DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 2692145 - Last Review: November 22, 2012 - Revision: 3.2

On This Page

Symptoms

Assume that you regularly turn encryption on and off on a database and also regularly change the encryption keys on the database in SQL Server 2012. In this scenario, the database might not be encrypted when you turn on encryption. If you change the encryption keys, an assertion might occur.

Cause

This issue occurs because, if a database encryption key (DEK) is not in an encrypted state and the key is changed, the next update of the key copies the key part of the DEK, but it does not copy the setting the encryption state correctly.

In SQL Server 2012, after a decryption scan, the DEK in the file control block (FCB) header is kept, and the DEK is removed only when the key is dropped.  When encryption is turned off, there is a key change, and then you try to turn on the encryption, the dynamic management view (DMV) shows that encryption completed. However, the encryption scan is not performed and the pages are left not encrypted.

Resolution

Cumulative update information

SQL Server 2012

The fix for this issue was first released in Cumulative Update 1. For more information about how to obtain this cumulative update package for SQL Server 2012, click the following article number to view the article in the Microsoft Knowledge Base:
2679368  (http://support.microsoft.com/kb/2679368/ ) Cumulative Update package 1 for SQL Server 2012
Note Because the builds are cumulative, each new fix release contains all the hotfixes and all the security fixes that were included with the previous SQL Server 2012 fix release. We recommend that you consider applying the most recent fix release that contains this hotfix. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
2692828  (http://support.microsoft.com/kb/2692828/ ) The SQL Server 2012 builds that were released after SQL Server 2012 was released

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

Workaround

To work around this issue, drop the encryption key every time you turn encryption off on a database.

More information

Call stack information
FCB::InitializeReencryptionScan ntdbms\storeng\dfs\manager\fcb.cpp 8407
FCB::ReencryptFile ntdbms\storeng\dfs\manager\fcb.cpp 8934
AsynchronousDiskAction::DoReencryptFile ntdbms\storeng\dfs\manager\asyncdp.cpp 810
AsynchronousDiskAction::ExecuteDeferredAction ntdbms\storeng\dfs\manager\asyncdp.cpp 1203
AsynchronousDiskPool::ProcessActions ntdbms\storeng\dfs\manager\asyncdp.cpp 2252
AsynchronousDiskWorker::ThreadRoutine ntdbms\storeng\dfs\manager\asyncdp.cpp 3120
SubprocEntrypoint ntdbms\storeng\dfs\process\subproc.cpp 444
SOS_Task::Param::Execute e:\sql11_main_t\sql\common\dk\sos\include\sos.inl 8564
SOS_Scheduler::RunTask e:\sql11_main_t\sql\common\dk\sos\src\scheduler.cpp 976
SOS_Scheduler::ProcessTasks e:\sql11_main_t\sql\common\dk\sos\src\scheduler.cpp 852
SchedulerManager::WorkerEntryPoint e:\sql11_main_t\sql\common\dk\sos\src\node.cpp 1809
SystemThread::RunWorker e:\sql11_main_t\sql\common\dk\sos\include\worker.inl 823
SystemThreadDispatcher::ProcessWorker e:\sql11_main_t\sql\common\dk\sos\src\node.cpp 449
Assert in FCB::InitializeReencryptionScan in file fcb.cpp @ 8407
Expression: a_dbDEK->GetDbeState () == CSECDEK::x_dbe_DecryptionInProgress || a_dbDEK->GetDbeState () == CSECDEK::x_dbe_EncryptionInProgress

Applies to
  • SQL Server 2012 Enterprise Core
  • Microsoft SQL Server 2012 Developer
  • Microsoft SQL Server 2012 Enterprise
  • Microsoft SQL Server 2012 Express
  • Microsoft SQL Server 2012 Standard
  • Microsoft SQL Server 2012 Web
Keywords: 
kbtshoot kbqfe kbfix kbexpertiseadvanced kbsurveynew KB2692145
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support