First published on MSDN on Nov 04, 2016
The SQL Product team has identified an issue with
.Net 4.6.2 framework client driver
enabled database on
SQL Server 2016 and Azure SQL Database
. The issue can lead to intermittent failure while trying to decrypt the records from the Always Encrypted enabled database with following error message
Decryption failed. The last 10 bytes of the encrypted column encryption key are: '7E-0B-E6-D3-39-CE-35-86-2F-AA'.The first 10 bytes of ciphertext are: '01-C3-D7-39-33-2F-E6-44-C3-B1'.Specified ciphertext has an invalid authentication tag.
The above failure to decrypt may potentially lead to
incorrect query results
which in turn may trigger
incorrect behavior in the app,
for example, attempts to insert missing values or to perform any other updates that will either produce further errors or produce inconsistent data in the database.
Customers who encounter the above error during the validation scan and are unable to resolve the issue, should contact
. The team will be able to help access and recover all previously encrypted rows that were affected by this bug.
There will be no permanent data loss caused as a result of this defect.