Hello!
We recently upgraded from CRM 2011 to CRM 2016. We are hitting an issue when we try to re-activate the encryption key in CRM under Settings>Data Management>Data Encryption, after restoring and importing an organization database initially on our production environment on the production network to our development environment on the development network. We are getting a SQL Server Error when we try to apply the encryption key.
The message we are seeing in the trace files and in the SQL Profiler trace logs is the following:
An implicit user creation has failed. Reason: The user may have been dropped or its name may already be in use.
Here is a snippet of the crm trace logs from the front end server:
>Symmetric key password '<<pw info here>>' was randomly generated, but cannot be used to create symmetric key into the database (attempt 1 of (2)). Exception: System.Data.SqlClient.SqlException (0x80131904): An implicit user creation has failed. Reason: The user may have been dropped or its name may already be in use.
at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)
at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)
at System.Data.SqlClient.SqlCommand.RunExecuteNonQueryTds(String methodName, Boolean async, Int32 timeout, Boolean asyncWrite)
at System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(TaskCompletionSource`1 completion, String methodName, Boolean sendToPipe, Int32 timeout, Boolean asyncWrite)
at System.Data.SqlClient.SqlCommand.ExecuteNonQuery()
at Microsoft.Crm.CrmDbConnection.InternalExecuteWithRetry[TResult](Func`1 ExecuteMethod, IDbCommand command)
at Microsoft.Crm.CrmDbConnection.InternalExecuteNonQuery(IDbCommand command, Boolean capturePerfTrace)
at Microsoft.Crm.CrmDbConnection.ExecuteNonQuery(IDbCommand command, Boolean impersonate, Boolean capturePerfTrace)
at Microsoft.Crm.SqlCellLevelEncryption.BasicEncryptionOperations.ExecuteNonQuery(String commandFormat, Object[] args)
at Microsoft.Crm.SqlCellLevelEncryption.BasicEncryptionOperations.CreateSymmetricKeyByPassword(String symmetricKeyName, String keySource, String password, String identityValue)
at Microsoft.Crm.SqlCellLevelEncryption.OrgDBEncryptionImplementationBase.CreateSymmetricKeyByPassword(String symmetricKeySource, Boolean throwIfExistAlready)
ClientConnectionId:78ade8f0-7a5c-4dae-9a55-4e327539c77d
Error Number:15145,State:1,Class:16
This problem seems to be an issue only when we try to restore an organization database from the production network to the development network. If we try to import an organization database from the same network, activating the encryption key is not an issue.
It looks like from the SQL Profiler logs, it errors when it tries to generate a symmetric key against the organization database. It does not give much information in the Profiler trace as to what User it is failing against, as for security reasons it hides the line of code it is executing at the time it tries to generate the key. It looks like it is trying to drop the existing symmetric key and then create a new one.
We are on CRM 2016 Update 1 (version 8.1.0.359), SQL Server is 2014 Enterprise Edition.
Any advice or help would be much appreciated!
Thanks!