MicrosoftMicrosoftNot sure if te last post got through as I can't see it, but here's the headline.
@Mladen Andzic the PoC I am implementing is to take regular native copy_only backups of multiple databases that are hosted in a Managed Instance, where all the databases are time-aligned (i.e. use PITR to create secondary copies at a point in time, on the MI then backkup those secondary copies). We have 3 Managed Instances, one for each country that is supported. Each uses its own TDE key.
(For development work) I have a copy of SQL Server 2022 on my laptop. When I want to restore a database from region A, I run a script which creates credentials using the SQL Server Azure EKM provider to reference the appropriate key vault. The DBA user is altered to be associated with the just-created credential.
At the point of creating an asymmetric key using:
CREATE ASYMMETRIC KEY [$(TDEHostname)_ekm_login_key]
FROM PROVIDER [$(KeyvaultProviderName)]
WITH PROVIDER_KEY_NAME = '$(TDEHostname)-sqlmi'
,CREATION_DISPOSITION = OPEN_EXISTING
;
one of two errors will be generated:
Msg 33049, Level 16, State 2, Line 116
Key with name 'xxx' does not exist in the provider or access is denied. Provider error code: 3113. (Provider Error - No explanation is available, consult EKM Provider for details)
This may be a problem in Azure (permissions etc.) so should be solvable.
The other more serious error is:
Msg 109, Level 20, State 0, Line 24
A transport-level error has occurred when receiving results from the server. (provider: Shared Memory Provider, error: 0 - The pipe has been ended.)
