TDE encryption backup

We have a database that is encrypted using TDE. We made a backup of this database and gave it to our clients who then need to restore the database to their server. How do I do this knowing TDE is enabled? I have the pvk and cer files from our server, but
not sure what the process is. can anyone help?

Restoring a TDE Encrypted Database to a Different Server or Location
Restoring a database to a different SQL Instance is usually a straightforward task. However, this attempt will return an error as shown below for an encrypted database when restoring into a different instance.
USE [master]
RESTORE DATABASE [TDE_restore] FROM
DISK = N'C:\Backup\TDE_Enabled.bak'
WITH FILE = 1, NOUNLOAD, REPLACE, STATS = 5
Output:
Msg 33111, Level 16, State 3, Line 2
Cannot find server certificate with thumbprint..
Msg 3013, Level 16, State 3, Line 2
RESTORE DATABASE is terminating abnormally
To restore successfully, we will need to physically copy the certificate (.cer) and private key (.pvk) to the destination server. As a best practice, we should immediately back up the certificate and the private key when we enable TDE. However, we can still
take backup the certificate and private key now in the source server as shown below if not done earlier.
USE master;
GO
BACKUP CERTIFICATE TDECert1
TO FILE = 'E:\Backup\certificate_TDE_Test_Certificate.cer'
WITH PRIVATE KEY
(FILE = 'E:\Backup\certificate_TDE_Test_Key.pvk',
ENCRYPTION BY PASSWORD = 'Password12#')
Create a Master Key in destination server.
The password provided here is different from the one we used in the source server since we are creating a new master key for this server.
USE master
GO
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'D1ffPa$$w0rd'
After a master key has been created, create a certificate by importing the certificate we created earlier. Here the ‘Decryption By Password’ parameter is same as that provided to export the certificate to a file.
CREATE CERTIFICATE TDECert2
FROM FILE = 'E:\cert_Backups\ certificate_TDE_Test_Certificate.cer'
WITH PRIVATE KEY (FILE = 'E:\cert_Backups\certificate_TDE_Test_Key.pvk',
DECRYPTION BY PASSWORD = 'Password12#')
Restore Database in destination server
We will now be able to restore the encrypted database backup successfully.
USE [master]
RESTORE DATABASE [TDE_Test] FROM DISK = N'F:\Backup\TDE_Test_withtde.bak'
WITH FILE = 1, NOUNLOAD, REPLACE, STATS = 5
Raju Rasagounder Sr MSSQL DBA

Similar Messages

  • I forgot to setup a password for my encrypted backup using iTunes

    I was trying to back up my iphone4 using encrypted backup, but i forgot to setup a password. Now, i am trying to restore my iphone from this encrypted backup, but i don't know the password. I did not setup a password, is there a default password ?

    The backup encryption passcode has nothing to do with locking a user out of their backup.
    If the encryption passcode has been forgotten, nothing can be done.  There is no reset for the encryption passcode.
    Delete the backup and create a new one.

  • Encrypted backups problem

    I have a problem that I can't make any sense of...
    Reproduced on 2 PC's and 2 different iPhones.  PC's are windows 7 and have never had itunes installed.  Phones (3GS) have never been sync'd with itunes anywhere.  Setting that up now so that I can take a backup to migrate to new 4S phones.  I install itunes and authorize the PC for my apple store account (AppleID), then connect the phone.  The "encrypt backups" option is checked by default.  If I try to uncheck it it asks for a password - I have never set one, this is a fresh install.  No backups have ever been done.  I can right click the device and choose "backup", and it does take a backup.  When I try to restore it to the 4S it asks for the password.  I have never set one.  I uninstalled and reinstalled itunes, and repeated the exercise on another PC.  Same deal.  "encrypt" is checked by default and needs a password to turn it off, but I have never set one.
    I have tried the lock code for the phone, the apple id password, the passwords of every email service on the phone, and the windows password.  None work.  I have tried about 500 other random words but nothing works.  If I go into iTunes preferences/devices it does not show any existing backups as being present.
    So, I cant turn off encryption, and I cant restore any backups that I take.
    Anyone got any suggestions?  It makes no sense to me at all.
    Thanks

    From this support document http://support.apple.com/kb/ht4946
    iTunes and encrypted backups
    In the iTunes Summary screen, select "Encrypt iPhone backup" if you want to encrypt the information stored on your computer when iTunes makes a backup. Encrypted backups are indicated by a padlock icon, and a password is required to restore the information to iPhone. You may want to write down the password for your backup and store it in a safe place. If you use a Mac, when you set a password you can select to store the password in the keychain. With iOS 4 and later, you can transfer the iOS keychain backup to a new device if you encrypt the backup.
    Warning: If you encrypt an iPhone backup in iTunes and then forget your password, you will not be able to restore from backup and your data will be unrecoverable. If you forget the password, you can continue to back up and use the device, however you will not be able to restore the encrypted backup to any device without the password. You do not need to enter the password for your backup each time you back up or sync.
    If you cannot remember the password and want to start again, you must perform a full software restore and when iTunes prompts you to select the backup from which to restore, choose set up as a new device.

  • Password for encrypted backup on Time Capsule never asked

    Hello,
    My system is Mac OS 10.8.3 on a MacBook Pro.
    I do encrypted backups with Time Machine on a Time Capsule.
    I wonder why I am never asked the password I chose when encrypting for the first time, especially when I do "Enter Time Machine".
    As a comparison, I also have external disks formatted as "Mac OS Extended (Journaled, Encrypted)".
    When I connect such an external disk to my laptop, before it is mounted I am asked the password I chose when formatting, which sounds good.
    Thanks

    When you originally set up the Time Capsule, you were asked to establish a Time Capsule or Base Station "device" password, which is stored in KeyChain Access on your Mac.
    Rather than have to enter the Time Capsule Base Station device password each time that you access the device, KeyChain Access on your Mac remembers the password and enters it for you when your Mac connects to the Time Capsule.
    If you do not want KeyChain Access to remember your password, and you do want to be asked to enter the password each time that you connect to the Time Capsule disk, then change the password using AirPort Utility and remove the check mark next to "Remember this password in my keychain" in AirPort Utility. Then, click Update to save the new settings.
    It is much easier to let KeyChain Access remember your password on your Mac, but you can do it all manually if you wish.  Remember that other users will not be able to access the Time Capsule disk unless you have given the device password to them.

  • Password for encrypted backup of device

    I need help to change the type of encryption for my iPhone and iPad backups in itunes. I have tried all the passwords I ve used in years and have no clue. Somewhere in Support I found an instruction that did not lead to clearing the password. It did send me to backup to iCloud and do a restoere from there. But this is not what I am trying to acheive. I already was backing up to iCloud. If I need to do a restore from a backup in iTunes on my PC I cannot do it because I cannot provide a correct passowrd for the encrypted backup.
    Can anyone help me with a solution?

    If the user cannot remember the password for the backup, the backup is useless.  There is no way to reset or remove the password requirement.
    If the user did not enable backup encryption, the backup is corrupt.
    In other words, the backup is no good without the password, delete it and move on with life.

  • How to prevent an encrypted backup from being restored to a different device?

    If I force an employee to do an encrypted backup (which I can do with a configuration profile), and that employee is fired. We take back the company iphone, but they go and buy a personal one. They connect the new, personal iphone to itunes and do a restore of the encrypted backup (they know the password) and now they have all the work related stuff on their personal phones. Is there a way to prevent an encrypted back from being restored to a different device id.

    We require encryption of our employee backups as well...and the problem you mention is a real one.....
     If you use Exchange, you could disable Exchange Active Sync to prevent them from subsequently connecting to Exchange Server and getting new data with the new personal device....but you would still have the old data as part of the backup...the other issue is that we've found that the profile is part of the backup and if an employee leaves, even on good terms, if he wants to restore say, his music from the backup without the profile, it becomes quite awkward...the profile would have to be removed, ( which removes everything added with the profile, possible email and wi-fi), then the user could backup music etc  with iTunes, then return the corporate phone to be salvaged or re-deployed...and later put his personal data back on another device without the profile...if there is a way around the issue you bring up I'd like to know of it as well. .  Perhaps there is an MDM with functionality that would help here....that is one great strength of the Blackberry platform..all corporate data can be controlled from the BES server. 

  • Can Time Machine perform encrypted backups for more than one computer to the same external drive?

    I have two MBPs.  The older MBP, with 1TB of storage, now contains two other MBP clones, for a total of 3 user machines on 1 MBP).  I'd like to back up both my newest MBP, and the older MBP with the 2 clones, to my new 5TB drive (via wi-fi).  I want to encrypt these backups, but am unclear whether it is possible.  Does TM first encrypt the drive itself, or is each back up separately encrypted?  I understand that if I wanted to encrypt an existing Time Matters backup on a drive, the prior data would be erased and reformatted, but here I am working with a new backup drive, on which one encrypted backup has been performed.
    I just don't want to overwrite this existing backup (which was for my newest MBP).
    Thanks for whatever help anyone can provide.

    You should have prepared the drive better..
    The drive should have been partitioned. It is possible to load the backups.. but you can get into trouble.
    See http://pondini.org/TM/4.html
    Since partitioning at this point would destroy the existing backup.. the best way is to setup a disk image for each of the other Macbook backups and then mount the disk image and use that for the TM backup..
    Encrypting the drive or the backup.. that is something I avoid.. backups to me are useless if I forget or lose the key.. apple have warned lose the key.. the backup is useless..
    But check pondini FAQ .. you might be able to encrypt a drive image.. or the backup.
    http://pondini.org/TM/FAQ.html
    See Q25 and 31.

  • Drive encrypted using Bitlocker...encrypting backup on Server 2008

    I've seen this topic discussed a few times but with very little real explanation on how to do this. 
    I have several servers for several customers that now must be encrypted.  I've run a few tests with our own internal servers and one user server and the drive encryption goes off without a hitch.
    Encrypting their backups however is still an issue.  Usually they are setup with 2 drives, one on site, one off.  Obviously the one on site is a theft issue so it defeats the purpose of encrypting the server if there is an un-encrypted backup.
    Bit Locker to Go is an R2 feature, isn't it?  Plus when you setup a drive for Windows backup, it formats the drive so is Bitlocker even usable?
    The whole idea of encrypting their drives concerns me because of recovering the data/server after a crash.  We use encrypted online back up but the need to do a bare metal restore is the part that concerns me.  I even thought of adding a third drive to the mix just to be overly redundant(paranoid).
    What is the best way to handle this?  How does it work in the event of a server crash, how do you do a bare metal restore with a bit locker drive?
    Thanks

    You can bitlock a portable drive for Server 2012 R2 backup as follows:
    Using Essentials, the first time you use the drive
    1. Start the dashboard and go to the Storage Tab and select
    Disks
    2. Click on the new drive and add it to the backup. Give it a unique label. Backup will format it and remove the drive letter.
    3. Go to the start screen and start Administrative tools | Computer management
    4. Find Disk Management and scroll down to find your backup disk.
    5. Right click on the disk block and choose Change Drive Letter and Paths.
    Add a drive letter.
    6. Open This PC and right click on your drive. Choose
    Turn on Bitlocker.
    7. Give the disk a password and save or print the key. Choose to encrypt used space only.
    8. When Bitlock finishs encrypting the drive, click on the Manage Bitlocker link at the bottom of the progress screen. Find your disk and click the dropdown arrow. Click on
    Turn on Auto-unlock. (Auto-unlock greatly simplifies swapping disks. However, my experience has been it will not reliably unlock the disk after a restart or power failure. You may have to log in for the disk to be reconnected.)
    9. You can use Disk Manager  as you did before to
    Remove the drive letter. It can be handy for verifying the disk's status or distinguishing multiple disks, but you don't really need it.
    10. Close everything up. You are good to go. After this, the disk can be replaced using the normal procedures for swapping USB drives.

  • How can i turn off encrypted backup file if i do have the passowrd?

    i have a problem with restoring the backup files on my iphone, it shows me an error message of corrupted process. Now i downloaded Dr.fone program in order to extract the backup files but it does not extract encrypted backup. So i need a method for turning off the encryption and please note that i do have the password for that encryption i just need a way to turn it off using the password.
    thanks

    after ive connected the phone to itunes and i click on restore backup a box pops u and says
    Find my iphone must be turned off before 'My Iphone' can be restored.
    Go to icloud settings on you iphone and turn off Find my Iphone before restoring your iphone.
    the first time this came up i went into icloud on my computer and removed the old phone from there but from what ive read it will only be properly removed when the fone gets turned back on.

  • "How to Unlock iPad encrypted Backup -Password When Forgoten?"

    "How to Unlock iPad encrypted Backup -Password When Forgoten?"
    I can't remember my password for the encrypted backup.

    Look at this link http://osxdaily.com/2013/06/26/recover-lost-encrypted-backup-password-ios/
     Cheers, Tom

  • Clicking "encrypt backup disk" crashes Time Machine Preference Pane

    Everytime click "encrypt backup disk" Time Machine Preference Pane crashes on MacOS Lion. I have a 2TB disk partioned into 2x1TB volumes, could this be the problem? Are there any other reaons that might cause the crash?

    It sounds a bit like your backups may be corrupted, and TM is having a tough time figuring out what's on the drive.
    Try doing a +*Repair Disk+* on your TM drive, per #A5 of the Time Machine - Troubleshooting *User Tip* at the top of this forum.
    Then do a "full reset" per #A4 there.

  • HT201250 I've just used an external drive to back up my Mac with Time Machine. I have Lion, but didn't click and check the "Encrypt Backup Disc". What should I do? Can I delete the external drive and start again, or can I encrypt later?

    I've just used an external drive to back up my Mac with Time Machine. I have Lion, but didn't click and check the "Encrypt Backup Disc". What should I do? Can I delete the external drive and start again, or can I encrypt later?

    I guess if stolen or lost it would protect my "stuff", and if I'm travelling would protect my privacy.
    You must understand the purpose and implications of encryption before deciding whether to use it.
    Encryption locks your data with a password. If you forget that password, the data is lost beyond any chance of recovery. Neither Apple nor anyone else will be able to help you recover that data if you don't know the password.
    By the same token, the password must be strong enough to provide the security you want. For example, if you're the potential target of industrial espionage by a government or large corporation, you need the strongest possible password. To create and manage such a password safely is a task in itself, not to be undertaken lightly.
    If you're only concerned about casual snooping by someone with no special skill, a weak, easily-remembered password is appropriate.
    But regardless of the strength of the password, if you lose it, the data is gone forever.
    Another point to remember is that if you encrypt your data on one storage device, you must also encrypt it on all other storage devices that would be accessible to the same attacker. Otherwise the data isn't protected. For example, if you keep your computer and your backup drive in the same room, and the internal drive of the computer is not encrypted, then there's no point in encrypting the backup drive.

  • Restoring and recovering and encrypted backup.

    Hi,
    I'm in the early stages of implementing encryption of RMAN backups using the Oracle Wallet to store the key.
    I don't yet have a box to test the restore on but thought I see if anyone has any experience they can share of restoring and recovering encrypted backups?
    Some questions I have include at what point does the wallet have to be opened during the restore? Is the wallet opened at the NOMOUNT step by the instance?
    Thanks in advance,

    Hi,
    Before dropping a DB we had taken an RMAN backup.I hope you were in mount mode.
    Will RMAN automatically recognize the FORMAT of the backup piece and restore ?No it won't.
    First you have to restore a controlfile in nomount mode with:
    restore controlfile from '/u04/backup/rmanbkp /02mo9fnc_1_1';
    and do alter database mount.
    Than you have to run "catalog start with '/u04/backup/rmanbkp'; " so the instance now knows where to find the pieces.
    Now you can run a restore database command.
    Than open the database with resetlogs.
    Regards,
    Tycho

  • HT1766 how to recover my encrypted backup password

    how to recover my encrypted backup password

    There's no way to recover a password if you forget. If you are using a Mac and you have enabled Keychain to store your password backup, you can use it.
    Otherwise, you can still do backups but to restore from backup you need the password.
    Warning: If you encrypt an iPhone backup in iTunes and then forget your password, you will not be able to restore from backup and your data will be unrecoverable. If you forget the password, you can continue to back up and use the device, however you will not be able to restore the encrypted backup to any device without the password. You do not need to enter the password for your backup each time you back up or sync.
    If you cannot remember the password and want to start again, you must perform a full software restore and when iTunes prompts you to select the backup from which to restore, choose set up as a new device.

  • How to retrive data from encrypted backup(failed in itunes) - i have the password!!

    I know there are other software that may help to retrive the data but it doesn't work with encrypted backup.
    Now i have the password, i have the encrypted backup (failed to recover in itunes).
    What can i do? is it possible to remove the password from the encrypted backup provided that i have the password????

    No, it's not possible.
    What happens when trying to restore the backup via iTunes?  It is entirely possible that the backup is simply corrupted.

Maybe you are looking for

  • Optional date range parameters

    Hi All, I have a 2 parameters from date and to date.When I didn't selected anything in parameters list then it should show all dates data. Please suggest how to create a optional parameter for date range parameters.

  • Windows gaming on Retina display?

    currently i am using Mid 2014 Retina Macbook Pro and i want to port it on another screen with hdmi for gaming. I install Windows 7 64bit and everything works fine. this game forces on 768x1360 and should work great with that screen res, but when i ru

  • My CS4 isn't in my download section

    Morning all, My previously paid editions of Creative Studio are no longer appearing within my download area.  I've had to change my attached email address a few times, due to closing down my original domain but I shouldn't think that this would still

  • Elements 8 .CR2 Issue with 5D Mark III

    I just bought a new Canon 5D Mark III.  I have Elements 8.  I also have an older Canon Rebel XSi.  When I try to import the new .cr2 files from the Mark III into Elements the program is telling me that the files are corrupted.  I know that Elements c

  • How to post goods to unrestricted while doing usage decession in QA32

    Hi Gurus, FG1 - finished SFG - Semi finished RM1 - raw material now i am doing inprocess inspection for SFG, I selected inspection lot in QA32 and clicked Results then i selected usage decession now i want to post this to unrestricted stock and then