Operational Defect Database
BugZero found this defect 3387 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
Veeam | kb2006
Restoring Encrypted Databases with Veeam Explorer for Microsoft SQL Server
Last update date:
9/8/2023
Affected products:
Veeam Backup & Replication
Affected releases:
8.0
Fixed releases:
No fixed releases provided.
Description:
Challenge
Restoring an encrypted database with Veeam Explorer for Microsoft SQL Server fails with one of the following errors: Cannot find server certificate with thumbprint '<hex code>' Transparent Data Encryption is not available in the edition of this SQL Server instance. You are unable to check “Perform restore to the specific transaction” because of this error: Fine tuning is not available (certificate “<certificate name>” does not exist on the target SQL Server).
Cause
For export scenarios and restoring to the state before a selected transaction, Veeam Explorer for Microsoft SQL Server uses a staging server. This staging server must support and be able to read the encrypted database. For it to read the encrypted database, you must first restore the certificate protecting the Database Encryption Key. See System Requirements for Veeam Explorer for Microsoft SQL Server for more information on the staging server. Note: Transparent Data Encryption requires Standard or Enterprise edition of Microsoft SQL Server; this also applies to the staging server. If you are not exporting or restoring to a specific transaction, but you are restoring to a different SQL Server instance than the one the database was backed up from, the error means that the restore target SQL Server cannot read the encrypted database. You must restore the certificate to the SQL Server before restoring the database.
Solution
Identify Certificate You can identify the required certificate by the data listed in the error message or by the certificate name and serial number displayed in Veeam Explorer for Microsoft SQL Server:
More Information
Example: For example, if the Database Info indicates the required certificate name is MyServerCert: USE master CREATE CERTIFICATE MyServerCert FROM FILE ='C:\backups\certificate.cer' WITH PRIVATE KEY(FILE='c:\backups\myservercertprivatekey', DECRYPTION BY PASSWORD='StrongPassword1234!');
