为什么SQL Server无法使用SQL Server连接器连接到Azure密钥库 [英] Why is SQL server unable to connect to Azure key vault using SQL Server connector
问题描述
我正在尝试使用TDE加密Azure VM中的SQL Server数据库,其中EKM将使用Azure密钥保管库.我一直在遵循以下链接中概述的步骤.
I am trying to encrypt sql server database in Azure VM using TDE where the EKM will use Azure Key vault. I have been following the steps outlined in below link.
我已经严格按照所有步骤进行操作,包括以下步骤,我们需要为SECRET(不带连字符+ Azure保管库密钥的应用程序ID)提供值.
I have followed all the steps exactly including the below step where we need to provide value for SECRET (Application ID without hyphens+ Azure vault key).
USE master;
CREATE CREDENTIAL sysadmin_ekm_cred
WITH IDENTITY = 'keyvaultname',
SECRET =
'ef509ab6e52649388e65283e9378b0a171ccf2d0a8004abbbaaf93ab8f5909c0'
FOR CRYPTOGRAPHIC PROVIDER AzureKeyVault_EKM_Prov;
尝试在以下代码下运行时出现以下错误
I get following error when trying to run below code
CREATE ASYMMETRIC KEY CONTOSO_KEY
FROM PROVIDER [AzureKeyVault_EKM_Prov]
WITH PROVIDER_KEY_NAME = 'Azurevaultkeyname',
CREATION_DISPOSITION = OPEN_EXISTING;
33028州第1行第14行的消息 无法打开加密提供程序"AzureKeyVault_EKM_Prov"的会话.提供程序错误代码:3303.(提供程序错误-没有可用的解释,有关详细信息,请咨询EKM提供程序.)
Msg 33028, Level 16, State 1, Line 14 Cannot open session for cryptographic provider 'AzureKeyVault_EKM_Prov'. Provider error code: 3303. (Provider Error - No explanation is available, consult EKM Provider for details)
请让我知道如何解决它.
Please let me know how to fix it.
推荐答案
我遇到了类似的问题,提供程序尝试创建注册表项,但是没有创建权限,因此失败.尝试从此博客
I ran into a similar issue, the provider tries to create a registry key but doesn't have permissions to do so, therefore it fails. Try the following steps taken from this blogpost
打开注册表编辑器
- 导航到HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft
- 创建一个名为"SQL Server加密提供程序"的新密钥(不带引号)
- 右键单击该键,从上下文菜单中选择权限".
- 将此键的完全控制"权限授予Windows服务帐户 运行SQL Server
- Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft
- Create a new Key called "SQL Server Cryptographic Provider" (without quotes)
- Right click the key, from the context menu select ‘permissions.
- Give Full Control permissions to this key to the Windows service account that runs SQL Server
这篇关于为什么SQL Server无法使用SQL Server连接器连接到Azure密钥库的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
