3

I'm trying to setup a new Always Encrypted database using Azure Key Vault (I have previously had this working). In the SSMS Always Encrypted Wizard I can select the table and column to encrypt but I have a problem after selecting "Azure Key Vault" as the key store provider. I login and the window briefly pops up the dropdown that correctly lists my Key Vault in Azure but then it immediately goes away and has a warning triangle with the word "Purge" next to it and a "Try Again" button.Always Encrypted Error

Clicking "Details" shows:enter image description here

Any ideas what this means and how to get the wizard to complete?

I have tried this on 2 different installations of SQL 2016 with same result and using SSMS from different machines.

I know it says "We experienced issues in connecting to Azure" but since it is logging in and listing (briefly) my key vault what could the connection issue be?

Thanks.

Portion of details

===================================

We experienced issues in connecting to Azure (We experienced issues in connecting to Azure)

===================================

Purge (Microsoft.SqlServer.Management.ServiceManagement)

Program Location:

at Microsoft.SqlServer.Management.ServiceManagement.ResourceManagement.AzureKeyVaultKeyPermissionEnumConverter.ReadJson(JsonReader reader, Type objectType, Object existingValue, JsonSerializer serializer) at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.DeserializeConvertable(JsonConverter converter, JsonReader reader, Type objectType, Object existingValue) at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.PopulateList(IList list, JsonReader reader, JsonArrayContract contract, JsonProperty containerProperty, String id) at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateList(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, Object existingValue, String id)

Adding SSMS Version details here: Microsoft SQL Server Management Studio 13.0.16106.4 Microsoft Analysis Services Client Tools 13.0.1700.441 Microsoft Data Access Components (MDAC) 10.0.15063.0 Microsoft MSXML 3.0 4.0 6.0 Microsoft Internet Explorer 9.11.15063.0 Microsoft .NET Framework 4.0.30319.42000 Operating System 6.3.15063

Al.
  • 73
  • 1
  • 6
  • 1
    Hi there, what version of SSMS are you using? – Nikhil Vithlani - Microsoft Jun 20 '17 at 16:19
  • I've tried 13.0.16106.4 and 13.0.16000.28.... Here are details from primary one... Microsoft SQL Server Management Studio 13.0.16106.4 Microsoft Analysis Services Client Tools 13.0.1700.441 Microsoft Data Access Components (MDAC) 10.0.15063.0 Microsoft MSXML 3.0 4.0 6.0 Microsoft Internet Explorer 9.11.15063.0 Microsoft .NET Framework 4.0.30319.42000 Operating System 6.3.15063 – Al. Jun 20 '17 at 19:53
  • Please track this link for a proper fix, https://connect.microsoft.com/SQLServer/Feedback/Details/3136481 – Nikhil Vithlani - Microsoft Jul 10 '17 at 15:17

1 Answers1

2

I was able workaround this by creating the KEY in the vault, scripting out the CREATE COLUMN MASTER KEY referencing the key's full version ID from the vault, creating a COLUMN ENCRYPTION KEY using the UI then use the Always Encrypted wizard to encrypt the designated columns with the appropriate keys.

H Boyce
  • 1,073
  • 8
  • 15
  • Thanks, that appears to work. The script to create the column master key is: CREATE COLUMN MASTER KEY MyCMK WITH ( KEY_STORE_PROVIDER_NAME = N'AZURE_KEY_VAULT', KEY_PATH = N'https://xxxxxx.vault.azure.net/keys/yyyyyyy/8e5czzzzzzzzzze5be8c7371e3abcf37'); The UI still seems to get confused and sometimes will leave the purge error up and sometimes leave the bottom area blank (after selecting "MyCMK" from the dropdown. – Al. Jul 03 '17 at 19:19
  • Yes , Works for me too ! But after Creating the CMK.i selected the MyCMK in drop down and proceed to next then i'm getting the Error as **Unknown external data source type** What will be the cause ? – Jayendran Jul 06 '17 at 09:55