Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Exchange DAG

Decrypting with CTE-LDT in an Exchange DAG Environment

search

Please Note:

Decrypting with CTE-LDT in an Exchange DAG Environment

Prerequisites

  • Make sure that the LDT state is set to REKEYED before unguarding.

  • Make sure that all of the files inside the GuardPoint are at the same version of the key.

    • Run the LDT report to find the version:

       voradmin ldt report <GuardPoint path> [<logfile>]

    • Run the Key map report to find the version:

       voradmin ldt key [report|map] <key_name, version> <GuardPoint path>

Procedure

  1. Make sure that all of the Exchange services in node 2 are down and not accessing the Exchange databases.

    Note

    Suspension can take 2-3 Minutes.

  2. In the Exchange Admin Center, make Exchange node 1 the primary node.

    This means that node 1 is mounted as the active node and node 2 is mounted as the passive node.

  3. Make all of the databases active on Exchange node 1.

  4. Go to the Exchange Database tab and suspend all databases on node 2.

  5. Unguard the database folders that you previously guarded on node 2.

  6. Delete all of the metadata on all of the database folders on node 2, type:

     voradmin ldt attr delete [<file name path> | <guard path>]

  7. Guard with an LDT policy set for Encryption to Clear on node 2.

    Note

    You must clone the current version of the encryption key to use as the current key in the new LDT policy and clear_key as the transformation key.

  8. Go to the Exchange Database tab and resume all databases on node 2.

    Note

    After a few minutes, the databases should become healthy automatically. If not, wait for the LDT process to decrypt the data. Make sure that all of the data is transformed back to clear and that the LDT state is set to REKEYED.

  9. Move the database from node 1 to node 2.

  10. Repeat this procedure for node 1.

  11. After both nodes are rekeyed and transformed from encryption to clear, unguard them:

    1. In the Exchange Admin Center, make Exchange node 1 the primary node.

      This means that node 1 is mounted as the active node and node 2 is mounted as the passive node. 2. Make all of the databases active on Exchange node 1.

    2. Go to the Exchange Database tab and suspend all databases on node 2.

    3. Unguard the database folders that you previously guarded on node 2.

      Warning

      Always ensure that you are unguarding a passive node.

    4. Repeat this procedure for Node 1.

On this page