What is the concept of service master key in FCI?



  • In a single sql server instances, sensitive data like passwords in linked server and credentials are encrypted using the server master key.

    The key or objects can be decrypted only by the sql service account or the local computer account.

    However, in a FCI, on node 1 suppose I use the service account as domain/user1 and on node 2 suppose I use account domain/user2; then when there is a failover to node 2, then how will node 2 be able to access the key or decrypt the objects encrypted by the key?



  • There's only one instance in an FCI, so only one SMK. When the instance restarts on another node, it uses the same service account, and so is able to decrypt the SMK.

    There's an informative thread https://social.msdn.microsoft.com/Forums/sqlserver/en-US/9514616d-173f-40df-9dee-fef6de82b273/cluster-failover-forced-service-master-key-regeneration-consequences?forum=sqlsecurity with answers from https://www.linkedin.com/in/laurentiu-cristofor/ from the SQL Server security dev team.




Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2