Microsoft Knowledge Base Article
This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved.
Terms
of Use |
Trademarks
Article ID: 914261 - Last Review: March 8, 2006 - Revision: 1.1
Error message when you run the ALTER SERVICE MASTER KEY REGENERATE statement in SQL Server 2005: "The current master key cannot be decrypted"
When you run the ALTER SERVICE MASTER KEY REGENERATE Transact-SQL statement in Microsoft SQL Server 2005, you may receive the following error message:
The current master key cannot be decrypted. If this is a database master key, you should attempt to open it in the session before performing this operation. The FORCE option can be used to ignore this error and continue the operation but the data encrypted by the old master key will be lost.
This problem occurs because there is no existing service master key for the instance of SQL Server 2005. The ALTER SERVICE MASTER KEY statement is used to change a service master key that already exists. If the service master key does not already exist, the server returns an error. The REGENERATE option tells SQL Server to re-create the service master key. Before the server creates a new service master key, the server must first use the old service master key to decrypt all the keys that were encrypted by using the old service master key. The server then creates a new service master key and uses it to encrypt the decrypted keys. If there is no service master key, SQL Server cannot complete the regeneration process, and you may receive the error message.
Warning Only use the following workaround if no service master key has ever been created for the instance of SQL Server 2005.
To work around this problem, add the FORCE option to the ALTER SERVICE MASTER KEY REGENERATE Transact-SQL statement. The FORCE option causes the key regeneration process to continue even if the process cannot retrieve the current master key.
This behavior is by design.
The service master key is automatically generated the first time that it must be used to encrypt a linked server password, a credential, or a database master key. Therefore, an instance of SQL Server 2005 may not have a service master key.
For more information about the service master key, visit the following Microsoft Developer Network (MSDN) Web site:
For more information about the ALTER SERVICE MASTER KEY REGENERATE Transact-SQL statement, visit the following MSDN Web site:
APPLIES TO
- Microsoft SQL Server 2005 Standard Edition
- Microsoft SQL Server 2005 Workgroup Edition
- Microsoft SQL Server 2005 Developer Edition
- Microsoft SQL Server 2005 Enterprise Edition
| kbsql2005engine kbexpertiseadvanced kbtshoot kbprb KB914261 |
Community Feedback System
Very often, it takes hours to solve a problem. Very often, you've looked high
and low, and have tried a lot of solutions. When you finally found it, chances
are, it was because someone else helped you. Here's your chance to give back.
Use our community feedback tool to let others know what worked for you and what
didn't.
Please also understand that the community feedback system is not warranted to be
correct, it's simply a system that we've built to let people try and help each
other. If something in a feedback response doesn't make sense to you, or you're
not comfortable making changes that the feedback talks about (like registry
edits), please consult a professional.
Thank you for using kbAlertz.com Feedback System.
-- Scott Cate