Wednesday, 7 June 2017

How to restore TDE eanabled database

Create a database master key and certificate in the master database.

USE master;
CREATE MASTER KEY
ENCRYPTION BY PASSWORD = 'j3uwgq#)hqI*2';
GO
OPEN MASTER KEY DECRYPTION BY PASSWORD = 'j3uwgq#)hqI*2';

USE master;
CREATE CERTIFICATE TDECert
WITH SUBJECT = 'TDE Certificate'
GO

Create a backup of the server certificate in the master database.

BACKUP MASTER KEY TO FILE = 'c:\temp\exportedmasterkey'
ENCRYPTION BY PASSWORD = 'j3uwgq#)hqI*2';

Enable the TDE on user Database

use dbname
CREATE DATABASE ENCRYPTION KEY
WITH ALGORITHM = AES_256
ENCRYPTION BY SERVER CERTIFICATE TDECert
GO

ALTER DATABASE skyProduction
SET ENCRYPTION ON
GO
SELECT [name], is_encrypted FROM sys.databases
GO

Backup the Encryption key

USE master
GO
BACKUP CERTIFICATE TDECert
TO FILE = 'C:\temp\dbcert.cer'
WITH PRIVATE KEY (FILE = 'C:\dbcert_Key.pvk' ,
ENCRYPTION BY PASSWORD = 'j3tt4IL!2' )
GO

-- Use to check status
USE master
GO

SELECT * FROM sys.certificates

-- encryption_state = 3 is encrypted
SELECT * FROM sys.dm_database_encryption_keys
WHERE encryption_state = 3;

SELECT *
FROM sys.dm_database_encryption_keys;

SELECT * FROM sys.databases

--- Restore database on other machine (Decrypt the Database)

--1. Create the Master Key on Target server (Password need not be same)

USE master
GO
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'j3uwgq#)hqI*2'

--2. After a master key has been created, create a certificate by importing the certificate we created earlier (Take the Backup of the certificate).
--Here the ‘Decryption By Password’ parameter is same as that of source server.

CREATE CERTIFICATE TDECert
FROM FILE = 'E:\Backup\Production Server keys\dbCerts\dbcert.cer'
WITH PRIVATE KEY (FILE = 'E:\Backup\Production Server keys\dbCerts\dbcert_Key.pvk',
DECRYPTION BY PASSWORD = 'j3uwgq#)hqI*2')

--3. Restore the database as regular.

Using SQL Server Management Studio

Create a database master key and certificate in the master database. For more information, see Using Transact-SQL below.
Create a backup of the server certificate in the master database. For more information, see Using Transact-SQL below.
In Object Explorer, right-click the Databases folder and select New Database.
In the New Database dialog box, in the Database name box, enter the name of the new database.
In the Owner box, enter the name of the new database's owner. Alternately, click the ellipsis (…) to open the Select Database Owner dialog box. For more information on creating a new database, see Create a Database.
In Object Explorer, click the plus sign to expand the Databases folder.
Right-click the database you created, point to Tasks, and select Manage Database Encryption.

The following options are available on the Manage Database Encryption dialog box.

Encryption Algorithm
Displays or sets the algorithm to use for database encryption. AES128 is the default algorithm. This field cannot be blank. For more information on encryption algorithms, see Choose an Encryption Algorithm.

Use server certificate
Sets the encryption to be secured by a certificate. Select one from the list. If you do not have the VIEW DEFINITION permission on server certificates, this list will be empty. If a certificate method of encryption is selected, this value cannot be empty. For more information about certificates, see .

Use server asymmetric key
Sets the encryption to be secured by an asymmetric key. Only available asymmetric keys are displayed. Only an asymmetric key protected by an EKM module can encrypt a database using TDE.

Set Database Encryption On
Alters the database to turn on (checked) or turn off (unchecked) TDE.
When finished, click OK.

Database Mail Issue with .Net Framework 3

We all know how to configure the database mail on SQL server and troubleshoot for any error. Below are some of the common issues and trouble shoot methods.

Install .NET Framework 3 to make the Database engine to work.

One of the rarest issue faced with SQL server database Mail is, problem with .Net Framework 3. If server is not installed with .Net Framework 3, database mail may not work at all.

Troubleshooting Database Mail: General steps

Troubleshooting Database Mail involves checking the following general areas of the Database Mail system. These procedures are presented in a logical order, but can be evaluated in any order.

To determine if Database Mail is enabled

In SQL Server Management Studio, connect to an instance of SQL Server by using a query editor window, and then execute the following code:
sp_configure 'show advanced', 1; GO RECONFIGURE; GO sp_configure; GO
In the results pane, confirm that the run_value for Database Mail XPs is set to 1.

If the run_value is not 1, Database Mail is not enabled. Database Mail is not automatically enabled to reduce the number of features available for attack by a malicious user. For more information, see Understanding Surface Area Configuration.
If you decide that it is appropriate to enable Database Mail, execute the following code:
sp_configure 'Database Mail XPs', 1; GO RECONFIGURE; GO
To restore the sp_configure procedure to its default state, which does not show advanced options, execute the following code:
sp_configure 'show advanced', 0; GO RECONFIGURE; GO

To determine if users are properly configured to send Database Mail

To send Database Mail, users must be a member of the DatabaseMailUserRole. Members of the sysadmin fixed server role and msdbdb_owner role are automatically members of the DatabaseMailUserRole role. To list all other members of the DatabaseMailUserRole execute the following statement:
EXEC msdb.sys.sp_helprolemember 'DatabaseMailUserRole';

To add users to the DatabaseMailUserRole role, use the following statement:

sp_addrolemember @rolename = 'DatabaseMailUserRole'
   ,@membername = '<database user>';

To send Database Mail, users must have access to at least one Database Mail profile. To list the users (principals) and the profiles to which they have access, execute the following statement.
EXEC msdb.dbo.sysmail_help_principalprofile_sp;
Use the Database Mail Configuration Wizard to create profiles and grant access to profiles to users.

To confirm that the Database Mail is started

The Database Mail External Program is activated when there are e-mail messages to be processed. When there have been no messages to send for the specified time-out period, the program exits. To confirm the Database Mail activation is started, execute the following statement.
EXEC msdb.dbo.sysmail_help_status_sp;
If the Database Mail activation is not started, execute the following statement to start it:
EXEC msdb.dbo.sysmail_start_sp;
If the Database Mail external program is started, check the status of the mail queue with the following statement:
EXEC msdb.dbo.sysmail_help_queue_sp @queue_type = 'mail';
The mail queue should have the state of RECEIVES_OCCURRING. The status queue may vary from moment to moment. If the mail queue state is not RECEIVES_OCCURRING, try stopping the queue using sysmail_stop_sp and then starting the queue using sysmail_start_sp.

Note
Use the length column in the result set of sysmail_help_queue_sp to determine the number of e-mails in the Mail queue.

To determine if problems with Database Mail affect all accounts in a profile or only some accounts

If you have determined that some but not all profiles can send mail, then you may have problems with the Database Mail accounts used by the problem profiles. To determine which accounts are successful in sending mail, execute the following statement:
SELECT sent_account_id, sent_date FROM msdb.dbo.sysmail_sentitems;
If a profile which is not working does not use any of the accounts listed, then it is possible that all the accounts available to the profile are not working properly. To test individual accounts, use the Database Mail Configuration Wizard to create a new profile with a single account, and then use the Send Test E-Mail dialog box to send mail using the new account.
To view the error messages returned by Database Mail, execute the following statement:
SELECT * FROM msdb.dbo.sysmail_event_log;

Note
Database Mail considers mail to be sent, when it is successfully delivered to a SMTP mail server. Subsequent errors, such as an invalid recipient e-mail address, can still prevent mail from being delivered, but will not be contained in the Database Mail log.

To configure Database Mail to retry mail delivery

If you have determined that the Database Mail is failing because the SMTP server cannot be reliably reached, you may be able to increase your successful mail delivery rate by increasing the number of times Database Mail attempts to send each message. Start the Database Mail Configuration Wizard, and select the View or change system parameters option. Alternatively, you can associate more accounts to the profile so upon failover from the primary account, Database Mail will use the failover account to send e-mails.
On the Configure System Parameters page, the default values of 5 times for the Account Retry Attempts and 60 seconds for the Account Retry Delay means that message delivery will fail if the SMTP server cannot be reached in 5 minutes. Increase these parameters to lengthen the amount of time before message deliver fails.

A Myth - Truncate and Drop operation can't be rolled Back

We all know Delete is a DML command and it can be rolled back bu using it in the transaction.
But always we have heard, read, practiced and believed to be a MYTH that Truncate and Drop operation can't be rolled Back. But in reality these two operations can also be rolled back and yes it is against to the RDBMS concept itself.

Follow the below steps to witness this.

1. Create a table

Use AdventureWorks2012

CREATE TABLE [dbo].[Drop_test](
[id] [int] NOT NULL,
[name] [varchar](100) NULL
) ON [PRIMARY]

GO

2. Insert a dummy data

Insert into [dbo].[Drop_test]
values (1, 'a')

3. Check the row count

select * from [dbo].[Drop_test]

4. Truncate the table by using it within a transaction.

begin tran

truncate table [dbo].[Drop_test]

--commit tran

Check the row count

select * from [dbo].[Drop_test]

6. Roll Back the transaction and you can get back all the data which was deleted.

Rollback tran

7. Same steps can be used to verify the Drop Table operation.

begin tran

drop table [dbo].[Drop_test]

ROllback tran

SQL Install Setup disappear when installing SQL Server

We might come across a situation where SQL installation setup will disappear during the installation process. This might be because of many reasons, one such I faced is incomplete uninstall of prevision SQL Server on the machine.

I encountered an error in the middle of the fresh installation of SQL Server 2012 version, which was asking to reboot the machine. Later continued till the end and error out without installing the SQL Database engine. It is always a good practice to clean up previous SQL files before installing the new one and I did it. But during the next installation started facing the issue. After the acceptance of License and agreement, Setup was disappearing without any error message. I checked the installation logs in Bootstrap folder and Temp folder. couldn't find any proper information about the strange behavior of SQL server. Later I found the below solution in google.

Here’s what you need to do:

Click on start->run and type %temp% and press enter (basically, go to the temp folder)
Here, look for SQLSetup.log and SQLSetup_1.log. Open the SQLSetup_1.log file. In there, check for the following messages:04/16/2012 17:16:47.950 Error: Failed to launch process
04/16/2012 17:16:47.952 Error: Failed to launch local setup100.exe: 0x80070003

Typically, you get this error only in SQL 2008, SQL 2008 R2, SQL 2012 and SQL 2014. The steps are slightly different for all 4, and I’ve tried to outline them here.

Warning: These steps involve modification of the windows registry, a highly sensitive component of the Operating System. Before proceeding, please ensure you take a complete backup of the registry.

SQL Server 2008

1. Save the following in a text file, change the extension to .reg, double-click on the file, and on the prompt that appears, select yes to populate the registry:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftMicrosoft SQL Server100Bootstrap]
“BootstrapDir”=”C:\\Program Files\\Microsoft SQL Server\\100\\Setup Bootstrap\\”

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\100\Bootstrap\Setup]
“PatchLevel”=”10.0.1600.22”

2. Next, copy the following files and folders from the media to the specified destinations:

File/Folder in media	Destination
X64/X86 (depending on what architecture you want to install)	C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release
Setup.exe	C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release
Setup.rll	C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\Resources\1033

Next, re-run the setup, and it should proceed beyond the point of error this time.

SQL Server 2008 R2

1. Save the following in a text file, change the extension to .reg, double-click on the file, and on the prompt that appears, select yes to populate the registry:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\100\Bootstrap]
“BootstrapDir”=”C:\\Program Files\\Microsoft SQL Server\\100\\Setup Bootstrap\\”

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\100\Bootstrap\Setup]
“PatchLevel”=”10.50.1600.00”

2. Next, copy the following files and folders from the media to the specified destinations:

File/Folder in media	Destination
X64/X86 folder (depending on what architecture you want to install)	C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\SQLServer2008R2
Setup.exe	C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\SQLServer2008R2
Resources folder	C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\SQLServer2008R2

Next, re-run the setup, and it should proceed beyond the point of error this time.

SQL Server 2012

1. Save the following in a text file, change the extension to .reg, double-click on the file, and on the prompt that appears, select yes to populate the registry:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\110\Bootstrap]
“BootstrapDir”=”C:\\Program Files\\Microsoft SQL Server\\110\\Setup Bootstrap\\”

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\110\Bootstrap\Setup]
“PatchLevel”=”11.00.2100.60”

2. Next, copy the following files and folders from the media to the specified destinations:

File/Folder in media	Destination
X64/X86 folder (depending on what architecture you want to install)	C:\Program Files\Microsoft SQL Server\110\Setup Bootstrap\SQLServer2012
Setup.exe	C:\Program Files\Microsoft SQL Server\110\Setup Bootstrap\SQLServer2012
Resources folder	C:\Program Files\Microsoft SQL Server\110\Setup Bootstrap\SQLServer2012

Next, re-run the setup, and it should proceed beyond the point of error this time.

SQL Server 2014

1. Save the following in a text file, change the extension to .reg, double-click on the file, and on the prompt that appears, select yes to populate the registry:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\110\Bootstrap]
“BootstrapDir”=”C:\\Program Files\\Microsoft SQL Server\\120\\Setup Bootstrap\\”

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftMicrosoft SQL Server120BootstrapSetup]
“PatchLevel”=”12.00.2000.80”

2. Next, copy the following files and folders from the media to the specified destinations:

File/Folder in media	Destination
X64/X86 folder (depending on what architecture you want to install)	C:\Program Files\Microsoft SQL Server\120\Setup Bootstrap\SQLServer2014
Setup.exe	C:\Program Files\Microsoft SQL Server\120\Setup Bootstrap\SQLServer2014
Resources folder	C:\Program Files\Microsoft SQL Server\120\Setup Bootstrap\SQLServer2014

Next, re-run the setup, and it should proceed beyond the point of error this time.