What will happen if an Availability Group failover occurs while a database is undergoing encryption via TDE?



  • As the title says, we have an existing availability group with a few databases and we'd like to enable TDE. I know that to do so we want to make sure all the servers have a database master key and the same certificate on each of them, however my question is what would happen if a failover event were to trigger from the Availability Group while the database was still in the process of encrypting?

    Would it safely fail over to the secondary server in the AG and continue encryption safely? Would it safely fail over but the encryption would not complete? Would there be errors caused with the failover due to the fact that it was still in the process of encrypting?



  • Update

    My original answer to this question was assumption based after reading MS Docs, and as such, was incomplete.

    However, now that I've fully tested this in my lab and can confirm the that there is no impact when failing over an Availability Group while either the initial encryption or decryption process is running.

    Upon failover, the encryptions process resumes where it left off and continues to completion.

    I performed this test on SQL Server 2019 using a 50GB database.




Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2