:


Fixed releases:

No fixed releases provided.



Restoring an encrypted database with Veeam Explorer for Microsoft SQL Server fails with one of the following errors: Cannot find server certificate with thumbprint '<hex code>' Transparent Data Encryption is not available in the edition of this SQL Server instance. You are unable to check “Perform restore to the specific transaction” because of this error: Fine tuning is not available (certificate “<certificate name>” does not exist on the target SQL Server).


For export scenarios and restoring to the state before a selected transaction, Veeam Explorer for Microsoft SQL Server uses a staging server. This staging server must support and be able to read the encrypted database. For it to read the encrypted database, you must first restore the certificate protecting the Database Encryption Key. See System Requirements for Veeam Explorer for Microsoft SQL Server for more information on the staging server. Note: Transparent Data Encryption requires Standard or Enterprise edition of Microsoft SQL Server; this also applies to the staging server.   If you are not exporting or restoring to a specific transaction, but you are restoring to a different SQL Server instance than the one the database was backed up from, the error means that the restore target SQL Server cannot read the encrypted database. You must restore the certificate to the SQL Server before restoring the database.


Identify Certificate You can identify the required certificate by the data listed in the error message or by the certificate name and serial number displayed in Veeam Explorer for Microsoft SQL Server:

More Information

Example: For example, if the Database Info indicates the required certificate name is MyServerCert: USE master CREATE CERTIFICATE MyServerCert FROM FILE ='C:\backups\certificate.cer' WITH PRIVATE KEY(FILE='c:\backups\myservercertprivatekey', DECRYPTION BY PASSWORD='StrongPassword1234!');

Additional Resources / Links


BugZero® Risk Score

What's this?

Coming soon




Do you know how much operational outages are costing you?

Understand the cost to your business and how BugZero can help you reduce those costs.

Have you ever...

had your data corrupted from a