Troubleshooting
The following table provides information on how to handle problems occurring in CDP:
| Problem | Description |
|---|---|
| TLS related error | By default, the SQL Server 2014 doesn't support TLS 1.2. If any error related to TLS is returned, update the MSSQL patch released for that database version. Refer to Microsoft Documentation for details. Patch information For SQL server 2014 - Upgrade to Service Pack3 by applying Patch KB3171021. |
| Upgrading CDP | After upgrading CDP, if you face problems while setting parameters in the properties file, you can copy the values from the old properties file stored in the <INSTALL_HOME>\ARCHIVE folder. After the upgrade, the old properties file is archived under the <INSTALL_HOME>\ARCHIVE directory and a new properties file is created in the installation directory. The new properties file contains new values that were entered while upgrading CDP. The remaining parameters are left with default values. |
| Post Upgradation | After upgrading from PDB to CDP, can't create views and triggers. Check the count of the protocol parameter in the CDP_for_MSSQLServer.properties file. If there are two entries for protocol, replace one with the Log_Level parameter and set its value as needed. |
| User Mapping | If a database user is unable to perform desired operations, then the user is not mapped or the CipherTrust Manager user does not have access to the key. In such cases, any cryptographic operations fail. Make sure that the database user is mapped to a CipherTrust Manager user. When a database user sends a request to the CipherTrust Manager, CDP searches its list of user mappings (contained in the ING_AUTHORIZED_USER table in the CDP metadata database). If the database user appears on the list or is a member of a mapped database role, CDP includes the associated CipherTrust Manager user and password in the request. If those credentials are valid and the CipherTrust Manager user has access to the required key, then the CipherTrust Manager performs the operation. |
| Deadlock or Invalid Column Name Error May Appear | Some SELECT, UPDATE, and DELETE statements may deadlock when executed on a table undergoing data migration or key rotation. You will see the following error message: Error: Transaction <Process ID> was deadlocked on lock resources with another process and has been chosen as the deadlock victim. If this deadlock error appears, resume the operations using the pdbctl utility to continue the process from where it ended. When migration and key rotation are in progress, if you simultaneously execute a query, the error Invalid column name '<Column_Name>_ROTATE'. may appear in the query. In this case, re-execute the query. |
| Log Shipping | Consider you have two servers, Server A and Server B, each running an instance of SQL Server 2008. You have backed up a database that is in an instance of SQL Server 2008 running on Server A. If you restore that database to an instance of SQL Server 2008 running on Server B, the following error may occur: An error occurred in the Microsoft .NET Framework while trying to load assembly id 65536. The server may be running out of resources, or the assembly may not be trusted with PERMISSION_SET = EXTERNAL_ACCESS or UNSAFE.These errors occur because the login that you used to create the database on Server A is not in the instance of SQL Server 2008 on Server B. This login could be either the Microsoft Windows login or the SQL Server login. You can work around this problem by either of the following: • Using the sp_changedbowner stored procedure. • Adding the login to the instance of SQL Server. Note: Before using any of the above-mentioned methods, you must turn ON the TRUSTWORTHY database property. By default, this property is set to OFF. |
| Invalid operation | While trying to perform decryption or key rotation on a table migrated with a versioned key, you might get the Invalid operation error. This error occurs if the key version with which you migrated the table is in the Retired state. To resolve this issue, make sure that the version used to migrate the table is Active. |
| Unable to Select Multiple Columns Having Same Name, But in Different Cases | While using Windows Internet Explorer, if multiple columns have the same name, but in different cases, (for example, Column1, COLUMN1, COLumn1, etc.), then the properties of multiple columns cannot be selected while performing key rotation. This is a Windows Internet Explorer issue. To work around this issue, use Mozilla Firefox or Google Chrome as your web browser on Windows. |
| Certificate verify failed Error in Logs | If the certificate verify failed error appears in logs, verify that: • Certificate is not expired. • Windows OS version is as per Microsoft's recommendation for support of SHA-256 algorithms. |
| Logs not getting created in default log location | In such case, while performing CDP operations [1902] Error in function ICSPOpenSession error appears. This issue occurs when the SQL Server Service Account does not have the required permissions. To work around this issue, do any of the following: • On the Log On tab in the SQL Server Service Properties, select Local System account.bull; Change the log location in the Properties file to a location with no permission issues. |
Failure of Integrity check of ingicspwrapper.dll | integrity check for ingicspwrapper.dll fails there appears an exception: Integrity Check of 'ingicspwrapper.dll Failed. The exception may have arisen because of the following reason: The ingicspwrapper.dll at C:\Program Files\Microsoft SQLServer\MSSQL10.MSSQLSERVER\MSSQL\Binn is either corrupted or tampered. To troubleshoot this issue: • If ingicspwrapper.dll is corrupt then copy ingicspwrapper.dll from the installation directory to C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn. • Repair the CDP installation using the CDP installer. Note: If ingicspwrapper.dll is in use then restart the SQL Server before performing CDP Repair. |
| SSL Security Error | This error is encountered during ProtectDB installation/upgrade in a system with TLSv1.2 enabled and FIPS mode disabled. This issue for SQL Server is mentioned in Microsoft support with VSTS number 6200864. 6200864 description: You cannot use the Transport Layer Security protocol version 1.2 to connect to a server that is running SQL Server 2014 or SQL Server 2012To troubleshoot this issue: Install corresponding Service Pack which supports TLSv1.2 for SQL Server installed in the system. For more information related to applicable service packs and VSTS 6200864, refer to Microsoft Support section. |
| User mapping upgrade for some database users got failed | This issue may be observed after upgrade. If this issue occurs, a folder named InstallationLogs is created at the installation directory. This folder contains a UserMappingUpgrade_failed.log file that lists the database users for whom the user mapping migration has failed. Take corrective actions for the failed user mappings and delete the UserMappingUpgrade_failed.log file. |
