Commvault SQL TDE Configuration on Standy node problems.

  • 19 September 2023
  • 1 reply

Badge +6

Following the rather vague process at Enabling Transparent Data Encryption (TDE) on an Existing CommServe LiveSync Setup ( for enabling TDE on a LiveSync configuration.

Using the process here How to configure Transparent Data Encryption (TDE) in SQL Server ( on the Primary CommServe it’s a relatively simple task to generate a Master Password, Cert, Encryption key and apply it on all Commvault databases AFTER turning off LiveSync.

Copy the Cert to the secondary CommServe, and using same process after recreating the cert in SQL and Encryption keys apply encryption to “some” of the CommVault databases. However 4 Databases including the CommServ database are in the “Restoring” state and encryption cannot be applied to them. 

I believe they are in the "Restoring" state due to the log shipping configuration?

Only way to do so was run the RESTORE DATABASE [CommServ] WITH RECOVERY to change the state of the Database and then apply the encryption settings. 

Problem is that after turning LiveSync back on replication will not work properly and failover to the Standby also fails as the database syncronisation in the process hangs. A forceUnplanned works (with data loss) and can then successfully fail back to the Primary node and all is well.  The 4 Standby databases resume the “restoring” state.

What gives? There has to be a better way!




1 reply

Userlevel 3
Badge +8

Hi @Glenno,

Enabling TDE should work fine. However, I would recommend you to raise a support case to review this further.