Revisiting restoring database after disabling TDE and removing the certificate

Published 29 May 10 06:59 PM | MartinBell

I thought I would take another look at this issue which I talked about nearly a year ago in the my blog post here and see if anything had changed since my original post and the arrival of R2.

Unfortunately the answer is no! It is still a bit of a mess and you are allowed to drop certificates that have dependent database encryption keys (DEKs). Therefore always make sure that you remove a DEK after TDE has been disabled.

A check of the DMV sys.dm_database_encryption_keys should also be added to your checklist of things to do go over when you take on a new system (if it isn’t on the list already!).

This is another reason why you should regularly check your backups are restorable (remember, you are not going to know until the end of the restore process that there are problems).

Filed under:


No Comments

This Blog

SQL Blogs