Knowledge Base

Search Knowledge Base

KB #240117: Upgrading SQL Version on an instance secured with Encryptionizer

Type:

Information

Summary:

You have an SQL instance that is secured with Encryptionizer for SQL. You wish to perform an in place upgrade to the next version, e.g. SQL 2008 -> 2008 R2, SQL 2008 R2 -> SQL 2012 R2. You will need to perform the following steps to successfully upgrade and have access to the encrypted data after this major SQL upgrade.

Additional Information:

When you upgrade your instance of SQL in place from one version to the next, the upgrade typically changes the directory structure of the instance by default. This directory change interferes with a security feature of Encryptionizer which does not allow the movement of a secured SQL instance.The instructions are slightly different if you had previously chosen to encrypt any of the system databases, such as Master. Note: Encrypted System databases may not be applicable in your case. System Databases are only encrypted by choice.

System Databases NOT Encrypted

  • Detach any encrypted databases from the instance to be upgraded. It is not necessary to decrypt them.
  • Stop the SQL Instance to be upgraded
  • Run the NetLib Admin Wizard (SECADMIN.EXE) to disable Encryptionizer from the SQL instance (make sure that you know the encryption key profile information before disabling)
  • Perform your upgrade of SQL according to instructions from Microsoft. Your encrypted databases will not be accessible during the upgrade. They will remain at their original Compatibility Level but will function on the next SQL version. You can change to the higher Compatibility level later.
  • Run the NetLib Admin Wizard (SECADMIN.EXE) to enable Encryptionizer once more – make sure to use the identical Key profile information as before.
  • Start SQL to confirm that you have access to your databases.
  • If you wish to upgrade your encrypted databases to the highest Compatibility Level for your version, e.g. Compatibility Level 110 for SQL 2012, you can now do this using instructions from Microsoft.

System Databases ARE Encrypted

  • Detach any encrypted databases from the instance to be upgraded. It is not necessary to decrypt them. The exception is system databases such as master (see below)
  • Stop the SQL Instance to be upgraded
  • Temporarily decrypt any System databases such as Master, if they are encrypted. If they remain encrypted, SQL will not be able to start up to perform the upgrade.
  • Run the NetLib Admin Wizard (SECADMIN.EXE) to disable Encryptionizer from the SQL instance (make sure that you know the encryption key profile information before disabling)
  • Perform your upgrade of SQL according to instructions from Microsoft. Your encrypted databases will not be accessible during the upgrade. They will remain at their original Compatibility Level but will function on the next SQL version. You can change to the higher Compatibility level later.
  • Run the Encrypt/Decrypt Wizard (SECNCRPT.EXE) to encrypt your system databases, if so desired. Remember to use the same Encryption Key Profile is set in the Admin Wizard below.
  • Run the NetLib Admin Wizard (SECADMIN.EXE) to enable Encryptionizer once more – make sure to use the identical Key profile information as before.
  • Start SQL to confirm that you have access to your databases.
  • If you wish to upgrade your encrypted databases to the highest Compatibility Level for your version, e.g. Compatibility Level 110 for SQL 2012, you can now do this using instructions from Microsoft.

Related Topics:

240079:< Upgrading from SQL 2005 to SQL 2008 on an instance secured with Encryptionizer

240113: Upgrading from SQL 2008 to SQL 2008 R2 on an instance secured with Encryptionizer

240114: Upgrading from SQL 2008/2008 R2 to SQL 2012 on an instance secured with Encryptionizer

Top