Does manual failover of availability group bind an SSL certificate?



  • I'm trying to find the least intrusive way to bind a new SSL certificate to an Always On Availability Group 3-node cluster. After applying the new certificate, a message appears that SQL Server will need to be restarted for the change to take effect.

    Is failing over a group sufficient to bind the new certificate? Or does SQL Server have to be restarted from the Cluster Manager?

    Thanks for any help.



  • Is failing over a group sufficient to bind the new certificate?

    Unfortunately it is not. Failing over an AG does not restart the instance, rather it causes state changes to the AG in both the cluster and SQL Server.

    Or does SQL Server have to be restarted from the Cluster Manager?

    Please do not use FCM with AGs as it isn't supported and can cause there to be synchronization issues between SQL Server and the Cluster, needing to be reset by stopping all instances of SQL Server and one by one bringing them back online. Note that this is only for AGs and not for FCIs which is perfectly fine to use FCM (unless the FCI also hosts AGs).

    Stop the services via SSCM, if possible, or other service interaction options such as PowerShell, .Net remoting, etc., which you could start with the secondary replicas first and then fail over, then restart the old primary.




Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2